Hey nochmal,
also, Combofix ist fertig, hat ein Log angezeigt. Das Problem ist aber, dass danach kein Programm mehr starten wollte (irgendsoeine Meldung in der Richtung von "Schlüssel ist für Löschen vorgemerkt..., kann nicht starten"). Dann hab ich einen Neustart probiert und, naja, jetzt gibt es nur noch Bluescreens...
Combofix Logfile: Code:
ComboFix 11-01-01.02 - bgf 02.01.2011 13:33:24.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3327.2128 [GMT 1:00]
ausgeführt von:: c:\users\bgf\Desktop\cofi.exe
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-02 bis 2011-01-02 ))))))))))))))))))))))))))))))
.
2011-01-02 12:41 . 2011-01-02 12:41 -------- d-----w- c:\users\Karin\AppData\Local\temp
2011-01-02 12:41 . 2011-01-02 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-02 11:18 . 2011-01-02 12:41 -------- d-----w- c:\users\bgf\AppData\Local\temp
2011-01-02 10:59 . 2011-01-02 11:09 -------- d-----w- C:\cofi
2011-01-02 10:54 . 2011-01-02 10:54 -------- d-----w- c:\windows\Internet Logs
2011-01-01 15:41 . 2011-01-01 15:40 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-01-01 15:41 . 2011-01-01 15:41 -------- d-----w- c:\programdata\Sophos Web Intelligence
2011-01-01 15:41 . 2011-01-01 15:41 -------- d-----w- c:\program files\Common Files\Cisco Systems
2011-01-01 15:41 . 2011-01-01 15:39 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-01-01 15:40 . 2011-01-01 15:40 122360 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-01-01 15:39 . 2011-01-01 15:39 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-01-01 15:34 . 2011-01-01 15:34 23928 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-01-01 14:37 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC7ECBAC-7A2B-4233-AE51-FC7C8C73A653}\mpengine.dll
2010-12-24 10:40 . 2010-06-01 08:57 1848584 ----a-w- c:\windows\RXSUnins.exe
2010-12-24 10:40 . 2010-06-01 08:57 1848584 ----a-w- c:\windows\RXCUnins.exe
2010-12-24 00:07 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-24 00:07 . 2010-12-24 00:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-24 00:05 . 2010-12-24 00:05 -------- d-----w- c:\users\bgf\AppData\Local\Sunbelt Software
2010-12-24 00:02 . 2010-12-24 00:02 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-24 00:02 . 2010-12-24 00:02 -------- d-----w- c:\program files\Lavasoft
2010-12-23 17:44 . 2010-12-23 17:44 -------- d-----w- c:\users\bgf\AppData\Roaming\Malwarebytes
2010-12-23 17:44 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 17:44 . 2010-12-23 17:44 -------- d-----w- c:\programdata\Malwarebytes
2010-12-23 17:40 . 2010-12-27 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-23 17:40 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 14:30 . 2010-12-22 14:30 -------- d-----w- c:\users\bgf\AppData\Local\FixItCenter
2010-12-22 11:42 . 2010-12-22 11:42 -------- d-----w- c:\program files\iPod
2010-12-22 11:39 . 2010-12-22 11:39 -------- d-----w- c:\program files\Bonjour
2010-12-22 11:12 . 2010-12-22 11:12 -------- d-----w- c:\program files\Audible
2010-12-22 10:47 . 2010-12-22 10:56 -------- d-----w- c:\users\bgf\AppData\Roaming\VSO
2010-12-22 10:47 . 2010-12-22 10:47 -------- d-----w- c:\program files\VSO
2010-12-20 21:54 . 2010-12-20 21:54 -------- d-----w- c:\program files\directx
2010-12-20 21:52 . 2010-12-20 21:52 -------- d-----w- c:\program files\Rockstar Games
2010-12-20 21:52 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-12-20 21:52 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-12-20 21:52 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-12-20 21:52 . 2010-12-20 21:52 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-12-20 21:52 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-12-20 21:52 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-12-20 21:52 . 2010-12-20 21:52 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-12-20 21:46 . 2010-12-20 21:46 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-12-20 21:46 . 2010-12-20 21:46 -------- d-----w- c:\windows\MATS
2010-12-14 16:26 . 2010-12-14 16:26 -------- d-----w- C:\found.000
2010-12-12 19:05 . 2010-12-12 19:05 -------- d-----w- c:\program files\af0.net
2010-12-11 22:16 . 2010-12-11 22:19 -------- d-----w- C:\Loksim3D
2010-12-11 22:06 . 2010-12-11 22:06 -------- d-----w- c:\program files\Common Files\Skype
2010-12-11 09:37 . 2010-12-11 09:37 -------- d-----w- c:\users\bgf\AppData\Local\IsolatedStorage
2010-12-11 09:37 . 2010-12-11 09:37 -------- d-----w- c:\users\bgf\AppData\Local\Futuremark_Corporation
2010-12-11 08:57 . 2010-12-11 08:57 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-12-11 08:56 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-12-11 08:56 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-12-11 08:56 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-12-11 08:56 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-12-11 08:56 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-12-11 08:56 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-12-11 08:56 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-12-11 08:56 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-12-11 08:44 . 2010-12-11 08:44 -------- d-----w- c:\program files\MozBackup
2010-12-10 17:47 . 2010-12-10 17:47 -------- d-----w- c:\program files\NSIS
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 21:35 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-12 21:35 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-03 09:05 . 2010-02-04 20:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-16 16:07 . 2010-11-16 16:07 46448 ----a-w- c:\windows\apppatch\AppPatch64\EMET64.dll
2010-11-16 16:07 . 2010-11-16 16:07 43888 ----a-w- c:\windows\apppatch\EMET.dll
2010-11-07 17:21 . 2010-01-30 14:36 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-07 17:21 . 2010-01-30 14:36 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-05 15:06 . 2010-09-06 13:32 57344 ----a-r- c:\users\bgf\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-11-01 23:03 . 2010-11-24 20:00 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-01 22:59 . 2010-11-24 20:00 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-27 03:59 . 2010-10-27 03:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:55 . 2010-02-03 04:23 547328 ----a-w- c:\windows\system32\aticfx32.dll
