Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-12-12.03 - Administrator 13.12.2010 15:36:22.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3326.2616 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-13 bis 2010-12-13 ))))))))))))))))))))))))))))))
.
2010-12-11 15:04 . 2010-12-11 15:04 -------- d-----w- c:\windows\Internet Logs
2010-12-11 11:13 . 2008-08-28 07:46 74752 -c----w- c:\windows\system32\dllcache\msw3prt.dll
2010-12-11 11:13 . 2008-08-28 07:46 104960 -c----w- c:\windows\system32\dllcache\win32spl.dll
2010-12-11 11:12 . 2010-12-11 11:12 -------- d-----w- C:\c5504c2fe9409d0a907116aa2204
2010-12-11 11:10 . 2008-04-21 18:44 333824 -c----w- c:\windows\system32\dllcache\ipnathlp.dll
2010-12-11 11:09 . 2008-04-17 04:50 177152 -c----w- c:\windows\system32\dllcache\w32time.dll
2010-12-11 11:09 . 2008-04-17 04:50 68096 -c----w- c:\windows\system32\dllcache\ntdsapi.dll
2010-12-11 11:09 . 2008-04-17 04:50 68096 -c----w- c:\windows\system32\dllcache\adsmsext.dll
2010-12-11 11:09 . 2008-04-17 04:50 407040 -c----w- c:\windows\system32\dllcache\netlogon.dll
2010-12-11 11:09 . 2008-04-17 04:50 202240 -c----w- c:\windows\system32\dllcache\gptext.dll
2010-12-11 11:09 . 2008-04-17 04:50 113664 -c----w- c:\windows\system32\dllcache\dsuiext.dll
2010-12-11 11:02 . 2010-12-11 11:02 -------- d-----w- c:\programme\Update-O-Matic
2010-12-09 15:23 . 2010-12-09 15:23 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-12-09 15:23 . 2010-12-09 15:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-09 15:23 . 2010-12-09 15:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-09 15:23 . 2010-12-09 15:23 472808 ----a-w- c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-09 14:45 . 2010-12-09 14:45 -------- d-----w- c:\programme\CCleaner
2010-12-09 10:56 . 2010-12-09 10:56 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-12-09 10:56 . 2010-12-09 10:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-12-09 10:56 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-09 10:56 . 2010-12-09 10:56 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-12-09 10:56 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 16:31 . 2010-12-08 16:31 -------- d-----w- c:\programme\Svchost Fix Wizard
2010-12-08 16:31 . 2009-04-16 13:13 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-12-08 16:31 . 2009-04-16 13:13 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-12-08 16:05 . 2010-12-08 16:05 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Chromium
2010-12-08 16:05 . 2010-12-08 16:05 -------- d-----w- c:\programme\SRWare Iron
2010-12-08 07:00 . 2010-12-08 07:00 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Thunderbird
2010-12-08 07:00 . 2010-12-08 07:00 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Thunderbird
2010-12-07 19:24 . 2010-12-11 14:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-12-07 19:24 . 2010-12-07 19:30 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-12-07 16:34 . 2010-12-07 16:34 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-07 15:42 . 2010-12-07 15:42 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\CheckPoint
2010-12-07 15:36 . 2010-12-08 03:07 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit
2010-12-07 15:36 . 2010-12-07 15:36 -------- d-----w- c:\programme\Conduit
2010-12-07 15:36 . 2010-12-07 15:36 -------- d-----w- c:\programme\CheckPoint
2010-12-07 15:36 . 2010-06-28 12:00 46592 ----a-w- c:\windows\system32\vsutil_loc0407.dll
2010-12-07 15:35 . 2010-12-07 15:35 -------- d-----w- c:\programme\WinSCP
2010-12-07 15:34 . 2010-12-07 15:34 -------- d-----w- c:\programme\Aptana
2010-12-07 15:21 . 2010-12-07 15:21 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IECompatCache
2010-12-06 10:02 . 2006-09-05 16:03 3968 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2010-12-06 09:58 . 2010-12-07 09:37 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\QuickScan
2010-12-06 09:42 . 2010-12-06 09:45 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-12-05 20:27 . 2010-12-11 14:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Alwil Software
