Moin,
Hier ist der Inhalt der Log-Datei: Code:
ComboFix 12-01-03.04 - Ch3lios 03.01.2012 22:38:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2343 [GMT 1:00]
ausgeführt von:: c:\users\Ch3lios\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ch3lios\AppData\Roaming\inst.exe
c:\windows\iun6002.exe
c:\windows\security\Database\tmp.edb
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\App
c:\windows\system32\App\AppInfo\appcompactor.ini
c:\windows\system32\App\AppInfo\appicon.ico
c:\windows\system32\App\AppInfo\appicon_128.png
c:\windows\system32\App\AppInfo\appicon_16.png
c:\windows\system32\App\AppInfo\appicon_32.png
c:\windows\system32\App\AppInfo\appinfo.ini
c:\windows\system32\App\AppInfo\installer.ini
c:\windows\system32\App\Chrome-bin\chrome.exe
c:\windows\system32\App\Chrome-bin\First Run
c:\windows\system32\App\Chrome-bin\wow_helper.exe
c:\windows\system32\App\DefaultData\profile\Default\Bookmarks
c:\windows\system32\App\DefaultData\profile\Default\History
c:\windows\system32\App\DefaultData\profile\Default\Preferences
c:\windows\system32\App\DefaultData\profile\Default\Thumbnails
c:\windows\system32\App\DefaultData\profile\Default\Top Sites
c:\windows\system32\App\readme.txt
c:\windows\system32\help.html
c:\windows\system32\java.exe
c:\windows\system32\ReadMe.txt
c:\windows\system32\uninstall.exe
c:\windows\system32\updater.exe
c:\windows\SysWow64\64.exe
c:\windows\SysWow64\App
c:\windows\SysWow64\App\AppInfo\appcompactor.ini
c:\windows\SysWow64\App\AppInfo\appicon.ico
c:\windows\SysWow64\App\AppInfo\appicon_128.png
c:\windows\SysWow64\App\AppInfo\appicon_16.png
c:\windows\SysWow64\App\AppInfo\appicon_32.png
c:\windows\SysWow64\App\AppInfo\appinfo.ini
c:\windows\SysWow64\App\AppInfo\installer.ini
c:\windows\SysWow64\App\Chrome-bin\chrome.exe
c:\windows\SysWow64\App\Chrome-bin\First Run
c:\windows\SysWow64\App\Chrome-bin\wow_helper.exe
c:\windows\SysWow64\App\DefaultData\profile\Default\Bookmarks
c:\windows\SysWow64\App\DefaultData\profile\Default\History
c:\windows\SysWow64\App\DefaultData\profile\Default\Preferences
c:\windows\SysWow64\App\DefaultData\profile\Default\Thumbnails
c:\windows\SysWow64\App\DefaultData\profile\Default\Top Sites
c:\windows\SysWow64\App\readme.txt
c:\windows\SysWow64\GoogleChromePortable.exe
c:\windows\SysWow64\help.html
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-03 bis 2012-01-03 ))))))))))))))))))))))))))))))
.
.
