ComboFix 10-01-14.01 - Axel FF 14.01.2010 20:17:03.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1918.1188 [GMT 1:00] ausgeführt von:: c:\users\Axel FF\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk c:\users\Axel FF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk c:\windows\system32\SIntf16.dll . ((((((((((((((((((((((( Dateien erstellt von 2009-12-14 bis 2010-01-14 )))))))))))))))))))))))))))))) . 2010-01-14 19:28 . 2010-01-14 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-14 19:28 . 2010-01-14 19:28 -------- d-----w- c:\users\Axel FF\AppData\Local\temp 2010-01-14 18:20 . 2010-01-14 18:20 -------- d-----w- c:\program files\Common Files\Java 2010-01-14 18:19 . 2010-01-14 18:19 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-14 18:19 . 2010-01-14 18:19 -------- d-----w- c:\program files\Java 2010-01-14 17:17 . 2010-01-14 18:03 -------- d-----w- c:\users\Axel FF\AppData\Local\ElevatedDiagnostics 2010-01-13 03:13 . 2010-01-13 03:13 388096 ----a-r- c:\users\Axel FF\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-13 03:13 . 2010-01-13 03:13 -------- d-----w- c:\program files\TrendMicro 2010-01-13 02:11 . 2010-01-13 02:11 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll 2010-01-13 02:11 . 2010-01-13 02:11 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll 2010-01-13 02:11 . 2010-01-13 02:11 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll 2010-01-13 02:11 . 2010-01-13 02:11 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll 2010-01-13 02:11 . 2010-01-13 02:11 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll 2010-01-13 02:09 . 2010-01-13 02:09 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-01-13 02:09 . 2010-01-13 02:09 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-01-13 01:58 . 2010-01-13 01:58 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-01-13 01:58 . 2010-01-13 01:58 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-01-13 01:57 . 2010-01-13 01:57 -------- d-----w- c:\program files\Kaspersky Lab 2010-01-13 01:07 . 2010-01-13 01:07 -------- d-----w- c:\users\Axel FF\AppData\Roaming\Malwarebytes 2010-01-13 01:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-13 01:06 . 2010-01-13 01:06 -------- d-----w- c:\programdata\Malwarebytes 2010-01-13 01:06 . 2010-01-14 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-13 01:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-12 21:31 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll 2010-01-12 21:31 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll 2010-01-12 08:14 . 2010-01-14 09:41 -------- d-----w- C:\filme 2010-01-05 23:23 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2010-01-05 22:14 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-05 21:31 . 2010-01-14 17:05 -------- d-----w- c:\programdata\Kaspersky Lab 2010-01-05 21:30 . 2010-01-13 01:55 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2010-01-01 14:35 . 2010-01-01 14:36 -------- d-----w- c:\program files\CCleaner 2010-01-01 14:29 . 2010-01-01 14:29 -------- d-----w- c:\program files\Trend Micro 2010-01-01 14:26 . 2010-01-14 16:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-01-01 14:26 . 2010-01-01 14:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-19 08:11 . 2009-12-19 08:11 249888 ----a-w- c:\windows\system32\drivers\Rt86win7.sys 2009-12-17 20:14 . 2009-12-17 20:14 -------- d-----w- c:\users\Axel FF\AppData\Roaming\Lavasoft 2009-12-17 20:14 . 2009-12-17 20:14 -------- d-----w- c:\program files\Lavasoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-14 17:06 . 2009-10-27 21:09 -------- d-----w- c:\users\Axel FF\AppData\Roaming\Skype 2010-01-14 15:42 . 2009-10-27 21:10 -------- d-----w- c:\users\Axel FF\AppData\Roaming\skypePM 2010-01-14 11:15 . 2009-10-30 11:48 1195328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-01-14 06:58 . 2009-10-28 13:24 -------- d-----w- c:\users\Axel FF\AppData\Roaming\vlc 2010-01-14 05:38 . 2009-10-31 05:22 1 ----a-w- c:\users\Axel FF\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-13 17:12 . 2009-10-27 23:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2010-01-13 16:16 . 2009-10-28 11:21 -------- d-----w- c:\programdata\LogiShrd 2010-01-12 23:14 . 2009-10-27 22:42 -------- d-----w- c:\users\Axel FF\AppData\Roaming\uTorrent 2010-01-08 20:52 . 2009-07-14 08:47 643866 ----a-w- c:\windows\system32\perfh007.dat 2010-01-08 20:52 . 2009-07-14 08:47 126394 ----a-w- c:\windows\system32\perfc007.dat 2010-01-05 21:32 . 2009-10-27 19:39 -------- d-----w- c:\programdata\avg9 2009-12-27 23:51 . 2009-10-28 00:40 -------- d-----w- c:\program files\Google 2009-12-27 18:24 . 2009-10-27 23:44 1162048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-21 21:50 . 2009-12-15 10:52 -------- d-----w- c:\program files\Gigaflat 2009-12-21 21:50 . 