2010-12-05 20:27 . 2010-12-05 20:27 -------- d-----w- c:\programme\Alwil Software
2010-12-01 19:48 . 2010-12-01 19:48 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Ubisoft
2010-11-28 00:46 . 2010-12-11 14:41 -------- d-----w- c:\programme\LastFMRadioRecorder
2010-11-26 20:32 . 2010-11-26 20:32 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-11-24 17:13 . 2010-11-24 17:13 -------- d-----w- c:\dokumente und einstellungen\Administrator\dwhelper
2010-11-17 00:19 . 2010-11-17 00:19 -------- d-----w- C:\Riot Games
2010-11-16 19:46 . 2010-11-17 01:32 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PMB Files
2010-11-16 19:46 . 2010-11-16 19:46 -------- d-----w- c:\programme\Pando Networks
2010-11-16 19:32 . 2010-11-17 00:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PMB Files
2010-11-16 19:04 . 2010-11-16 19:04 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\LolClient
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-16 16:30 . 2010-09-16 16:24 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2009-10-03 18:50 . 2009-10-03 18:49 32415657 -c--a-w- c:\programme\LG PC Suite II.exe
2003-08-12 14:47 165376 --sha-r- c:\windows\system32\VBEx32.dll
.
------- Sigcheck -------
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-03 . 032CA12162E89E545356525554EA12A7 . 111616 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
[-] 2008-04-14 . BB8E0AE6833A774F4792CB8892CA92E6 . 979456 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BB8E0AE6833A774F4792CB8892CA92E6 . 979456 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-03 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-12-07_21.18.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-13 13:36 . 2010-12-13 13:36 16384 c:\windows\Temp\Perflib_Perfdata_3f0.dat
+ 2001-08-18 12:00 . 2009-06-25 08:41 54272 c:\windows\system32\wdigest.dll
- 2001-08-18 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2009-06-22 18:12 . 2008-04-17 04:50 92672 c:\windows\system32\wbem\policman.dll
- 2009-06-22 18:12 . 2008-04-14 05:52 92672 c:\windows\system32\wbem\policman.dll
+ 2001-08-18 12:00 . 2008-05-05 10:56 54784 c:\windows\system32\w32tm.exe
+ 2001-08-18 12:00 . 2009-06-25 08:41 56832 c:\windows\system32\secur32.dll
- 2001-08-18 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2001-08-18 12:00 . 2008-04-17 04:50 68096 c:\windows\system32\ntdsapi.dll
+ 2001-08-18 12:00 . 2008-08-28 07:46 74752 c:\windows\system32\msw3prt.dll
+ 2001-08-18 12:00 . 2009-06-24 10:28 92928 c:\windows\system32\drivers\ksecdd.sys
- 2001-08-18 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:41 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2001-08-18 12:00 . 2008-05-05 10:56 54784 c:\windows\system32\dllcache\w32tm.exe
+ 2009-02-03 19:57 . 2009-06-25 08:41 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:57 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-22 18:12 . 2008-04-17 04:50 92672 c:\windows\system32\dllcache\policman.dll
- 2009-06-22 18:12 . 2008-04-14 05:52 92672 c:\windows\system32\dllcache\policman.dll
+ 2009-06-24 11:18 . 2009-06-24 10:28 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2001-08-18 12:00 . 2008-04-14 05:52 68096 c:\windows\system32\adsmsext.dll
+ 2001-08-18 12:00 . 2008-04-17 04:50 68096 c:\windows\system32\adsmsext.dll
+ 2009-10-13 01:00 . 2008-04-14 05:52 49152 c:\windows\$NtUninstallKB968389_0$\wdigest.dll
+ 2009-10-13 01:00 . 2009-02-03 19:57 56832 c:\windows\$NtUninstallKB968389_0$\secur32.dll
+ 2009-10-13 01:00 . 2008-04-13 22:01 92288 c:\windows\$NtUninstallKB968389_0$\ksecdd.sys
- 2009-10-13 01:00 . 2009-02-03 19:57 56832 c:\windows\$NtUninstallKB968389$\secur32.dll
+ 2001-08-18 12:00 . 2009-06-10 06:17 134144 c:\windows\system32\wkssvc.dll
+ 2009-06-23 06:13 . 2008-07-11 08:56 347648 c:\windows\system32\windowscodecsext.dll
+ 2009-06-23 06:13 . 2008-07-11 08:56 712704 c:\windows\system32\windowscodecs.dll
- 2009-06-23 06:13 . 2008-04-14 05:52 712704 c:\windows\system32\windowscodecs.dll
+ 2001-08-18 12:00 . 2008-08-28 07:46 104960 c:\windows\system32\win32spl.dll
