ComboFix 10-05-19.02 - Andreas 20.05.2010 15:51:51.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3062.1723 [GMT 2:00] ausgeführt von:: c:\users\Andreas\Desktop\test.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Images c:\images\3da.jpg c:\images\ts_back2.gif c:\windows\system32\%appdata% c:\windows\system32\drivers\jokcc.sys c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . Nicht in der Lage zu löschen . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ebwjdjmi ((((((((((((((((((((((( Dateien erstellt von 2010-04-20 bis 2010-05-20 )))))))))))))))))))))))))))))) . 2010-05-20 14:00 . 2010-05-20 14:00 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-05-20 13:58 . 2010-05-20 14:01 -------- d-----w- c:\users\Andreas\AppData\Local\temp 2010-05-20 13:58 . 2010-05-20 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-20 12:37 . 2010-05-06 08:36 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-20 10:21 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys 2010-05-20 10:20 . 2010-05-20 10:20 -------- d-----w- c:\program files\AVG 2010-05-20 10:19 . 2010-05-20 10:20 -------- d-----w- c:\programdata\avg9 2010-05-20 08:32 . 2010-05-20 08:32 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2010-05-20 08:30 . 2010-05-20 08:38 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-05-20 08:30 . 2010-05-20 08:38 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-05-20 08:28 . 2010-05-20 11:43 -------- d-----w- c:\programdata\Kaspersky Lab 2010-05-20 08:28 . 2010-05-20 08:28 -------- d-----w- c:\program files\Kaspersky Lab 2010-05-20 08:25 . 2010-05-20 08:25 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2010-05-20 08:22 . 2010-05-20 08:22 691 ----a-w- c:\windows\system32\pfdnnt_actions.sys 2010-05-20 08:20 . 2010-05-20 08:20 8704 ----a-w- c:\windows\system32\drivers\yqdpvyhdkpqr.sys 2010-05-20 08:17 . 2010-05-20 08:17 8704 ----a-w- c:\windows\system32\drivers\yegxolurgfjl.sys 2010-05-20 06:36 . 2010-05-20 06:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-05-20 06:35 . 2010-05-20 06:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-20 06:35 . 2010-05-20 06:35 -------- d-----w- c:\users\Andreas\AppData\Roaming\SUPERAntiSpyware.com 2010-05-20 06:34 . 2010-05-20 06:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-20 05:42 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-20 04:41 . 2010-05-20 04:41 -------- d-----w- c:\program files\PremiumSoft 2010-05-20 04:35 . 2009-07-10 10:43 1589248 ----a-w- c:\windows\system32\libmysql_d.dll 2010-05-19 16:47 . 2010-05-20 03:35 -------- d-----w- c:\users\Andreas\AppData\Local\Ares 2010-05-19 15:48 . 2010-05-20 08:05 -------- d-----w- c:\programdata\eMule 2010-05-19 15:39 . 2010-05-19 15:48 -------- d-----w- c:\users\Andreas\AppData\Roaming\Azureus 2010-05-19 15:39 . 2010-05-19 15:48 -------- d-----w- c:\program files\Vuze 2010-05-19 15:20 . 2010-05-19 15:20 -------- d-----w- c:\users\Andreas\AppData\Local\The_StealthNet_Team 2010-05-19 15:07 . 2010-05-19 15:07 -------- d-----w- c:\windows\FilePipe P2P 2010-05-19 15:07 . 2010-05-19 15:07 -------- d-----w- c:\program files\Conduit 2010-05-19 00:48 . 2010-05-20 08:06 -------- d-----w- c:\windows\uninstall 2010-05-18 22:38 . 1998-07-05 22:00 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL 2010-05-18 22:38 . 2003-01-11 22:53 163328 ----a-w- c:\windows\system32\VBEx32.DLL 2010-05-18 22:38 . 2000-10-01 21:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL 2010-05-18 22:38 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\Vb6stkit.dll 2010-05-18 22:38 . 