| champpain | 12.04.2010 13:14 |
So, combofix ist durch. Code:
ComboFix 10-04-11.06 - Administrator 12.04.2010 13:56:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1033.18.3455.2867 [GMT 2:00]
ausgeführt von:: e:\einstellungen\Administrator\Desktop\cofi.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-12 bis 2010-04-12 ))))))))))))))))))))))))))))))
.
2010-04-09 09:57 . 2010-04-09 10:02 -------- d-----w- C:\rsit
2010-04-09 07:29 . 2010-04-09 07:29 -------- d-----w- C:\$AVG
2010-04-09 07:28 . 2010-04-09 07:28 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-09 07:26 . 2010-04-09 07:26 -------- d-----w- e:\einstellungen\All Users\Application Data\avg9
2010-04-07 10:05 . 2010-04-07 10:24 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-07 10:05 . 2010-04-07 10:05 -------- d-----w- c:\windows\system32\AGEIA
2010-04-06 15:03 . 2010-04-06 15:03 -------- d-----w- e:\einstellungen\Administrator\Application Data\Malwarebytes
2010-04-06 15:03 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 15:03 . 2010-04-06 15:03 -------- d-----w- e:\einstellungen\All Users\Application Data\Malwarebytes
2010-04-06 15:03 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 15:03 . 2010-04-06 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 09:20 . 2006-02-21 14:44 250368 ------w- c:\windows\system32\drivers\iaStor.sys
2010-04-03 09:06 . 2010-04-03 09:06 -------- d-----w- c:\program files\Trend Micro
2010-03-30 08:04 . 2010-03-30 08:04 -------- d-----w- e:\einstellungen\Administrator\Local Settings\Application Data\Apps
2010-03-29 18:02 . 2010-03-29 18:02 -------- d-----w- c:\program files\Cave Story Deluxe
2010-03-28 14:39 . 2010-03-28 14:39 -------- d-----w- c:\windows\tiinst
2010-03-28 14:38 . 2010-03-28 14:38 -------- d-----w- c:\program files\TIVistadriver
2010-03-28 14:33 . 2010-03-28 14:33 -------- d-----w- C:\SoftPaqDownloadDirectory
2010-03-27 17:00 . 2010-03-27 17:49 -------- d-----w- c:\program files\UltraStar Deluxe
2010-03-24 19:47 . 2010-03-24 19:47 -------- d-----w- e:\einstellungen\Administrator\Local Settings\Application Data\Zattoo
2010-03-24 19:46 . 2010-03-24 19:46 -------- d-----w- c:\program files\Zattoo4
2010-03-24 14:48 . 2010-03-24 14:48 -------- d-----w- C:\skpro
2010-03-20 23:42 . 2010-03-20 23:42 -------- d-----w- e:\einstellungen\All Users\Application Data\RapidSolution
2010-03-20 23:42 . 2010-03-21 00:21 -------- d-----w- e:\einstellungen\Administrator\Local Settings\Application Data\Scramby Recordings
2010-03-18 10:24 . 2010-03-18 10:41 -------- d-----w- e:\einstellungen\Administrator\Local Settings\Application Data\Mirillis
2010-03-18 10:24 . 2010-03-18 10:24 -------- d-----w- c:\program files\Mirillis
2010-03-18 10:14 . 2010-03-18 10:14 -------- d-----w- c:\program files\Windows Media Connect 2
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 11:36 . 2009-12-04 20:42 -------- d-----w- e:\einstellungen\Administrator\Application Data\Skype
2010-04-12 11:31 . 2009-06-11 19:54 -------- d-----w- c:\program files\PowerCAD SiteMaster Pro 3 XP
2010-04-12 06:10 . 2009-12-04 20:45 -------- d-----w- e:\einstellungen\Administrator\Application Data\skypePM
2010-04-11 19:32 . 2009-08-17 19:16 619411 ----a-w- c:\windows\system32\nvModes.dat
2010-04-10 14:10 . 2009-06-25 12:41 -------- d-----w- c:\program files\Steam
2010-04-10 13:08 . 2010-03-04 09:20 -------- d-----w- e:\einstellungen\Administrator\Application Data\vlc
2010-04-10 09:37 . 2009-11-18 09:08 -------- d-----w- e:\einstellungen\All Users\Application Data\TrackMania
2010-04-09 10:26 . 2009-05-19 15:24 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2010-04-09 07:29 . 2009-07-06 10:34 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 07:29 . 2009-07-06 10:34 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 07:29 . 2009-07-08 07:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-09 07:26 . 2009-04-13 17:55 -------- d-----w- c:\program files\AVG
2010-04-08 20:01 . 2009-10-30 14:49 -------- d-----w- e:\einstellungen\Administrator\Application Data\gSyncit
2010-04-08 08:51 . 2009-04-19 07:42 2828 --sha-w- e:\einstellungen\All Users\Application Data\KGyGaAvL.sys
2010-04-07 10:25 . 2009-05-19 14:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-07 09:56 . 2009-07-04 21:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-06 21:11 . 2009-05-21 23:33 -------- d-----w- e:\einstellungen\Administrator\Application Data\Hamachi
2010-03-29 19:03 . 2009-06-08 19:56 -------- d-----w- e:\einstellungen\Administrator\Application Data\dvdcss
2010-03-28 14:39 . 2009-04-13 17:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 18:17 . 2009-04-13 18:12 -------- d-----w- c:\program files\Opera
2010-03-21 12:54 . 2009-04-13 16:07 -------- d-----w- c:\program files\WinSCP
2010-03-14 20:44 . 2009-09-17 10:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-11 12:27 . 2009-06-23 20:09 -------- d-----w- e:\einstellungen\Administrator\Application Data\XnView
2010-03-06 09:03 . 2010-03-06 09:03 -------- d-----w- c:\program files\RF_DRT