2009-10-28 11:18 -------- d-----w- c:\program files\Common Files\logishrd 2009-12-06 18:07 . 2009-12-06 17:51 -------- d-----w- c:\program files\AT&T WorldNet Setup 2009-12-06 17:57 . 2009-10-27 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-06 17:55 . 2009-12-06 17:49 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-12-06 17:55 . 2009-12-06 17:49 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-12-06 17:51 . 2009-12-06 17:51 -------- d-----w- c:\program files\directx 2009-12-04 17:17 . 2009-12-04 17:17 -------- d-----w- c:\users\Axel FF\AppData\Roaming\Novosoft 2009-12-04 17:17 . 2009-12-04 17:17 -------- d-----w- c:\program files\Novosoft 2009-12-04 16:51 . 2009-12-04 16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf 2009-12-04 16:43 . 2009-12-04 16:43 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-12-04 16:43 . 2009-12-04 16:43 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-12-04 16:43 . 2009-12-04 16:43 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2009-12-04 16:42 . 2009-12-04 16:42 -------- d-----w- c:\program files\Sony Ericsson 2009-12-03 08:27 . 2009-12-03 08:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll 2009-12-03 08:27 . 2009-12-03 08:27 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2009-11-18 19:35 . 2009-11-18 19:35 -------- d-----w- c:\programdata\TVU Networks 2009-11-17 13:14 . 2009-11-17 13:14 -------- d-----w- c:\program files\Ikanos Consulting 2009-11-17 12:25 . 2009-11-17 12:25 -------- d-----w- c:\program files\Replay Media Catcher 2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe 2009-11-09 23:31 . 2009-11-09 23:31 143976 ----a-w- c:\users\Axel FF\AppData\Roaming\Move Networks\uninstall.exe 2009-11-09 23:31 . 2009-10-16 04:45 5646272 ----a-w- c:\users\Axel FF\AppData\Roaming\Move Networks\plugins\npqmp071701000008.dll 2009-11-05 04:51 . 2009-11-05 04:51 376832 ----a-w- c:\windows\system32\drivers\RTL8187B.sys 2009-11-03 15:33 . 2009-11-03 15:33 21520 ----a-w- c:\windows\system32\drivers\klim6.sys 2009-10-31 05:39 . 2009-10-27 19:35 61736 ----a-w- c:\users\Axel FF\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-30 11:48 . 2009-10-30 11:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2009-10-29 07:22 . 2009-11-26 07:54 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-27 21:10 . 2009-10-27 21:10 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-10-27 14:13 . 2009-10-27 14:13 0 ----a-w- c:\windows\ativpsrm.bin 2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TMController"="c:\windows\system32\TMController.exe" [2006-08-24 184396] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 280576] c:\users\Axel FF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [14.10.2009 20:18 36880] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [03.11.2009 16:33 21520] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.07.2009 00:52 48128] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [01.01.2010 15:26 1153368] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [02.10.2009 18:39 19472] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [19.12.2009 09:11 249888] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [05.11.2009 05:51 376832] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [04.12.2009 17:43 13224] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.10.2009 01:40 133104] . Inhalt des "geplante Tasks" Ordners 2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 19:35] 2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 19:35] 2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1828615978-1968631393-1071744258-1001Core.job - c:\users\Axel FF\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-27 19:35] 2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1828615978-1968631393-1071744258-1001UA.job - c:\users\Axel FF\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-27 19:35] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.spiegel.de/ IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm FF - ProfilePath - c:\users\Axel FF\AppData\Roaming\Mozilla\Firefox\Profiles\gvklkiu9.default\ FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Axel FF\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\users\Axel FF\AppData\Roaming\Move Networks\plugins\npqmp071701000008.dll FF - plugin: c:\users\Axel FF\AppData\Roaming\Mozilla\Firefox\Profiles\gvklkiu9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - true. - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-uTorrent - d:\torrent\uTorrent.exe . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2010-01-14 20:35:18 ComboFix-quarantined-files.txt 2010-01-14 19:35 Vor Suchlauf: 7 Verzeichnis(se), 50.981.507.072 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 54.858.522.624 Bytes frei - - End Of File - - 5BE96AFD6D5519DBFB836D7104BCEA13