+ 2001-08-18 12:00 . 2008-04-17 04:50 177152 c:\windows\system32\w32time.dll
- 2001-08-18 12:00 . 2008-04-14 05:52 177152 c:\windows\system32\w32time.dll
+ 2001-08-18 12:00 . 2010-06-30 12:23 149504 c:\windows\system32\schannel.dll
- 2001-08-18 12:00 . 2010-06-30 12:28 149504 c:\windows\system32\schannel.dll
- 2001-08-18 12:00 . 2008-04-14 05:52 407040 c:\windows\system32\netlogon.dll
+ 2001-08-18 12:00 . 2008-04-17 04:50 407040 c:\windows\system32\netlogon.dll
+ 2001-08-18 12:00 . 2009-09-11 14:14 136704 c:\windows\system32\msv1_0.dll
+ 2001-08-18 12:00 . 2009-06-26 09:41 737792 c:\windows\system32\lsasrv.dll
- 2001-08-18 12:00 . 2009-06-25 08:25 737792 c:\windows\system32\lsasrv.dll
+ 2001-08-18 12:00 . 2009-05-07 15:15 348672 c:\windows\system32\localspl.dll
+ 2001-08-18 12:00 . 2009-06-25 08:41 301568 c:\windows\system32\kerberos.dll
- 2001-08-18 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2010-12-09 15:23 . 2010-12-09 15:23 153376 c:\windows\system32\javaws.exe
+ 2010-12-09 15:23 . 2010-12-09 15:23 145184 c:\windows\system32\javaw.exe
+ 2010-12-09 15:23 . 2010-12-09 15:23 145184 c:\windows\system32\java.exe
+ 2001-08-18 12:00 . 2008-04-21 18:44 333824 c:\windows\system32\ipnathlp.dll
+ 2001-08-18 12:00 . 2008-04-17 04:50 202240 c:\windows\system32\gptext.dll
- 2001-08-18 12:00 . 2008-04-14 05:52 202240 c:\windows\system32\gptext.dll
- 2001-08-18 12:00 . 2008-04-14 05:52 113664 c:\windows\system32\dsuiext.dll
+ 2001-08-18 12:00 . 2008-04-17 04:50 113664 c:\windows\system32\dsuiext.dll
+ 2009-06-10 06:14 . 2009-06-10 06:17 134144 c:\windows\system32\dllcache\wkssvc.dll
- 2008-12-05 06:55 . 2010-06-30 12:28 149504 c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 06:55 . 2010-06-30 12:23 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:25 . 2009-09-11 14:14 136704 c:\windows\system32\dllcache\msv1_0.dll
- 2009-06-25 01:08 . 2009-06-25 08:25 737792 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 01:08 . 2009-06-26 09:41 737792 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:32 . 2009-05-07 15:15 348672 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:25 . 2009-06-25 08:41 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-04-17 21:50 . 2008-04-17 21:50 176128 c:\windows\system32\dllcache\adsldp.dll
+ 2010-12-11 14:04 . 2010-12-11 14:04 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2001-08-18 12:00 . 2008-04-17 21:50 176128 c:\windows\system32\adsldp.dll
+ 2001-08-18 12:00 . 2004-08-03 22:58 153600 c:\windows\regedit.exe
+ 2010-12-09 15:23 . 2010-12-09 15:23 180224 c:\windows\Installer\cefde.msi
+ 2010-12-09 15:23 . 2010-12-09 15:23 676352 c:\windows\Installer\cefd8.msi
+ 2010-08-13 07:31 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980436_0$\spuninst\updspapi.dll
+ 2010-08-13 07:31 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980436_0$\spuninst\spuninst.exe
+ 2010-08-13 07:31 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436_0$\schannel.dll
- 2010-08-13 07:31 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
- 2010-08-13 07:31 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2009-10-15 01:00 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975467_0$\spuninst\updspapi.dll
+ 2009-10-15 01:00 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975467_0$\spuninst\spuninst.exe
+ 2009-10-15 01:00 . 2009-06-25 08:25 136192 c:\windows\$NtUninstallKB975467_0$\msv1_0.dll
- 2009-10-15 01:00 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
- 2009-10-15 01:00 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-08-14 01:01 . 2008-04-14 05:52 132096 c:\windows\$NtUninstallKB971657_0$\wkssvc.dll
+ 2009-08-14 01:01 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB971657_0$\spuninst\updspapi.dll
+ 2009-08-14 01:01 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB971657_0$\spuninst\spuninst.exe
- 2009-08-14 01:01 . 2008-04-14 05:52 132096 c:\windows\$NtUninstallKB971657$\wkssvc.dll
- 2009-08-14 01:01 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll
- 2009-08-14 01:01 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2009-10-13 01:00 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB968389_0$\spuninst\updspapi.dll
