| fondorking | 11.09.2011 21:26 |
Code:
ComboFix 11-09-11.05 - Cedric 11.09.2011 20:05:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2660 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\comct332.ocx
c:\windows\SysWow64\mfc100deu.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-11 bis 2011-09-11 ))))))))))))))))))))))))))))))
.
.
2011-09-11 18:10 . 2011-09-11 18:10 -------- d-----w- c:\users\ladmin\AppData\Local\temp
2011-09-11 18:10 . 2011-09-11 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-11 18:10 . 2011-09-11 18:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-11 16:44 . 2011-09-11 16:44 -------- d-----w- C:\_OTL
2011-09-11 13:29 . 2011-09-11 13:29 -------- d-----w- c:\program files (x86)\Reader 10.0
2011-09-11 13:29 . 2011-09-11 13:29 -------- d-----w- c:\program files (x86)\Adobe Utilities - CS5
2011-09-11 13:28 . 2011-09-11 13:29 -------- d-----w- c:\program files (x86)\Adobe Photoshop CS5
2011-09-11 13:28 . 2011-09-11 13:28 -------- d-----w- c:\program files (x86)\Adobe Help
2011-09-11 13:28 . 2011-09-11 13:28 -------- d-----w- c:\program files (x86)\Adobe Extension Manager CS5
2011-09-11 13:27 . 2011-09-11 13:28 -------- d-----w- c:\program files (x86)\Adobe Device Central CS5
2011-09-11 13:27 . 2011-09-11 13:27 -------- d-----w- c:\program files (x86)\Adobe Bridge CS5
2011-09-11 11:28 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3B7D6CE-8F5C-4C1E-A974-6DC365F57CC0}\mpengine.dll
2011-09-10 09:07 . 2011-09-11 10:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-09-10 09:07 . 2011-09-10 12:45 -------- d-----w- c:\program files (x86)\Steam
2011-09-10 08:54 . 2011-09-10 08:54 -------- d-----w- c:\users\Admin\AppData\Local\Activision
2011-09-10 08:45 . 2011-09-10 08:49 -------- d-----w- c:\program files (x86)\Call of Duty Black Ops
2011-09-09 18:47 . 2011-09-09 18:47 -------- d-----w- c:\program files (x86)\ESET
2011-09-08 19:22 . 2011-09-08 19:22 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2011-09-08 19:22 . 2011-09-08 19:22 -------- d-----w- c:\programdata\Malwarebytes
2011-09-08 19:22 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-08 19:22 . 2011-09-08 19:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-08 19:22 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-08 13:36 . 2011-09-08 13:36 -------- d-----w- c:\program files (x86)\7-Zip
2011-09-06 20:10 . 2011-09-06 20:10 -------- d-----w- c:\users\Admin\AppData\Local\FixItCenter
2011-09-06 20:04 . 2011-09-06 20:04 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-09-06 20:04 . 2011-09-06 20:04 -------- d-----w- c:\windows\MATS
2011-09-06 10:34 . 2011-09-06 10:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 10:29 . 2011-09-06 19:24 -------- d-----w- c:\program files (x86)\JDownloader
2011-09-01 22:14 . 2002-12-11 17:12 760968 ----a-w- c:\windows\SysWow64\WMSDMOD.DLL
2011-09-01 21:50 . 2011-09-01 21:50 -------- d-----w- c:\program files (x86)\USM
2011-08-31 19:05 . 2011-08-31 19:05 -------- d-----w- c:\program files (x86)\VirtualCloneDrive
2011-08-31 18:59 . 2011-08-31 19:43 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011
2011-08-31 08:30 . 2011-08-31 18:44 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011 old
2011-08-30 15:25 . 2011-08-30 15:25 -------- d-----w- c:\programdata\ATI
2011-08-30 15:23 . 2011-08-30 15:23 -------- d-----w- c:\program files (x86)\AMD APP
2011-08-30 11:49 . 2011-08-30 11:49 -------- d-----w- c:\programdata\Raxco
2011-08-30 11:49 . 2011-08-30 11:49 -------- d-----w- c:\program files\Raxco
2011-08-30 11:48 . 2011-08-30 11:48 -------- d-----w- c:\program files (x86)\Raxco
2011-08-30 11:48 . 2011-08-30 11:48 -------- d-----w- c:\program files (x86)\MARKEMENT
2011-08-30 11:44 . 2011-06-10 10:58 49152 ----a-w- c:\windows\SysWow64\INETWH32.DLL
2011-08-30 11:44 . 2011-06-10 10:58 28672 ----a-w- c:\windows\SysWow64\nnr.dll
2011-08-30 11:44 . 2011-06-10 10:58 1056768 ----a-w- c:\windows\SysWow64\ROBOEX32.DLL
2011-08-30 11:43 . 2011-08-30 11:43 -------- d-----w- c:\program files (x86)\NetObjects
2011-08-30 11:38 . 2011-09-06 19:35 -------- d-----w- c:\users\Admin\AppData\Roaming\proDAD
2011-08-30 11:38 . 2011-08-30 11:38 -------- d-----w- c:\program files (x86)\proDAD
2011-08-30 11:37 . 2011-09-02 00:22 -------- d-----w- c:\programdata\proDAD
2011-08-30 11:29 . 2011-08-30 11:29 -------- d-----w- c:\program files (x86)\Ashampoo
2011-08-30 11:28 . 2011-09-06 19:25 -------- d-----w- c:\program files (x86)\Landwirtschafts-Simulator 2009
2011-08-25 17:45 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-25 17:45 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-21 14:17 . 2011-08-21 14:17 -------- d-sh--w- c:\programdata\SecuROM
2011-08-20 23:02 . 2011-08-21 14:16 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-08-20 23:02 . 2011-08-20 23:02 -------- d-----w- c:\windows\SysWow64\xlive
2011-08-19 13:32 . 2011-08-19 13:32 -------- d-----w- c:\program files (x86)\Lavalys
2011-08-17 13:06 . 2011-08-17 13:06 -------- d-----w- c:\users\Admin\AppData\Local\LogiShrd
2011-08-15 18:33 . 2011-08-15 18:33 53248 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-15 18:33 . 2011-08-15 18:33 -------- d-----w- c:\users\Admin\AppData\Roaming\Leadertech
2011-08-15 18:33 . 2011-08-15 18:33 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-08-15 18:33 . 2011-08-17 13:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-08-15 18:32 . 2011-08-15 18:32 -------- d-----w- c:\program files (x86)\SetPointG
2011-08-15 18:32 . 2011-08-15 18:32 -------- d-----w- c:\program files (x86)\SetPointP
2011-08-15 18:31 . 2011-08-15 18:33 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-08-15 18:31 . 2011-08-15 18:34 -------- d-----w- c:\users\Admin\AppData\Roaming\Logitech
2011-08-15 18:31 . 2011-08-15 18:31 -------- d-----w- c:\users\Admin\AppData\Roaming\Logishrd
