ComboFix 09-12-30.04 - Purple Haze 31.12.2009 14:51:11.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2351 [GMT 1:00] ausgeführt von:: c:\users\Purple Haze\Desktop\Combo-Fix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe c:\users\Purple Haze\AppData\Roaming\Desktopicon c:\users\Purple Haze\AppData\Roaming\Desktopicon\config.ini c:\windows\system32\drivers\H8SRTcgmfqcipwi.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\H8SRTcostyxnipw.dat c:\windows\system32\H8SRTopaweeqnmk.dll c:\windows\system32\H8SRTprxhiibgrj.dll c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\SIntf16.dll c:\windows\system32\srcr.dat c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_H8SRTd.sys -------\Service_H8SRTd.sys -------\Service_NPF ((((((((((((((((((((((( Dateien erstellt von 2009-11-28 bis 2009-12-31 )))))))))))))))))))))))))))))) . 2009-12-31 14:06 . 2009-12-31 14:13 -------- d-----w- c:\users\Purple Haze\AppData\Local\temp 2009-12-31 14:06 . 2009-12-31 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-31 11:12 . 2009-12-31 11:12 -------- d-----w- c:\users\Purple Haze\AppData\Roaming\Malwarebytes 2009-12-31 11:11 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-31 11:11 . 2009-12-31 11:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-31 11:11 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 10:01 . 2009-12-31 10:01 -------- d-----w- c:\program files\Trend Micro 2009-12-24 00:28 . 2009-12-24 00:28 -------- d-----w- c:\users\Purple Haze\AppData\Roaming\CyberLink 2009-12-10 05:18 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-10 05:18 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-10 05:18 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-30 21:24 . 2009-08-12 05:35 -------- d-----w- c:\program files\Steam 2009-12-30 00:37 . 2009-08-12 05:35 -------- d-----w- c:\program files\Common Files\Steam 2009-12-29 23:34 . 2009-03-05 13:57 -------- d-----w- c:\users\Purple Haze\AppData\Roaming\teamspeak2 2009-12-24 00:59 . 2009-04-27 09:25 -------- d-----w- c:\program files\Warcraft III 2009-12-20 17:05 . 2009-05-03 20:18 -------- d-----w- c:\users\Purple Haze\AppData\Roaming\vlc 2009-12-17 15:19 . 2008-11-24 17:37 729356 ----a-w- c:\windows\system32\perfh007.dat 2009-12-17 15:19 . 2008-11-24 17:37 166818 ----a-w- c:\windows\system32\perfc007.dat 2009-12-11 20:44 . 2009-04-27 09:28 107756 ----a-w- c:\windows\War3Unin.dat 2009-12-10 12:45 . 2009-03-05 12:57 -------- d-----w- c:\users\Purple Haze\AppData\Roaming\ICQ 2009-12-07 14:41 . 2009-04-30 12:12 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-22 21:20 . 2009-11-22 14:25 -------- d-----w- c:\program files\MOUSE Editor 2009-11-22 14:26 . 2008-12-10 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-21 06:40 . 2009-12-09 05:16 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 05:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-09 05:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-09 05:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-15 00:05 . 2009-03-16 16:11 -------- d-----w- c:\users\Purple Haze\AppData\Roaming\uTorrent 2009-11-10 05:38 . 2009-11-10 05:37 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-11-10 05:38 . 2009-07-16 03:57 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-11-10 05:38 . 2009-04-16 10:22 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-08 17:26 . 2009-08-12 05:41 1126 ----a-w- c:\users\Purple Haze\AppData\Roaming\wklnhst.dat 2009-11-06 07:05 . 2009-10-12 17:58 -------- d-----w- c:\users\Purple Haze\AppData\Roaming\Any Video Converter 2009-11-02 19:42 . 2009-10-03 07:33 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-31 13:40 . 2009-03-05 15:46 215104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-31 13:08 . 2009-03-05 15:46 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-29 09:17 . 2009-11-26 05:11 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-07 11:36 . 2009-12-09 05:16 243712 ----a-w- c:\windows\system32\rastls.dll 2009-02-20 12:37 . 2009-09-06 18:12 20480 ----a-w- c:\program files\xlive_start.exe 2009-02-20 12:35 . 2009-09-06 18:12 27959 ----a-w- c:\program files\vitality.nfo 2009-02-20 12:32 . 2009-09-06 18:12 99648 ----a-w- c:\program files\Platform.dll 2009-02-19 09:31 . 2009-09-06 18:12 24 ----a-w- c:\program files\locale.ini 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-11-12 13:12 . 2008-11-12 13:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408] "Google Update"="c:\users\Purple Haze\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-19 133104] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "OscarEditor"="c:\program files\MOUSE Editor\MouseEditor.exe" [2009-06-16 3317248] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):25,7e,a6,26,f3,41,ca,01 R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [30.04.2009 13:12 108289] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [24.08.2009 15:51 185640] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [28.11.2008 15:06 554496] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.07.2008 01:27 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.07.2008 01:49 242712] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.07.2008 01:27 369688] . Inhalt des "geplante Tasks" Ordners 2009-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582503037-908167360-2717358082-1000Core.job - c:\users\Purple Haze\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-19 07:45] 2009-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582503037-908167360-2717358082-1000UA.job - c:\users\Purple Haze\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-19 07:45] 2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job - c:\windows\system32\msfeedssync.exe [2009-12-09 04:59] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://youtube.com/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 FF - ProfilePath - c:\users\Purple Haze\AppData\Roaming\Mozilla\Firefox\Profiles\vop9b2ct.default\ FF - component: c:\users\Purple Haze\AppData\Roaming\Mozilla\Firefox\Profiles\vop9b2ct.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\users\Purple Haze\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-31 15:13 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2582503037-908167360-2717358082-1000\Software\SecuROM\License information*] "datasecu"=hex:2b,cc,0f,c4,bd,fa,d0,34,3a,b1,b7,1e,f6,d2,50,ad,8e,02,ca,e5,97, bf,14,53,4a,3e,c3,69,07,0c,b1,5d,d6,45,09,90,c1,84,48,48,fb,76,83,d7,db,d6,\ "rkeysecu"=hex:97,cb,b6,96,82,c5,d7,45,79,11,a0,1a,aa,b1,61,35 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-12-31 15:17:34 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-12-31 14:17 Vor Suchlauf: 14 Verzeichnis(se), 175.203.958.784 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 177.558.962.176 Bytes frei - - End Of File - - 0ACA732D2876F0FEBFF1C923C7DAA635