Combofix Logfile: Code:
ComboFix 10-09-14.01 - Basti 14.09.2010 19:55:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3327.2451 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Neuer Wiederherstellungspunkt wurde erstellt
. ADS - Windows: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Basti\AppData\Local\Windows Server
c:\users\Basti\AppData\Local\Windows Server\admin.txt
c:\users\Basti\AppData\Local\Windows Server\server.dat
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\enemies-names.txt
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\local.ini
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Basti\jeali.exe
c:\users\Basti\uspad.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\Data
c:\windows\system32\msllhsjn.dll
c:\windows\system32\nbai.amo
Infizierte Kopie von c:\windows\system32\drivers\tdx.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-14 bis 2010-09-14 ))))))))))))))))))))))))))))))
.
2010-09-10 15:36 . 2010-09-10 15:36 -------- d-----w- c:\program files\ASIO4ALL v2
2010-09-10 15:30 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-09-10 15:29 . 2010-09-10 15:30 -------- d-----w- c:\program files\Vstplugins
2010-09-10 15:29 . 2010-09-10 15:29 -------- d-----w- c:\program files\Outsim
2010-09-10 15:26 . 2010-09-10 15:30 -------- d-----w- c:\program files\Image-Line
2010-09-08 11:38 . 2010-09-08 12:03 -------- d-----w- c:\program files\trend micro
2010-09-08 11:38 . 2010-09-08 11:38 -------- dc----w- C:\rsit
2010-09-08 11:27 . 2010-09-08 11:27 113 ----a-w- c:\users\Basti\a.bat
2010-09-08 11:25 . 2010-09-07 06:43 114688 ----a-w- c:\users\Basti\impad.exe
2010-09-08 11:25 . 2010-09-10 14:00 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-07 18:16 . 2010-09-08 16:23 -------- d-----w- c:\users\Basti\AppData\Local\lsmtynioy
2010-09-04 13:20 . 2010-09-04 13:20 -------- d--h--w- c:\program files\InstallJammer Registry
2010-09-03 21:07 . 2010-09-03 21:07 -------- dc----w- c:\programdata\SweetIM
2010-09-03 13:23 . 2010-09-03 13:23 -------- d-----w- c:\users\Basti\AppData\Local\119614856374854900
2010-09-03 13:23 . 2010-09-03 13:23 -------- d-----w- c:\users\Basti\AppData\Local\119611643739317492
2010-09-02 22:17 . 2010-09-10 16:34 -------- d-----w- c:\users\Basti\AppData\Roaming\.minecraft
2010-08-30 19:45 . 2010-08-30 19:49 -------- d-----w- c:\program files\osu!
2010-08-30 19:44 . 2010-08-30 19:44 -------- d-----w- c:\users\Basti\AppData\Roaming\Downloaded Installations
2010-08-30 18:03 . 2010-08-30 18:03 -------- dc----w- c:\programdata\IsolatedStorage
2010-08-21 19:04 . 2010-08-21 19:04 -------- d-----w- c:\users\Basti\AppData\Roaming\Creative
2010-08-20 13:08 . 2010-08-20 13:08 -------- d-----w- c:\users\Basti\AppData\Local\TechSmith
2010-08-18 21:25 . 2010-08-18 21:25 -------- d-----w- c:\users\Basti\AppData\Local\119614890735445236
2010-08-18 21:25 . 2010-08-18 21:25 -------- d-----w- c:\users\Basti\AppData\Local\119611678099907828
2010-08-18 13:30 . 2010-08-18 13:30 -------- d-----w- c:\users\Basti\AppData\Local\119614890734396660
2010-08-18 13:30 . 2010-08-18 13:30 -------- d-----w- c:\users\Basti\AppData\Local\119611678098859252
2010-08-17 20:12 . 2010-08-17 20:12 -------- d-----w- c:\users\Basti\AppData\Roaming\Xilisoft
2010-08-17 19:10 . 2010-08-17 19:10 -------- d-----w- c:\users\Basti\AppData\Roaming\Datel
2010-08-17 19:09 . 2010-08-17 19:09 -------- d-----w- c:\program files\Datel
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\users\Basti\AppData\Roaming\GameTuts
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\users\Basti\AppData\Local\GameTuts
2010-08-17 14:46 . 2010-08-17 14:47 -------- dc----w- c:\programdata\XHEO INC
2010-08-17 14:45 . 2010-08-17 14:45 -------- d-----w- c:\users\Basti\AppData\Local\IsolatedStorage