2012-01-03 21:46 . 2012-01-03 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 15:55 . 2012-01-02 15:55 -------- d-----w- C:\_OTL
2011-12-29 17:05 . 2011-12-29 17:05 -------- d-----w- c:\users\Ch3lios\AppData\Roaming\Malwarebytes
2011-12-29 17:05 . 2011-12-29 17:05 -------- d-----w- c:\programdata\Malwarebytes
2011-12-29 17:05 . 2011-12-29 17:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-29 17:05 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-24 12:57 . 2011-12-24 12:58 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2011-12-24 12:54 . 2012-01-03 20:33 -------- d-----w- c:\users\Ch3lios\AppData\Roaming\KeePass
2011-12-24 12:49 . 2011-12-24 12:49 -------- d-----w- c:\program files (x86)\KeePass Password Safe
2011-12-23 09:35 . 2011-12-23 09:35 -------- d-----w- c:\users\Ch3lios\AppData\Local\Evernote
2011-12-23 09:34 . 2011-12-23 09:34 -------- d-----w- c:\program files (x86)\Evernote
2011-12-22 12:42 . 2011-12-22 12:42 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-21 14:57 . 2011-12-21 14:57 -------- d-----w- c:\users\Ch3lios\AppData\Roaming\XBMC
2011-12-21 14:56 . 2011-12-21 14:56 -------- d-----w- c:\program files (x86)\XBMC
2011-12-21 06:45 . 2011-12-22 17:25 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-21 06:45 . 2011-12-21 06:45 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-21 06:45 . 2011-12-21 06:45 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-21 06:45 . 2011-12-21 06:45 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-20 16:21 . 2011-12-20 16:21 -------- d-----w- c:\users\Ch3lios\AppData\Local\DDMSettings
2011-12-19 06:35 . 2011-11-28 16:05 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-12-19 06:35 . 2011-12-19 07:28 -------- d-----w- c:\users\Ch3lios\AppData\Roaming\TuneUp Software
2011-12-19 06:35 . 2011-12-19 06:35 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2011-12-19 06:34 . 2011-12-19 06:35 -------- d-----w- c:\programdata\TuneUp Software
2011-12-19 06:34 . 2011-12-19 06:34 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-12-17 16:58 . 2011-12-17 16:58 -------- d-----w- c:\program files\DIFX
2011-12-17 16:58 . 2011-12-17 16:58 -------- d-----w- c:\program files (x86)\AMD
2011-12-17 16:58 . 2009-04-03 05:39 34872 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-12-17 16:56 . 2009-05-04 16:30 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2011-12-17 16:02 . 2011-12-21 14:51 -------- d-----w- c:\users\Ch3lios\AppData\Local\eSupport.com
2011-12-17 16:02 . 2011-12-17 16:02 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-12-17 15:43 . 2011-12-17 15:43 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-12-17 15:41 . 2011-10-18 12:55 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2011-12-17 15:40 . 2009-11-17 17:12 108960 ----a-w- c:\windows\system32\AERTAR64.dll
2011-12-17 15:40 . 2010-07-22 15:37 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2011-12-17 14:16 . 2011-09-29 16:30 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-12-17 14:16 . 2011-09-29 16:30 646248 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-12-17 14:02 . 2011-12-17 14:02 -------- d-----w- c:\programdata\ATI
2011-12-17 14:01 . 2011-12-17 14:01 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-16 22:34 . 2011-12-16 22:34 -------- d-----w- c:\program files (x86)\GameSave Manager 2
2011-12-14 14:18 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 14:18 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 14:18 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 14:18 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 14:18 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 14:17 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 13:16 . 2011-12-13 13:15 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-09 06:07 . 2011-12-09 06:07 -------- d-----w- c:\program files\iPod
2011-12-09 06:07 . 2011-12-09 06:07 -------- d-----w- c:\program files\iTunes
2011-12-09 06:07 . 2011-12-09 06:07 -------- d-----w- c:\program files (x86)\iTunes
2011-12-08 16:31 . 2011-12-08 16:31 -------- d-----w- c:\users\Ch3lios\AppData\Roaming\JonDo
2011-12-08 15:31 . 2011-12-08 15:31 271424 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-08 15:31 . 2011-12-08 15:33 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2011-12-08 15:31 . 2011-12-08 15:36 -------- d-----w- c:\users\Ch3lios\AppData\Roaming\DAEMON Tools Pro
2011-12-08 15:31 . 2011-12-08 15:31 -------- d-----w- c:\programdata\DAEMON Tools Pro