+ 2009-10-13 01:00 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB968389_0$\spuninst\spuninst.exe
+ 2009-10-13 01:00 . 2008-12-05 06:55 144896 c:\windows\$NtUninstallKB968389_0$\schannel.dll
+ 2009-10-13 01:00 . 2008-04-14 05:52 132608 c:\windows\$NtUninstallKB968389_0$\msv1_0.dll
+ 2009-10-13 01:00 . 2009-02-09 10:51 736768 c:\windows\$NtUninstallKB968389_0$\lsasrv.dll
+ 2009-10-13 01:00 . 2008-04-14 05:52 299520 c:\windows\$NtUninstallKB968389_0$\kerberos.dll
- 2009-10-13 01:00 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll
- 2009-10-13 01:00 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
+ 2009-06-26 01:01 . 2008-07-09 07:37 388984 c:\windows\$NtUninstallKB961501_0$\spuninst\updspapi.dll
+ 2009-06-26 01:01 . 2008-07-09 07:37 234872 c:\windows\$NtUninstallKB961501_0$\spuninst\spuninst.exe
+ 2009-06-26 01:01 . 2008-04-14 05:52 345600 c:\windows\$NtUninstallKB961501_0$\localspl.dll
- 2009-06-26 01:01 . 2008-07-09 07:37 388984 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
- 2009-06-26 01:01 . 2008-07-09 07:37 234872 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-22 18:59 . 2010-12-11 15:03 2064624 c:\windows\system32\FNTCACHE.DAT
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Control Editor"="c:\programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe" [2009-12-04 1531904]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-23 16855552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"!AVG Anti-Spyware"="c:\programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 6266880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
TB-Tray.lnk - c:\programme\Thunderbird-Tray\TBTray.exe [2005-11-8 38912]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Dragon NaturallySpeaking.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Dropbox.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Registration Heroes of Might & Magic 5.LNK]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^RocketDock.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Y'z Shadow.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
2006-10-07 12:20 6266880 ----a-w- c:\programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\programme\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-06-23 10:24 343552 ----a-w- c:\programme\avmwlanstick\FRITZWLanMini.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\programme\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\programme\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\programme\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-12-08 11:33 1173384 -c--a-w- c:\programme\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 19:56 1442888 ----a-w- c:\programme\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KnexStarter]
2009-03-23 13:02 159744 ----a-w- c:\programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGMobileSyncLauncher]
2008-07-28 18:02 4177920 ----a-w- c:\programme\LG PC Suite II\LG_MobileSync_Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2010-09-27 11:44 6578688 ----a-w- c:\programme\LiveZilla\LiveZilla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 16:35 165208 ----a-w- c:\programme\Logitech\LWS\Webcam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\programme\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Shuffle]
2008-04-16 23:28 818176 ----a-w- c:\programme\Taskbar Shuffle\taskbarshuffle.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"npggsvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" -autorun
"Innerpass"=c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe autostart
"c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sprinx Systems\SprinxCRM 6.1.2.0\install.exe"=c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sprinx Systems\SprinxCRM 6.1.2.0\install.exe /l*v "c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sprinx Systems\SprinxCRM 6.1.2.0\msilog.txt" ProductLanguage=1033 INSTALL_TYPE=1 DB_INSTALL=1 CLOG="c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sprinx Systems\SprinxCRM 6.1.2.0\CLOG.txt" WEB_SITE_NEW_HOST="SKPC" CM="false" UID="{46A45A08-2E1F-428E-B1FF-A76204BE3C03}" WIN_EDITION=""