2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:51 . 2010-10-27 02:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 02:51 . 2010-10-27 02:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 02:50 . 2010-10-27 02:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:46 . 2009-09-19 02:12 4020736 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 02:28 . 2009-09-19 01:56 4094464 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-27 02:14 . 2010-02-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 02:13 . 2010-02-03 03:23 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-27 02:13 . 2010-02-03 03:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 01:50 . 2009-09-19 01:38 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-26 18:26 . 2010-10-26 18:26 294912 ----a-w- c:\windows\system32\ATIODE.exe
2010-10-26 18:25 . 2010-10-26 18:25 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2010-10-25 09:09 . 2010-10-25 09:09 413696 ----a-w- c:\programdata\Microsoft\Windows\Templates\msvcp60.dll
2010-10-25 09:09 . 2010-10-25 09:09 23040 ----a-w- c:\programdata\Microsoft\Windows\Templates\psapi.dll
2010-10-25 09:09 . 2010-10-25 09:09 511328 ----a-w- c:\windows\system32\Synchronization2.dll
2010-10-25 09:09 . 2010-10-25 09:09 288608 ----a-w- c:\windows\system32\Microsoft.Synchronization.dll
2010-10-25 09:09 . 2010-10-25 09:09 253280 ----a-w- c:\windows\system32\MetaStore2.dll
2010-10-25 09:07 . 2010-10-25 09:07 319456 ----a-w- c:\programdata\Microsoft\Windows\Templates\DIFxAPI.dll
2010-10-25 09:03 . 2009-12-21 11:58 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-10-25 09:03 . 2009-12-21 11:58 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-10-19 09:41 . 2009-11-16 19:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-04 23:21 . 2009-11-22 13:56 218496 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-04 23:15 . 2009-11-22 13:52 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-04 23:11 . 2009-11-22 13:54 138056 ----a-w- c:\users\bgf\AppData\Roaming\PnkBstrK.sys
2010-10-04 22:43 . 2010-10-04 23:05 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2009-09-18 12:20 . 2010-05-31 12:28 2560 ----a-w- c:\program files\tibsun_regadd.reg
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2010-01-13 686344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"MacrokeyManager"="WTMKM.exe" [2010-01-26 5881576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-01-01 439536]
c:\users\bgf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Launchy.lnk - c:\program files\Launchy\Launchy.exe [N/A]
Logitech . Produktregistrierung.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk.disabled [2010-12-22 2093]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-18 813584]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Radio.fx.LNK - g:\tobit radio.fx\Client\rfx-client.exe [N/A]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [N/A]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 49152]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-17 133104]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 716800]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 536576]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-01-01 163056]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 ALSysIO;ALSysIO;c:\users\bgf\AppData\Local\Temp\ALSysIO.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [2005-05-25 4608]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-01-01 23928]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 9728]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-01-01 22536]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-22 691696]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-01-01 122360]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 17408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2010-06-24 2450696]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-01-01 97520]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-01-01 1541360]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2010-05-06 242000]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2010-01-27 515816]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 AODDriver;AODDriver;c:\program files\AMD\OverDrive\i386\AODDriver.sys [2009-10-22 8704]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-17 08:37]
2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-17 08:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.netvibes.com/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {CF99E15B-DF01-41C3-9722-7443B477A671} = 128.176.0.28,128.176.0.13
FF - ProfilePath - c:\users\bgf\AppData\Roaming\Mozilla\Firefox\Profiles\pggr1ce2.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: TweakTube: {15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed} - %profile%\extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Readability: {6005d9b1-d115-485a-a92a-3f6453ca3fe2} - %profile%\extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Converter: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6} - %profile%\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: QuickJava: {E6C1199F-E687-42da-8C24-E7770CC3AE66} - %profile%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-Racer - c:\sims\RACER\Uninst.isu
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7600
CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,1a,a6,8d,53,42,f9,4f,ba,f3,98,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,1a,a6,8d,53,42,f9,4f,ba,f3,98,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-02 16:01:45
ComboFix-quarantined-files.txt 2011-01-02 15:01
Vor Suchlauf: 29 Verzeichnis(se), 67.017.068.544 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 66.940.133.376 Bytes frei
- - End Of File - - 5E2D94B8B2D27245F70D64F231A7947F
]
--- --- ---
Und es gibt noch Quarantined Files Code:
2011-01-02 15:00:59 . 2011-01-02 15:00:59 928 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-24_flashusbdriver.reg.dat
2011-01-02 15:00:59 . 2011-01-02 15:00:59 446 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Racer.reg.dat
2011-01-02 11:07:46 . 2011-01-02 12:38:25 7,705 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-01-02 10:59:55 . 2011-01-02 12:33:23 248 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-12-11 22:17:42 . 2010-04-07 01:04:17 2,124 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Readme.txt.vir
2010-06-20 12:44:58 . 2009-09-17 09:35:05 157 ----a-w- C:\Qoobox\Quarantine\C\Users\bgf\autorun.inf.vir
|