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 10:35 . 2011-01-28 14:05 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-22 10:35 . 2011-01-27 06:22 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-21 15:39 . 2011-01-27 06:22 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-13 13:15 . 2011-01-25 19:45 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-13 10:01 . 2011-01-26 14:32 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-12-12 06:31 . 2011-05-13 11:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 16:37 . 2011-01-25 20:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-28 16:04 . 2011-10-11 12:39 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-11-28 16:04 . 2011-10-11 12:39 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-11-10 03:15 . 2011-04-28 16:59 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 02:51 . 2011-04-28 16:59 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 02:18 . 2011-04-28 16:59 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:11 . 2011-05-12 05:53 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-09 21:39 . 2011-11-09 21:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-09 21:39 . 2011-11-09 21:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-09 21:37 . 2011-11-09 21:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-30 18:47 . 2011-06-17 17:09 191456 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2011-10-25 20:21 . 2011-10-25 20:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-21 19:16 . 2011-10-21 19:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2011-10-21 19:15 . 2011-10-21 19:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2011-10-21 19:12 . 2011-10-21 19:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-21 19:07 . 2011-10-21 19:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-10-12 15:14 . 2011-10-12 15:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-06 05:08 . 2011-04-12 17:55 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [2011-12-14 5407850]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-10-19 1807360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WMDrive;WMDrive;c:\users\Ch3lios\Documents\Portable Appz\WinMountPortable\App\SysDir_64\drivers\WMDrive.sys [x]
R3 ALSysIO;ALSysIO;c:\users\SCRAPP~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;e:\win7 steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 MTSBDA;TechniSat SkyStar HD2;c:\windows\system32\Drivers\MtsBda.sys [x]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
R4 DVBLinkServer2;DVBLink Server;c:\program files (x86)\DVBLogic\DVBLink2\DVBLinkServer.exe [2010-06-16 1889280]
R4 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-14 1156216]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111228.001\IDSvia64.sys [2011-09-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-28 2123584]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dvblinkcap;DVBLink Capture #1;c:\windows\system32\DRIVERS\dvblinkcap.sys [x]
S3 dvblinkcap2;DVBLink Capture #2;c:\windows\system32\DRIVERS\dvblinkcap2.sys [x]
S3 dvblinkcap3;DVBLink Capture #3;c:\windows\system32\DRIVERS\dvblinkcap3.sys [x]
S3 dvblinkcap4;DVBLink Capture #4;c:\windows\system32\DRIVERS\dvblinkcap4.sys [x]
S3 dvblinktun;DVBLink Tuner #1;c:\windows\system32\DRIVERS\dvblinktun.sys [x]
S3 dvblinktun2;DVBLink Tuner #2;c:\windows\system32\DRIVERS\dvblinktun2.sys [x]
S3 dvblinktun3;DVBLink Tuner #3;c:\windows\system32\DRIVERS\dvblinktun3.sys [x]
S3 dvblinktun4;DVBLink Tuner #4;c:\windows\system32\DRIVERS\dvblinktun4.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-19 138360]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-24 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 21:30]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 21:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An OneNote s&enden - c:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Mit FRITZ!Box Anrufen
IE: Mit FRITZ!Box Anrufen\Flags
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
FF - ProfilePath - c:\users\Ch3lios\AppData\Roaming\Mozilla\Firefox\Profiles\289kda8r.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4444
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4444
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 4444
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4444
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MDT - c:\windows\iun6002.exe
AddRemove-LastPass - c:\program files (x86)\LastPass\lastpass.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3516327137-1554180638-320567922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3516327137-1554180638-320567922-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-3516327137-1554180638-320567922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3516327137-1554180638-320567922-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-3516327137-1554180638-320567922-1000\Software\SecuROM\License information*]
"datasecu"=hex:3e,5f,1f,b0,6d,3f,e5,48,84,f8,d6,a0,64,06,5d,51,9e,44,9d,99,47,
cb,42,32,cd,68,e2,36,78,6d,01,ff,33,35,4b,7b,82,a1,2a,6a,f4,1e,3f,28,95,16,\
"rkeysecu"=hex:3a,e0,fa,bb,b9,b2,dd,49,ad,36,6a,95,31,b4,1c,3d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\07\0c))?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-03 22:55:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-03 21:55
.
Vor Suchlauf: 2.941.124.608 Bytes frei
Nach Suchlauf: 3.431.878.656 Bytes frei
.
- - End Of File - - D31FF2EBB844B5B558F81493F4A9B196
MFG
Ch3lios |