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 18:10 . 2010-02-07 16:16 -------- d-----w- c:\users\Basti\AppData\Roaming\Skype
2010-09-14 18:08 . 2010-06-11 16:24 -------- d-----w- c:\users\Basti\AppData\Roaming\Dropbox
2010-09-14 18:08 . 2010-02-18 21:00 -------- d-----w- c:\users\Basti\AppData\Roaming\Xfire
2010-09-14 18:08 . 2010-02-07 16:18 -------- d-----w- c:\users\Basti\AppData\Roaming\skypePM
2010-09-14 18:08 . 2010-08-12 13:32 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-14 18:08 . 2010-06-28 16:49 -------- d-----w- c:\program files\Steam
2010-09-14 18:07 . 2010-02-16 17:03 -------- dc----w- c:\programdata\NVIDIA
2010-09-14 18:01 . 2009-07-14 08:47 696132 ----a-w- c:\windows\system32\perfh007.dat
2010-09-14 18:01 . 2009-07-14 08:47 147428 ----a-w- c:\windows\system32\perfc007.dat
2010-09-14 17:34 . 2010-02-21 16:55 -------- d-----w- c:\program files\JDownloader
2010-09-13 19:50 . 2010-09-10 16:34 65024 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-13 19:50 . 2010-09-10 16:34 62464 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-13 19:50 . 2010-09-10 16:34 61952 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-09-13 19:50 . 2010-09-10 16:34 59392 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-09-13 19:50 . 2010-09-10 16:34 273920 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-13 19:50 . 2010-09-10 16:34 195072 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-13 19:50 . 2010-09-10 16:34 193024 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-09-13 19:50 . 2010-09-10 16:34 108032 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-09-13 19:28 . 2010-03-12 13:59 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-13 19:28 . 2010-03-12 13:59 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 14:28 . 2010-02-07 14:22 -------- d-----w- c:\users\Basti\AppData\Roaming\ICQ
2010-09-12 20:47 . 2010-02-07 14:45 -------- d-----w- c:\users\Basti\AppData\Roaming\vlc
2010-09-11 11:16 . 2010-02-18 21:00 -------- dc----w- c:\programdata\Xfire
2010-09-10 20:17 . 2010-05-13 19:39 -------- d-----w- c:\program files\MeGUI
2010-09-10 11:31 . 2010-03-07 15:51 -------- d-----w- c:\users\Basti\AppData\Roaming\UseNeXT
2010-09-09 22:36 . 2010-02-15 22:00 -------- dc----w- c:\programdata\Sony
2010-09-09 22:35 . 2010-02-15 22:15 -------- d-----w- c:\users\Basti\AppData\Roaming\Sony
2010-09-07 20:35 . 2010-07-10 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 12:08 . 2010-04-25 13:33 -------- dc----w- c:\programdata\Microsoft Help
2010-09-06 22:36 . 2010-02-21 02:20 128400 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-04 23:23 . 2010-09-04 23:22 2788816 ----a-w- c:\users\Basti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-09-04 13:20 . 2010-09-04 13:20 1490343 ----a-w- c:\windows\Cursors\uninstall.exe
2010-09-03 21:17 . 2010-05-01 19:03 -------- d-----w- c:\program files\Sony
2010-09-03 15:59 . 2010-09-03 15:59 144696 -c--a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-03 15:59 . 2010-05-08 21:47 -------- dc----w- c:\programdata\DivX
2010-08-31 18:49 . 2010-02-07 00:25 86296 ----a-w- c:\users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-31 18:45 . 2010-02-13 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-29 18:41 . 2010-07-21 18:35 -------- d-----w- c:\program files\MW2CU
2010-08-29 12:58 . 2010-02-07 14:21 -------- d-----w- c:\program files\ICQ7.0
2010-08-28 19:56 . 2010-08-28 19:56 126976 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuozl.exe
2010-08-28 11:55 . 2010-02-07 14:48 -------- d-----w- c:\users\Basti\AppData\Roaming\dvdcss
2010-08-17 20:10 . 2010-04-06 20:20 -------- d-----w- c:\program files\Xilisoft
