ComboFix Log: Code:
ComboFix 11-01-19.03 - *** 20.01.2011 11:36:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1667 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\settings.reg
c:\windows\system32\Data
c:\windows\system32\muzapp.exe
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((( Dateien erstellt von 2010-12-20 bis 2011-01-20 ))))))))))))))))))))))))))))))
.
2011-01-20 09:03 . 2011-01-20 09:03 -------- d-----w- C:\_OTL
2011-01-20 06:51 . 2011-01-20 06:51 -------- d-----w- c:\programme\VS Revo Group
2011-01-19 14:51 . 2011-01-19 14:51 388096 ----a-r- c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-19 07:45 . 2011-01-19 07:45 -------- d-----w- c:\programme\ERUNT
2011-01-16 17:07 . 2011-01-16 19:26 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\.minecraft
2011-01-15 13:46 . 2011-01-15 13:46 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\TeamViewer
2011-01-05 10:02 . 2011-01-05 10:02 -------- d-----w- c:\windows\system32\config\systemprofile\Anwendungsdaten\Application Updater
2011-01-05 10:02 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-01-05 10:02 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-01-05 10:02 . 2011-01-05 10:03 -------- d-----w- c:\programme\PDFCreator
2011-01-05 10:02 . 1998-07-06 16:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2011-01-05 10:02 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2011-01-05 10:02 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2011-01-05 10:02 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-01-03 16:00 . 2004-06-02 12:19 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-01-03 16:00 . 2004-05-30 11:13 106609 ----a-w- c:\windows\system32\MaJUtilLib.dll
2011-01-03 16:00 . 2004-03-22 08:14 49152 ----a-r- c:\windows\system32\MaJGUILib.dll
2011-01-03 15:53 . 2011-01-03 15:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\DataCast
2011-01-03 15:53 . 2011-01-03 15:53 -------- d-----w- c:\programme\MarkAny
2011-01-03 15:53 . 2011-01-03 15:53 -------- d-----w- c:\programme\Samsung
2011-01-03 15:52 . 2011-01-03 15:52 -------- d-----w- C:\Manual-PCProgram
2011-01-03 15:38 . 2011-01-03 15:38 -------- d-----w- c:\programme\Windows Media Connect 2
2011-01-03 15:24 . 2011-01-03 15:24 -------- d-----w- c:\programme\7-Zip
2010-12-30 08:08 . 2010-12-30 08:08 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Unity
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-03 15:52 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 11:56 . 2010-12-18 16:09 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-20 17:09 . 2010-11-05 09:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-05 09:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 17:13 . 2010-12-18 16:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-12 17:53 . 2010-04-17 11:19 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-09-04 15:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
------- Sigcheck -------
[-] 2010-07-20 09:54 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-07-20 09:54 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2010-07-20 09:54 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
[-] 2009-11-04 12:27 . 18747FCB2508EEEC79415B32F63F3654 . 36864 . . [------] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programme\RocketDockCopy\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-07-20 24064]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 10:08 397312 ------w- c:\programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 11:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-21 22:14 1242448 ----a-w- c:\programme\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- c:\programme\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Garena\\Garena.exe"=
"d:\\Sacred 2\\system\\s2gs.exe"=
"d:\\Sacred 2\\system\\sacred2.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\Programme\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Steam\\steamapps\\k1ll0rchic\\day of defeat\\hl.exe"=
"c:\\Programme\\Steam\\steamapps\\k1ll0rchic\\opposing force\\hl.exe"=
"c:\\Programme\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\LoL\\air\\LolClient.exe"=
"d:\\LoL\\game\\League of Legends.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"58631:TCP"= 58631:TCP:Pando Media Booster
"58631:UDP"= 58631:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6963:TCP"= 6963:TCP:League of Legends Launcher
"6963:UDP"= 6963:UDP:League of Legends Launcher
"57335:TCP"= 57335:TCP:Pando Media Booster
"57335:UDP"= 57335:UDP:Pando Media Booster
"6989:TCP"= 6989:TCP:League of Legends Launcher
"6989:UDP"= 6989:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6947:TCP"= 6947:TCP:League of Legends Launcher
"6947:UDP"= 6947:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6954:TCP"= 6954:TCP:League of Legends Launcher
"6954:UDP"= 6954:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [20.01.2010 12:28 295432]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.12.2010 17:09 135336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 10:16 1107336]
R3 ChyWDMKb;Cherry Universal Treiber;c:\windows\system32\drivers\ChyWDMKb.sys [13.07.2001 08:27 108900]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.12.2010 10:39 136176]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\***\LOKALE~1\Temp\QFJ44.tmp --> c:\dokume~1\***\LOKALE~1\Temp\QFJ44.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena\plugins\UI\safedrv.sys --> d:\garena\plugins\UI\safedrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.11.2009 13:19 691696]
.