2010-02-25 06:24 . 2006-02-28 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 14:09 . 2010-02-16 10:30 -------- d-----w- c:\program files\OXXOGames
2010-02-16 13:01 . 2009-06-18 06:46 -------- d-----w- c:\program files\DIY DataRecovery HD Workbench
2010-02-16 13:00 . 2009-10-08 16:29 -------- d-----w- c:\program files\Digital Image Recovery
2010-02-16 12:56 . 2009-08-08 09:17 -------- d-----w- c:\program files\Nmap
2010-02-16 10:31 . 2010-02-16 10:31 -------- d-----w- e:\einstellungen\Administrator\Application Data\Awem
2010-02-13 11:14 . 2009-05-16 18:49 -------- d-----w- c:\program files\Ubisoft
2010-02-13 10:41 . 2009-08-10 17:21 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-12 10:03 . 2010-03-06 09:41 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-11 08:35 . 2009-11-29 22:29 227168 ----a-w- c:\windows\system32\drivers\TeViiSAll.sys
2010-02-08 17:32 . 2009-05-19 20:24 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-08 17:32 . 2009-05-19 20:24 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-04 07:13 . 2009-04-13 16:25 117336 ----a-w- e:\einstellungen\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-13 1028096]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-10-27 241726]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IAAnotif"="c:\program files\Treibersoftware\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-04-13 17920]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-13 872448]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-03-02 1165288]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2007-03-02 1945904]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-03-02 149024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-17 8478720]
"nwiz"="nwiz.exe" [2009-11-17 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-17 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\essentials\pdf\adobe reader9\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2009-05-22 766632]
"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2009-05-22 139944]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-05-27 209216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\einstellungen\Administrator\Start Menu\Programs\Startup\
ac'tivAid.lnk - c:\program files\OS\Windows\ac'tivAid\ac'tivAid.ahk [2008-6-5 495612]
e:\einstellungen\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-13 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-09 07:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2009-04-13 18:20 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\E:^Einstellungen^Administrator^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=e:\einstellungen\Administrator\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup
[HKLM\~\startupfolder\E:^Einstellungen^Administrator^Start Menu^Programs^Startup^Need for Speed™ Undercover-Registrierung.lnk]
path=e:\einstellungen\Administrator\Start Menu\Programs\Startup\Need for Speed™ Undercover-Registrierung.lnk
backup=c:\windows\pss\Need for Speed™ Undercover-Registrierung.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\essentials\pdf\adobe reader9\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2007-04-16 05:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-01-02 14:12 3399727 ----a-w- c:\program files\www\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 16:29 385024 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2008-01-25 15:38 677144 ----a-w- c:\windows\system32\IFXSPMGT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 14:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 03:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2009-12-10 14:05 401728 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-17 20:00 8478720 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
2005-10-08 14:27 155648 ----a-w- c:\program files\Razer\Copperhead\razerhid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-09 22:22 1217872 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-14 15:04 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2006-09-05 17:02 184320 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\www\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\kommunikation\\X-Lite\\x-lite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\XPressUpdate\\XPressUpdate.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\psychonauts\\PsychoLauncher.exe"=
"c:\\Program Files\\RagTime 6.5\\Win32\\RagTime 6.5.exe"=
"c:\\WINDOWS\\system32\\lxeecoms.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 bhound6;bhound6;c:\windows\system32\drivers\bhound6.sys [21.01.2007 08:14 61032]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.04.2009 07:25 721904]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06.07.2009 12:34 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09.04.2010 09:28 242696]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.07.2007 09:21 38816]
R2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 15:35 128296]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28.02.2006 15:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28.02.2006 15:00 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [09.04.2010 09:27 308064]