2010-08-12 21:59 . 2010-08-12 21:59 47364 -c--a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-12 21:59 . 2010-08-12 20:29 -------- dc----w- c:\programdata\Blizzard Entertainment
2010-08-12 20:48 . 2010-08-12 20:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-12 15:42 . 2010-02-16 17:02 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-12 15:42 . 2010-02-16 17:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:20 . 2010-08-11 18:19 -------- d-----w- c:\users\Basti\AppData\Roaming\ManyCam
2010-08-11 18:19 . 2010-08-11 18:19 -------- d-----w- c:\program files\ManyCam
2010-08-11 18:10 . 2010-08-11 18:10 -------- d-----w- c:\program files\Fake Webcam
2010-08-11 18:10 . 2010-08-11 18:10 -------- d-----w- c:\program files\Common Files\fwc
2010-08-11 17:58 . 2010-08-11 17:58 10134 ----a-r- c:\users\Basti\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-08-11 17:58 . 2010-08-11 17:58 -------- d-----w- c:\program files\AMD
2010-08-08 12:42 . 2010-04-02 22:40 -------- d-----w- c:\program files\Palringo
2010-08-04 22:58 . 2010-08-04 22:51 -------- d-----w- c:\users\Basti\AppData\Roaming\Call Graph
2010-08-04 22:53 . 2010-08-04 22:53 -------- d-----w- c:\users\Basti\AppData\Roaming\Sedna Wireless
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\program files\Call Graph
2010-08-01 22:16 . 2010-02-16 22:41 -------- d-----w- c:\program files\WeGame
2010-07-31 15:01 . 2010-07-31 15:04 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-07-30 20:22 . 2010-02-11 14:30 -------- d-----w- c:\users\Basti\AppData\Roaming\Media Player Classic
2010-07-30 17:41 . 2010-07-30 17:29 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-30 17:30 . 2010-07-30 17:30 -------- d-----w- c:\program files\CCleaner
2010-07-30 17:29 . 2010-07-30 17:29 -------- d-----w- c:\users\Basti\AppData\Roaming\TuneUp Software
2010-07-30 17:29 . 2010-07-30 17:29 -------- dc----w- c:\programdata\TuneUp Software
2010-07-30 17:28 . 2010-07-30 17:28 -------- dcsh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-29 00:01 . 2010-07-29 00:01 -------- d-----w- c:\program files\Orekaria
2010-07-27 18:00 . 2010-07-26 00:03 148 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-07-26 20:28 . 2010-07-26 20:27 -------- d-----w- c:\program files\Cinema4D
2010-07-26 00:03 . 2010-07-26 00:03 16 -c-h--w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\nkz3kk1.dll
2010-07-26 00:03 . 2010-07-26 00:03 120 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03 -------- dc----w- c:\programdata\SafeNet Sentinel
2010-07-26 00:03 . 2010-07-26 00:03 -------- d-----w- c:\program files\Vicon
2010-07-25 21:08 . 2010-07-25 21:08 -------- dc----w- c:\programdata\regid.1986-12.com.adobe
2010-07-25 20:45 . 2010-07-25 20:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 20:44 . 2010-07-25 20:45 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-25 19:31 . 2010-02-06 23:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 19:14 . 2010-07-23 00:58 -------- d-----w- c:\program files\Illustrate
2010-07-25 18:53 . 2010-07-25 18:53 -------- d-----w- c:\program files\VS Revo Group
2010-07-25 16:06 . 2010-02-13 15:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-23 00:59 . 2010-07-23 00:59 3291 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-23 00:59 . 2010-03-19 22:17 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-22 00:17 . 2010-07-22 00:17 -------- d-----w- c:\program files\Noel Danjou
2010-07-21 16:53 . 2010-04-25 13:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-20 12:57 . 2010-07-19 18:39 -------- d-----w- c:\program files\MediaInfo