"Yodm3D"=c:\dokumente und einstellungen\Administrator\Eigene Dateien\Yod-m-3D\Yod'm 3D\Yodm3D.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=c:\programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"LGODDFU"=c:\programme\lg_fwupdate\fwupdate.exe blrun
"LiveZilla"="c:\programme\LiveZilla\LiveZilla.exe" -minimize
"CLMLServer"="c:\programme\CyberLink\Power2Go\CLMLSvc.exe"
"UpdateLBPShortCut"="c:\programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\programme\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePPShortCut"="c:\programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "c:\programme\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programme\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Programme\\phpDesigner\\phpDesigner.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Ventrilo\\Ventrilo.exe"=
"c:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\hospital tycoon\\HospitalTycoon.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\avencast\\Avencast.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\necrovision\\Bin\\NecroVisioN.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\rise of the argonauts\\Binaries\\RiseOfTheArgonauts.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\buccaneer\\Buccaneer.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Programme\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Programme\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"d:\\Programme\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"d:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programme\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programme\\Aptana\\Aptana Studio 2.0\\AptanaStudio.exe"=
"d:\\apa\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\apa\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6995:TCP"= 6995:TCP:League of Legends Launcher
"6995:UDP"= 6995:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6947:TCP"= 6947:TCP:League of Legends Launcher
"6947:UDP"= 6947:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"57919:TCP"= 57919:TCP:Pando Media Booster
"57919:UDP"= 57919:UDP:Pando Media Booster
"58277:TCP"= 58277:TCP:Pando Media Booster
"58277:UDP"= 58277:UDP:Pando Media Booster
"59136:TCP"= 59136:TCP:Pando Media Booster
"59136:UDP"= 59136:UDP:Pando Media Booster
"57529:TCP"= 57529:TCP:Pando Media Booster
"57529:UDP"= 57529:UDP:Pando Media Booster
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6988:TCP"= 6988:TCP:League of Legends Launcher
"6988:UDP"= 6988:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13.10.2009 15:40 130936]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.07.2009 17:38 721904]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [12.09.2010 07:51 78848]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [26.02.2010 12:06 142992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [26.02.2010 12:06 41936]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 17:20 9216]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [01.02.2010 13:00 1043784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12.02.2010 20:34 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [25.06.2010 15:01 111312]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [01.07.2009 08:32 515803]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 drhard;DRHARD;c:\windows\system32\drivers\drhard.sys [01.09.2009 10:43 23600]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [16.06.2010 21:17 24504]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [22.06.2009 19:46 264704]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [10.07.2009 08:03 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [10.07.2009 08:03 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [10.07.2009 08:03 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [10.07.2009 08:03 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [10.07.2009 08:03 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [10.07.2009 08:03 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [10.07.2009 08:03 109952]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.SYS [05.12.2006 10:34 507136]
