| Akkazhan | 25.02.2012 16:56 |
Combofix Logfile: Code:
ComboFix 12-02-24.02 - Stefan 25.02.2012 15:16:15.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.2006 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files\Dragonica_Deutsch_Offiziell_PSB_23.06.2010.exe
c:\programdata\FullRemove.exe
c:\programdata\xml7B47.tmp
c:\programdata\xml7C70.tmp
c:\programdata\xml7CCF.tmp
c:\users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload.tmp
c:\users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[1].tmp
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\((Mutex)).xtr
c:\users\Stefan\AppData\Roaming\Windows
c:\users\Stefan\S4Vision Hack 2.0.dll
c:\windows\system32\windows
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-25 bis 2012-02-25 ))))))))))))))))))))))))))))))
.
.
2012-02-25 14:27 . 2012-02-25 14:27 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2012-02-25 14:27 . 2012-02-25 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 14:15 . 2012-02-25 14:15 -------- d-----w- c:\users\Stefan\AppData\Roaming\Avira
2012-02-25 14:10 . 2012-01-31 07:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-25 14:10 . 2012-01-31 07:56 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-25 14:10 . 2011-09-16 15:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-25 14:10 . 2012-02-25 14:10 -------- d-----w- c:\programdata\Avira
2012-02-25 14:10 . 2012-02-25 14:10 -------- d-----w- c:\program files\Avira
2012-02-25 13:53 . 2012-02-25 14:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90978AE3-6E2B-4CC7-B77B-36C324E7F2F1}\offreg.dll
2012-02-24 21:46 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90978AE3-6E2B-4CC7-B77B-36C324E7F2F1}\mpengine.dll
2012-02-23 22:32 . 2012-02-23 22:32 1409 ----a-w- c:\windows\QTFont.for
2012-02-19 00:26 . 2012-02-19 00:26 -------- d-----w- c:\users\Stefan\AppData\Roaming\PandoraRecovery
2012-02-19 00:26 . 2012-02-19 19:47 -------- d-----w- c:\program files\Pandora Recovery
2012-02-18 13:22 . 2012-02-18 13:22 -------- d-----w- c:\program files\Recuva
2012-02-16 14:32 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 14:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 14:23 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 16:49 . 2012-02-15 16:49 -------- d-----w- c:\users\Stefan\AppData\Roaming\thriXXX
2012-02-14 22:41 . 2012-02-14 22:41 -------- d-----w- c:\users\Stefan\dwhelper
2012-02-14 14:55 . 2012-02-14 14:55 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-02-14 14:55 . 2012-02-14 14:55 -------- d-----w- c:\program files\Common Files\xing shared
2012-02-14 14:55 . 2012-02-14 14:55 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-02-14 14:55 . 2012-02-14 14:55 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2012-02-11 18:34 . 2012-02-19 00:57 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-11 18:34 . 2012-02-11 18:34 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-11 18:34 . 2012-02-11 18:34 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-11 18:33 . 2012-02-11 18:34 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-09 17:21 . 2012-02-09 17:21 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-01 17:26 . 2012-02-01 17:26 -------- d-----w- c:\users\Stefan\AppData\Local\ElevatedDiagnostics
2012-01-26 17:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-26 17:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-26 17:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-26 17:23 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-26 17:23 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-26 17:23 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-26 17:23 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-26 17:23 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 17:23 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-26 17:23 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 11:54 . 2011-05-19 13:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-14 14:54 . 2008-07-29 11:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-29 04:10 . 2010-01-03 16:26 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-25 21:23 . 2011-12-25 22:07 258352 ----a-w- c:\windows\system32\unicows.dll
2011-12-10 14:24 . 2010-04-23 15:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 16:32 . 2010-05-25 15:58 1283349871 ----a-w- c:\program files\Dragonica_Deutsch.exe
2012-02-19 00:57 . 2011-05-06 19:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"BitTorrent DNA"="c:\users\Stefan\Program Files\DNA\btdna.exe" [2009-12-30 323392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"Akamai NetSession Interface"="c:\users\Stefan\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"Ocs_SM"="c:\users\Stefan\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-04-07 106496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-14 296056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-30 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Stefan\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-04-07 40960]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 XDva326;XDva326;c:\windows\system32\XDva326.sys [x]
R3 XDva327;XDva327;c:\windows\system32\XDva327.sys [x]
R3 XDva328;XDva328;c:\windows\system32\XDva328.sys [x]
R3 XDva332;XDva332;c:\windows\system32\XDva332.sys [x]
R3 XDva336;XDva336;c:\windows\system32\XDva336.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva341;XDva341;c:\windows\system32\XDva341.sys [x]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
R3 XDva347;XDva347;c:\windows\system32\XDva347.sys [x]
R3 XDva348;XDva348;c:\windows\system32\XDva348.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-15 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-07 19:02]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 13:09]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 13:09]
.
2012-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1393878847-3825134562-3829623230-1001.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=cqde
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\66crurcd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆ]
"0"=hex:44,3a,5c,50,49,43,54,55,52,45,5c,4e,65,75,65,72,20,4f,72,64,6e,65,72,
5c,56,69,64,65,6f,73,5c,45,78,74,72,65,6d,65,6c,79,20,48,6f,74,20,45,6d,6f,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5c,6f,a1,23,ab,f5,ca,f7,82,3c,41,76,b0,f5,9d,3a,38,aa,59,a4,64,2a,a3,
c7,d2,8e,8f,86,73,73,e9,f6,03,96,c8,60,50,34,07,37,7b,fe,88,94,6b,8d,50,a7,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\SecuROM\License information*]
"datasecu"=hex:17,be,c0,9b,fb,56,9f,0d,0f,2c,a0,30,27,5f,32,71,71,d9,e5,b5,22,
9e,ec,10,7a,29,1a,79,22,f1,8f,fb,11,5c,5b,9c,e5,6c,69,4d,b3,1b,6b,3a,08,e3,\
"rkeysecu"=hex:56,66,3e,48,66,8a,17,38,6b,3b,fe,d1,f7,d7,af,70
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-25 16:18:19
ComboFix-quarantined-files.txt 2012-02-25 15:18
.
Vor Suchlauf: 31 Verzeichnis(se), 33.194.307.584 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 37.626.273.792 Bytes frei
.
- - End Of File - - 6DA27F3A0D5019C61EBEB894D82A9CB5
--- --- --- |