R2 gtdetectsc;GtDetectSc Service;c:\windows\system32\Gtdetectsc.exe [15.04.2009 11:45 122880]
R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 13:48 176128]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [30.09.2009 22:50 434176]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [07.11.2008 05:48 3575808]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [16.04.2009 10:17 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [13.04.2009 20:21 41216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08.02.2010 14:14 135664]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [08.02.2010 13:11 98984]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [13.04.2009 20:19 30008]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [23.01.2010 14:18 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [23.01.2010 14:18 8456]
S3 FLCDLOCK;HP ProtectTools Gerätesperre/Überwachung;c:\windows\system32\flcdlock.exe [08.06.2007 09:06 172131]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [31.10.2006 14:44 36992]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [14.04.2009 22:31 573440]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [14.04.2009 22:31 15616]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [15.12.2009 14:32 30920]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06.11.2007 22:22 34064]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [26.05.2009 14:24 19020]
S3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\drivers\TeViiSAll.sys [30.11.2009 00:29 227168]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [08.08.2007 10:31 23840]
S3 zlportio;zlportio;\??\c:\program files\UltraStar Deluxe\zlportio.sys --> c:\program files\UltraStar Deluxe\zlportio.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Inhalt des "geplante Tasks" Ordners
2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 12:13]
2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 12:13]
2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{AE7F6289-B397-4C12-BC77-67D676BF42C6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.winfuture.de/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files\www\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\www\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\www\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Videos mit FDM herunterladen - file://c:\program files\www\Free Download Manager\dlfvideo.htm
FF - ProfilePath - e:\einstellungen\Administrator\Application Data\Mozilla\Firefox\Profiles\0rhhqsb6.default\
FF - prefs.js: browser.startup.homepage - hxxp://filesharefreak.com/2008/05/06/quickstart-guide-to-torrentflux-1-adding-managing-torrents/#comment-242575
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\essentials\pdf\adobe reader9\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\fotos&grafik\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScript
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-ScanmetenderStandard3 - c:\program files\LevenfusProducts\Scanmetender Standard\candard.exe
MSConfigStartUp-WheelMouse - c:\program files\Hardware\Maus\A4Tech\Mouse\Amoumain.exe
ActiveSetup-Nitro PDF Professional - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-12 14:04
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????0i??9?8?5?3??????? ?t?C?????????????xmC? ???0i?
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys prosync1.sys iaStor.sys spnj.sys >>UNKNOWN [0x8B5AF938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> prosync1.sys @ 0xf79916c1
\Driver\iaStor -> prosync1.sys @ 0xf79916c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2000478354-1563985344-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,dc,7c,23,55,70,b6,4d,bb,f2,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,dc,7c,23,55,70,b6,4d,bb,f2,03,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,dc,7c,23,55,70,b6,4d,bb,f2,03,\
[HKEY_USERS\S-1-5-21-2000478354-1563985344-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2000478354-1563985344-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:fb,2d,4b,a2,b7,7f,d9,72,d2,2c,02,db,33,3c,57,0c,75,25,0b,64,3c,
d6,a8,5c,cb,f7,99,15,f1,1b,c5,0c,c4,d7,9e,73,ce,4a,07,61,cf,e1,ac,b6,d3,42,\
"rkeysecu"=hex:44,c8,b9,9f,32,57,3b,cb,d1,4b,2e,c3,b7,6d,88,b1
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\DeviceNP.dll
- - - - - - - > 'lsass.exe'(1360)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(1664)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSDE.DLL
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeecoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\IfxPsdSv.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\AutoHotkey\AutoHotkey.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-12 14:10:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-12 12:10
Vor Suchlauf: 3.099.099.136 bytes free
Nach Suchlauf: 2.932.137.984 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 0941BA57AB4DDEE09DF47C751C8A226D
|