1998-07-05 22:00 16896 ----a-w- c:\windows\system32\WINSKDE.DLL 2010-05-18 22:38 . 2003-01-20 09:32 12288 ----a-w- c:\windows\system32\scrrnde.dll 2010-05-18 22:38 . 2010-05-18 22:38 -------- d-----w- c:\program files\Vista Tweaking Tools 2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\program files\oZone3D 2010-05-17 21:45 . 2010-05-20 05:38 -------- d-----w- c:\program files\Call of Duty 4 - Modern Warfare 2010-05-17 20:12 . 2010-05-17 20:12 -------- d--h--w- c:\windows\PIF 2010-05-17 13:33 . 2010-05-17 13:38 -------- d-----w- c:\users\Andreas\AppData\Roaming\UseNeXT 2010-05-17 13:33 . 2010-05-17 13:33 -------- d-----w- c:\program files\UseNeXT 2010-05-17 11:57 . 2010-05-17 11:57 -------- d-----w- c:\program files\Sierra - Kopie 2010-05-17 07:03 . 2010-05-17 08:10 -------- d-----w- c:\program files\MOHPA 2010-05-17 03:36 . 2010-05-17 06:08 -------- d-----w- c:\program files\Garena 2010-05-17 03:09 . 2010-05-17 05:25 -------- d-----w- c:\program files\Left 4 Dead 2010-05-17 02:05 . 2010-05-17 02:05 -------- d-----w- c:\program files\Common Files\Thraex Software 2010-05-17 01:55 . 2010-05-17 06:17 -------- d-----w- c:\users\Andreas\AppData\Roaming\HLSW 2010-05-17 01:55 . 2010-05-17 01:55 -------- d-s---w- c:\program files\HLSW 2010-05-17 00:47 . 2010-05-17 01:03 -------- d-----w- c:\program files\Counter-Strike Source 2010-05-16 12:53 . 2010-05-16 12:53 -------- d-----w- c:\users\Andreas\AppData\Roaming\Uniblue 2010-05-16 06:39 . 2010-05-16 06:39 -------- d-----w- c:\program files\BillardGL 1.75 2010-05-16 06:02 . 2010-05-16 06:02 -------- d-----w- c:\program files\Pcsx2 2010-05-16 05:02 . 2010-05-17 02:05 -------- d-----w- c:\program files\playstation 2010-05-16 02:55 . 2010-05-16 02:55 -------- d-----w- c:\program files\IObit 2010-05-16 02:36 . 2010-05-17 06:13 -------- d-----w- c:\program files\Left4Dead 2010-05-15 23:57 . 2010-05-15 23:57 -------- d-----w- c:\program files\zoneLINK 2010-05-15 22:09 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll 2010-05-15 22:07 . 2010-05-15 22:07 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2010-05-15 19:19 . 2010-05-15 19:19 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-05-15 19:19 . 2010-05-15 19:21 -------- d-----w- c:\users\Andreas\AppData\Local\Google 2010-05-15 19:19 . 2010-05-15 19:21 -------- d-----w- c:\program files\Google 2010-05-15 19:18 . 2010-05-15 19:19 -------- d-----w- c:\program files\DivX 2010-05-15 19:18 . 2010-05-15 19:19 -------- d-----w- c:\programdata\DivX 2010-05-15 08:02 . 2009-10-02 20:34 1002008 ----a-w- c:\windows\system32\igxpun.exe 2010-05-15 06:45 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-05-15 06:44 . 2010-05-17 03:21 -------- d--h--w- c:\windows\msdownld.tmp 2010-05-15 06:16 . 2010-05-16 01:38 -------- d-----w- c:\program files\Ubisoft 2010-05-15 04:59 . 2010-05-15 04:59 -------- d-----w- c:\users\Andreas\AppData\Local\Activision 2010-05-15 01:56 . 2010-05-18 23:57 -------- d-----w- c:\program files\Activision 2010-05-14 20:42 . 2010-05-15 22:13 -------- d-----w- c:\program files\Spider-Man 2 2010-05-14 16:36 . 2010-05-14 16:36 2 --shatr- c:\windows\winstart.bat 2010-05-14 16:36 . 2010-05-14 17:03 -------- d-----w- c:\program files\UnHackMe 2010-05-14 16:20 . 2010-05-14 16:20 -------- d---a-w- c:\windows\rundll16.exe 2010-05-14 16:20 . 2010-05-14 16:20 -------- d---a-w- c:\windows\logo1_.exe 2010-05-14 16:12 . 2010-05-14 16:12 -------- d---a-w- c:\windows\VDLL.DLL 2010-05-14 16:12 . 