S3 PRLVNIC;Parallels Virtual NIC Adapter;c:\windows\system32\DRIVERS\prl_vnic.sys --> c:\windows\system32\DRIVERS\prl_vnic.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [13.10.2009 15:40 348752]
S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [29.03.2010 12:37 544768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys --> c:\windows\system32\DRIVERS\ZTEusbnet.sys [?]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [07.11.2010 23:00 105344]
S4 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.07.2009 18:46 108289]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [29.03.2010 12:36 1527900]
S4 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.12.2009 17:39 135664]
S4 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [27.05.2009 03:27 29262680]
S4 MSSQL$SPRINXCRM;SQL Server (SPRINXCRM);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.05.2009 02:27 29262680]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-12-13 c:\windows\Tasks\Automatische Problemsuche.job
- c:\programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-01 12:06]
2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 16:39]
2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 16:39]
2010-12-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-26 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: hp.com
TCP: {0AE8D5C6-6A79-4BA2-A94F-F390B6806A9D} = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\e8hmepn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8800
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox 4.0 Beta 5\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: EventBug: eventbug@getfirebug.com - %profile%\extensions\eventbug@getfirebug.com
FF - Ext: FormBug: formbug@peteresnyder.com - %profile%\extensions\formbug@peteresnyder.com
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt: de_DE@dicts.j3e.de - %profile%\extensions\de_DE@dicts.j3e.de
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-13 15:46
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD16 rev.06.0 -> Harddisk0\DR0 -> \Device\Scsi\nvgts1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AD0D555]<<
c:\dokume~1\ADMINI~1\LOKALE~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ad137b0]; MOV EAX, [0x8ad1382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AD79AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007c[0x8AD29268]
5 ACPI[0xB7E65620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AD7E030]
\Driver\nvgts[0x8AE8AA20] -> IRP_MJ_CREATE -> 0x8AD0D555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\nvgts1Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_01ABYS-01C0A&Rev_06.0#4&358dcf36&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1085031214-1637723038-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,89,6f,06,09,1c,00,47,8c,4b,07,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,97,23,80,18,df,8b,4e,97,48,23,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,89,6f,06,09,1c,00,47,8c,4b,07,\
[HKEY_USERS\S-1-5-21-1085031214-1637723038-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1085031214-1637723038-839522115-500\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (Administrator)
@Allowed: (Read) (Administrator)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1085031214-1637723038-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:2d,7b,f7,c7,92,01,46,79,68,31,a5,48,74,3e,16,51,51,c1,26,6a,6d,
e6,c9,e3,53,db,4f,ae,db,10,04,c6,5f,ed,7b,a3,79,90,ff,89,02,ce,0f,37,ed,0c,\
"rkeysecu"=hex:46,9b,9f,fa,65,9f,ae,be,89,26,81,4e,fd,9e,dc,2f
.
Zeit der Fertigstellung: 2010-12-13 15:55:05
ComboFix-quarantined-files.txt 2010-12-13 14:55
ComboFix2.txt 2010-12-12 17:12
ComboFix3.txt 2010-12-07 21:26
Vor Suchlauf: 9.529.278.464 Bytes frei
Nach Suchlauf: 9.527.349.248 Bytes frei
- - End Of File - - 592C09E57DD40B122F1BB27A378A8E8A
13.12.2010, 16:09
Baum-Darstellung