2011-08-13 18:43 . 2011-09-10 15:46 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-10 15:46 . 2011-04-12 15:10 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-06 10:06 . 2011-05-22 18:37 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 13:58 . 2010-08-20 16:53 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-09-01 13:57 . 2010-08-20 16:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-08-15 20:08 . 2011-03-06 12:47 59256 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-08-15 12:05 . 2011-03-06 12:47 50552 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-08-15 12:05 . 2011-03-06 12:47 110968 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-08-15 12:05 . 2011-03-06 12:47 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2011-08-11 20:29 . 2011-06-29 17:32 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-10 13:32 . 2010-12-19 13:23 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-10 13:23 . 2010-12-19 13:23 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-10 13:23 . 2010-12-19 13:23 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-10 13:23 . 2010-12-19 13:23 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-10 13:23 . 2010-12-19 13:23 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-09 10:27 . 2010-08-07 08:24 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-09 10:17 . 2010-08-07 08:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-09 10:17 . 2010-08-20 16:52 1166144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-08 16:55 . 2011-08-08 16:55 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 22:09 . 2011-07-28 22:09 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:40 . 2011-07-28 21:40 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-07-28 21:39 . 2011-07-28 21:39 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-28 21:36 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-07-28 21:34 . 2011-07-28 21:34 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-07-28 21:30 . 2011-07-28 21:30 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-07-28 21:20 . 2011-07-28 21:20 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2011-07-28 21:09 . 2011-07-28 21:09 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-07-28 21:03 . 2011-07-28 21:03 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-07-28 21:02 . 2011-07-28 21:02 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-07-28 21:01 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:54 . 2011-05-25 02:26 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-07-28 20:54 . 2011-07-28 20:54 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53 . 2011-07-28 20:53 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-07-28 20:53 . 2011-07-28 20:53 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-07-28 20:53 . 2011-07-28 20:53 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-07-28 20:53 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-22 05:42 . 2011-08-11 10:46 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 10:46 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 10:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 10:46 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 10:46 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 10:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-17 21:54 . 2011-07-17 21:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-07-16 05:41 . 2011-08-10 18:16 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 18:16 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 18:16 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 18:16 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 18:16 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 18:16 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:16 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FixCamera"=c:\windows\FixCamera.exe
"tsnpstd3"=c:\windows\tsnpstd3.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"WheelMouse"=c:\advanc~1\wh_exec.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EyelineService;Eyeline Video System;c:\program files (x86)\NCH Software\Eyeline\eyeline.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [x]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
R3 X6va005;X6va005;c:\users\Admin\AppData\Local\Temp\0056D43.tmp [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 DTProTS;DTProTS 2.01;c:\program files (x86)\DTProTS\DTProTS.exe [1999-12-31 271360]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-10 2027840]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-12-18 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 11:41]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 11:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"EvtMgr6"="c:\program files (x86)\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
IE: Free YouTube Download - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.50.140.116 192.168.123.254
TCP: Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o4751zle.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_p4f.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\0056D43.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,fd,ba,5b,7a,48,a6,48,ad,5f,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,fd,ba,5b,7a,48,a6,48,ad,5f,a0,\
.
[HKEY_USERS\S-1-5-21-741516300-845660521-4105745025-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,1a,2b,e1,e1,bb,06,1c,97,56,52,b3,e5,0d,da,f8,e9,3c,77,87,76,94,f1,
24,11,1f,8d,86,a8,d7,15,25,c4,27,6c,af,2f,23,43,a3,6a,3a,19,9b,a4,5b,59,04,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
[HKEY_USERS\S-1-5-21-741516300-845660521-4105745025-1000\Software\SecuROM\License information*]
"datasecu"=hex:d2,6e,9d,27,cd,87,8a,aa,2a,78,f6,d1,4f,d7,ec,ef,9f,aa,ad,78,9a,
e3,50,2f,5d,9b,a0,b1,b6,38,b5,ae,c5,b1,b7,51,a6,ba,be,88,f7,e5,65,a8,7c,79,\
"rkeysecu"=hex:4a,52,43,84,f2,c6,e6,de,5a,6b,96,31,80,df,cc,1c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-11 21:53:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-09-11 19:53
.
Vor Suchlauf: 14 Verzeichnis(se), 1.089.255.792.640 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 1.089.138.237.440 Bytes frei
.
- - End Of File - - AF7335277CD8E300E7845385EA0AAF1C
|
