Combofix Log :
Combofix Logfile: Code:
ComboFix 11-09-27.01 - Benjamin 27.09.2011 21:10:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8190.6467 [GMT 2:00]
ausgeführt von:: c:\users\Benjamin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-27 bis 2011-09-27 ))))))))))))))))))))))))))))))
.
.
2011-09-27 19:13 . 2011-09-27 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-27 18:08 . 2011-09-27 18:08 -------- d-----w- c:\programdata\NVIDIA
2011-09-27 17:53 . 2011-09-27 17:53 -------- d-----w- C:\_OTL
2011-09-26 20:48 . 2011-09-26 20:48 -------- d-----w- c:\program files (x86)\ESET
2011-09-26 18:51 . 2011-09-26 18:51 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Malwarebytes
2011-09-26 18:51 . 2011-09-26 18:51 -------- d-----w- c:\programdata\Malwarebytes
2011-09-26 18:51 . 2011-09-26 18:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-26 18:51 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-15 10:25 . 2011-09-15 15:22 -------- d-----w- c:\users\Benjamin\VirtualBox VMs
2011-09-15 10:25 . 2011-09-15 16:05 -------- d-----w- c:\users\Benjamin\.VirtualBox
2011-09-15 10:01 . 2011-08-15 12:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-15 10:01 . 2011-08-15 12:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-09 10:46 . 2011-09-09 10:46 -------- d-----w- c:\users\Benjamin\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-09-07 12:45 . 2011-09-07 12:45 -------- d-----w- c:\programdata\InstallShield
2011-09-07 12:45 . 2005-02-17 05:15 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-09-07 12:45 . 2005-02-17 05:15 73728 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2011-09-07 12:45 . 2005-02-17 05:15 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-09-07 12:45 . 2005-02-17 05:15 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2011-09-07 12:45 . 2005-02-17 05:15 81920 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-09-07 12:45 . 2005-02-17 05:15 278528 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-09-07 12:45 . 2005-02-17 05:15 581632 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-09-07 12:44 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-09-07 12:44 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-09-07 12:44 . 2011-09-07 12:44 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-09-07 12:44 . 2011-09-07 12:44 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-09-07 12:44 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-09-07 12:44 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-09-07 12:44 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-09-07 12:44 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-09-07 12:35 . 2011-09-07 12:35 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-09-07 12:35 . 2011-09-07 12:35 -------- d-----w- c:\program files\Realtek
2011-09-03 11:35 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F91D40-DFF9-4EF0-9D20-AB4B5263666D}\mpengine.dll
2011-08-30 15:19 . 2011-08-30 15:19 -------- d-sh--w- c:\windows\ftpcache
2011-08-29 17:45 . 2011-08-29 17:45 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Kalypso Media
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 16:23 . 2011-07-10 10:54 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-27 16:23 . 2011-05-28 10:04 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-27 15:45 . 2011-05-28 07:59 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-21 10:28 . 2011-05-28 21:25 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-21 10:28 . 2011-05-28 21:25 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-09-21 10:28 . 2011-05-28 21:25 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-21 10:28 . 2011-05-28 21:25 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-09-06 20:45 . 2011-05-26 02:15 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-05-26 02:15 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-05-26 02:15 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-26 02:15 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-05-26 02:15 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-05-26 02:15 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-05-26 02:15 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-05-26 02:15 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-05-26 02:15 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-30 23:19 . 2011-07-10 10:54 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-30 15:36 . 2011-07-10 10:54 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-23 22:10 . 2011-05-26 01:53 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-08-09 21:59 . 2011-08-09 21:59 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-08 10:37 . 2011-07-05 11:33 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2011-08-08 10:37 . 2011-06-11 14:14 161184 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 22:09 . 2011-07-28 22:09 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:40 . 2011-04-20 02:09 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-07-28 21:39 . 2011-04-20 02:07 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-07-28 21:34 . 2011-07-28 21:34 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-07-28 21:30 . 2011-04-20 01:59 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-07-28 21:20 . 2011-04-20 01:49 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2011-07-28 21:09 . 2011-07-28 21:09 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-07-28 21:03 . 2011-07-28 21:03 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-07-28 21:02 . 2011-07-28 21:02 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-07-28 21:01 . 2011-04-20 01:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:54 . 2011-07-28 20:54 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-07-28 20:54 . 2011-07-28 20:54 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53 . 2011-04-20 01:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-07-28 20:53 . 2011-04-20 01:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-07-28 20:53 . 2011-07-28 20:53 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-07-28 20:53 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-22 05:35 . 2011-08-21 22:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-25 23:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-17 21:54 . 2011-07-17 21:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-07-16 05:26 . 2011-08-21 23:51 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-21 23:51 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-21 23:51 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-21 23:51 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-21 23:51 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-21 23:51 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-21 23:51 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-21 23:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-21 23:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"DAEMON Tools Lite"="b:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Avast\avastUI.exe" [2011-09-06 3722416]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - b:\programme\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Benjamin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-26 30528]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AMD FusionUtility Service;AMD FusionUtility Service;b:\programme\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]
S2 AODDriver4.01;AODDriver4.01;c:\programme\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 GS In-Game Service;GS In-Game Service;b:\games\GameTracker\GSInGameService.exe [2011-04-29 1677096]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;b:\programme\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-08-08 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\ogt3nigd.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-809925555-1904399598-2643341078-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,95,28,ea,72,a3,07,1a,32,74,b4,cc,15,4d,8e,43,dd,3c,23,fe,58,
df,b9,90,2c,f0,9a,f2,b5,8a,63,02,ea,17,1a,b4,79,c1,39,0e,81,86,c5,5b,83,5d,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
b:\programme\LogMeIn Hamachi\hamachi-2-ui.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
b:\games\Random Stuff\G15-Applets\LCRSirReal\LCDSirReal\LCDSirReal.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-27 21:18:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-09-27 19:18
.
Vor Suchlauf: 11 Verzeichnis(se), 148.379.308.032 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 148.215.066.624 Bytes frei
.
- - End Of File - - DC53EA9122ED56768CAB561792567616
--- --- ---
Mfg Benni |