2010-07-19 18:40 . 2010-07-19 18:40 -------- d-----w- c:\users\Basti\AppData\Roaming\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39 -------- d-----w- c:\program files\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39 331304 ----a-w- c:\users\Basti\AppData\Roaming\OpenCandy\OpenCandy_2CBAF7D0FFB3454FBE5E3999AE55DD86\DLMgr_3_1.6.44.exe
2010-07-19 18:39 . 2010-07-19 18:39 -------- d-----w- c:\users\Basti\AppData\Roaming\OpenCandy
2010-07-18 19:53 . 2010-07-06 11:39 -------- d-----w- c:\program files\PS3 Media Server
2010-07-17 22:54 . 2010-07-17 22:52 -------- d-----w- c:\program files\Google
2010-07-17 22:50 . 2010-07-17 22:50 -------- d-----w- c:\program files\Common Files\Skype
2010-07-12 17:10 . 2010-07-10 23:43 63488 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-12 17:10 . 2010-07-10 23:43 117760 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-10 23:43 . 2010-07-10 23:43 52224 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-06 11:26 . 2010-07-30 17:30 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\steam\steam.exe" [2010-08-28 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-02 2424560]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2010-02-13 2521464]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-06-24 1680680]
"Google Update"="c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nuozl.exe [2010-8-28 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-13 17:05 2521464 -c--a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-05-14 13:33 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2010-02-18 10:24 1573448 -c--a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2010-02-18 10:47 3203144 -c--a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-06-21 18:41 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-02 11:53 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
R0 jpqje;jpqje;c:\windows\System32\drivers\wvjhfc.sys [x]
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-06 79360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3411964]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-07 1343400]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-12 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-21 173352]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - qbbbppop
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000Core.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000UA.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
HKCU-Run-saeji - c:\users\Basti\saeji.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-Adobe_ID0ENQBO - c:\progra~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSConfigStartUp-nonep - c:\users\Basti\AppData\Local\Temp\tmp9c3961f8\killexe.exe
MSConfigStartUp-Pinnacle Game Profiler - c:\program files\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\WebcamMax.exe
MSConfigStartUp-{0D6EF551-81D5-428B-6701-9BBA448D5B36} - c:\users\Basti\AppData\Roaming\Owcuw\yfony.exe
AddRemove-FLV Pro Player - c:\program files\FLV Pro Player\uninstall.exe
AddRemove-LOCO - c:\program files\Alaplaya\LOCO\uninst.exe
AddRemove-MeGUI - c:\program files\MeGUI\megui-uninstall.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\qbbbppop]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1584810832-2463764626-296550485-1000\Software\SecuROM\License information*]
"datasecu"=hex:73,24,85,13,71,26,4a,6b,8f,ec,e8,27,94,6e,b0,64,91,38,cd,f2,67,
5d,c6,e1,d7,a5,3f,0f,26,34,1a,18,33,36,ab,3d,e0,38,14,f9,3c,ae,5f,3c,d9,90,\
"rkeysecu"=hex:00,37,ca,59,02,77,7a,3b,cd,04,49,ad,15,94,a4,bf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(2920)
c:\users\Basti\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-14 20:16:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-14 18:16
Vor Suchlauf: 5.151.526.912 Bytes frei
Nach Suchlauf: 5.332.586.496 Bytes frei
- - End Of File - - 10E6CFCF8D19C141507FE55101FD9028 --- --- --- |