Inhalt des "geplante Tasks" Ordners
2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-12 09:39]
2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-12 09:39]
2011-01-20 c:\windows\Tasks\User_Feed_Synchronization-{8B15D663-F94E-4F32-8396-8480C63A6740}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\sqp1emyf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Strata40: Strata40@SpewBoy.au - %profile%\extensions\Strata40@SpewBoy.au
FF - Ext: StrataBuddy: StrataBuddy@ReduxTeam - %profile%\extensions\StrataBuddy@ReduxTeam
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: FlashFirebug: flashfirebug@o-minds.com - %profile%\extensions\flashfirebug@o-minds.com
FF - Ext: LT-FFA-001: lt001ffa@lamda-t.de - %profile%\extensions\lt001ffa@lamda-t.de
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Notify-AtiExtEvent - (no file)
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-20 11:41
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\***\LOKALE~1\Temp\QFJ44.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1957994488-1801674531-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:85,21,35,0e,89,54,49,10,05,f4,08,d9,25,32,07,12,49,78,2d,bb,ff,
dd,6d,6a,77,51,b7,43,b9,21,ee,8c,20,98,06,e5,b3,82,e6,2a,52,c3,6a,6c,e5,9c,\
"rkeysecu"=hex:a4,4d,66,4c,b8,10,60,d4,fd,e0,53,1a,11,36,de,10
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="983DF584DB8F46E83F013CF6F06EAE142B22A5CF277B9F020FAAC068EF6B6DDDEFF244F0CA90A002562378A79A6A4D7C3DD2FD25424536A0E324CDB71664BEA85E049E4D9E4533EA036B90EA27EB5BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A2D97226D213B5558EDD5E5BE2F6E667A3DC9620EB76E03C6AAF06100F2A973F241584C2259670BD4ECD34415CF6812D76F5E21226C0FE2F6A7859F038B30DA901BBA6C2933B9C2CE4B211E31F9F5B247CB205C7D385B05BD99D9FE1F63ECA563D534365606843702A84BF4D5E6146D50745863E1585D4455074F4AE01BE13A35A7826657E67A6E528C35CC5637BA4BC4832F66BAC93902249A97918B5BD69A6BD1B21708297CB9CCEC50A851FBF1C06585369368319485CA73A51D4935A152632FE872AA76AFAD96D33ECBF23971892B2D673FAA592AA922E7A230C42C3231E62BAB3274A66C196BC873093A57CC4F736BE308AC18FA21805101B5B8940633CE03C8071EDA572FE5795019A83FE940126603EA7AD3567F2B9F6E7D3D529E966A441CF08B6569F72B98010DEBA423FAAAA65BF0B603A6D5EBBFBBEFA386C8EB3845E07DB703CA508484193DFEDFBBD254E4DDC60F36D70475F44D549E5096EED40FB8C53882B1E0647A5468FE37ACED701673FC82B2CF051DDC46A2D37176996F754CD48100FED69E3CCE3D5081AF35B16DA94D7E8ECAF52D2C83B85A93E23E030793D893C66B7E3A92E300DE84FF3FC45A1911434B6B6563FEF8BA8DDBB033354CCCCD869C164588D8F6F06B9A1583F2A88EBFA3A264E1A072B245E98E0B7A9B087F7EB14C92360E40FEA81D12B70D642B1DD7CC96C081274C3CE654414AE14F635396DDD36E3C8E91E7138AA9D4DACF213A5FCD74CB5E1B0525DED6BCC9EF63CB411F98E57DB10BA00D4D3E3B9446083760852FA1FEDE6CE46A19CBF1BFD877ABB06A40D0F84ED5A4FE8F3C1D771C11E7AC84B70D00D2F41E2F40C979D08B28E509F73E8D21AC72FF6892DA8E33256D38FB52718E0B2FA623E32476A093F97B9CE6A60D32D1FBC0339920326DBA8D8177B9B9974E54043ED4438CF542AE68AA16777D8A4BD589B842AE6F36754BA36BE594CC9AF855EB182B26B1C98DB8612509DDA4053B44EE847336BEC3EF2930F079520D4927D77A5A61C34939A0F6AE9B2C82E6B00D9CD5EBF8F0A52A47420BA8F72F1CA109DBA30C2687C93624A248299158CA4E907E9E7C8D031F9B3A792415B869E2FB94A1B9822D1366E1F2606FD3B0298AAF92975A5A2DD51AF2A6F61DF51B98A7A497CD0D875E5D266A04FA8B531E3F52E38C58B6DEC6BE0B26B444709BDCB1B97993F5621D10ACA385B09E8B277E1CC56D1EF8746B00AD834FDAFC1E24F"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(3528)
c:\programme\RocketDockCopy\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-20 11:44:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-20 10:44
Vor Suchlauf: 4.844.118.016 Bytes frei
Nach Suchlauf: 4.729.819.136 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 11EE04525DD1566F11132698E90AA80A Nun ist Antivir nicht mehr im Tray, im Sicherheitscenter ist der Virenschutz aber auf aktiv. In den Eigenschaften der Taskleiste sollte Avira Antivir eigentlich immer eingeblendet sein.. nu kaputt? :/ Mal deinstallieren und wieder neuinstallieren? |