2010-05-14 16:12 -------- d---a-w- c:\windows\system32\runouce.exe 2010-05-14 16:12 . 2010-05-14 16:12 -------- d---a-w- c:\windows\RUNDL132.EXE 2010-05-14 16:12 . 2010-05-14 16:12 -------- d---a-w- c:\windows\logo_1.exe 2010-05-14 16:09 . 2010-05-14 16:09 632064 ----a-w- c:\windows\system32\msvcr80.dll 2010-05-14 16:09 . 2010-05-14 16:09 554240 ----a-w- c:\windows\system32\msvcp80.dll 2010-05-14 16:09 . 2010-05-14 16:09 34048 ----a-w- c:\windows\system32\eEmpty.exe 2010-05-14 16:09 . 2010-05-14 16:09 -------- d-----w- c:\program files\Common Files\MicroWorld 2010-05-14 16:08 . 2010-05-14 16:09 -------- d-----w- c:\programdata\MicroWorld 2010-05-14 15:49 . 2010-05-14 15:49 -------- d-----w- c:\program files\CCleaner 2010-05-13 20:40 . 2010-05-13 20:40 -------- d-----w- c:\users\Andreas\AppData\Local\Apple Computer 2010-05-13 20:39 . 2010-05-13 20:39 -------- d-----w- c:\users\Andreas\AppData\Roaming\Apple Computer 2010-05-13 20:37 . 2010-05-13 20:37 -------- d-----w- c:\users\Andreas\AppData\Roaming\Media Player Classic 2010-05-13 20:35 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-05-13 20:35 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-05-13 20:35 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-05-13 20:35 . 2010-04-16 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-05-13 20:35 . 2010-05-13 20:36 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-13 19:13 . 2010-05-13 19:13 -------- d-----w- C:\clips 2010-05-13 16:51 . 2010-05-13 16:51 -------- d-----w- c:\program files\Groove Games 2010-05-13 14:34 . 2010-05-13 15:43 -------- d-----w- c:\program files\Land Of The Dead 2010-05-13 13:26 . 2010-05-14 05:14 -------- d-sh--w- c:\users\Andreas\AppData\Roaming\lowsec 2010-05-13 13:17 . 2010-05-13 13:24 -------- d-----w- c:\program files\Enter the Matrix (c) Infogrames 2010-05-13 13:17 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll 2010-05-13 01:36 . 2010-05-13 14:21 -------- d-----w- c:\program files\hulk 2010-05-12 22:42 . 2010-05-12 22:42 -------- d-----w- c:\users\Andreas\AppData\Roaming\Malwarebytes 2010-05-12 22:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-12 22:42 . 2010-05-12 22:42 -------- d-----w- c:\programdata\Malwarebytes 2010-05-12 22:42 . 2010-05-12 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-12 22:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-12 19:42 . 2004-08-22 00:52 81920 ----a-w- c:\windows\system32\lladrv.dll 2010-05-12 19:42 . 2004-08-22 00:21 73728 ----a-w- c:\windows\system32\lladrv.exe 2010-05-12 19:42 . 2004-08-22 00:16 32544 ----a-w- c:\windows\system32\drivers\lladrv.sys 2010-05-12 16:46 . 2010-05-12 16:46 -------- d-----w- c:\programdata\Trymedia 2010-05-12 15:50 . 2010-05-12 15:50 -------- d-----w- c:\program files\Mz_CpuAcc 2010-05-12 12:02 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-05-12 12:02 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-05-12 12:02 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-05-12 11:53 . 2009-01-18 15:19 3567 ----a-w- c:\windows\system32\drivers\porttalk.sys 2010-05-12 02:13 . 2010-05-12 02:13 -------- d-sh--w- c:\windows\ftpcache 2010-05-11 22:47 . 2010-05-11 22:47 -------- d-----w- c:\program files\uTorrent 2010-05-11 22:46 . 2010-05-17 21:49 -------- d-----w- c:\users\Andreas\AppData\Roaming\uTorrent 2010-05-11 22:15 . 2010-05-11 22:15 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-05-11 22:15 . 2010-05-11 22:15 -------- d--h--r- c:\users\Andreas\AppData\Roaming\SecuROM 2010-05-11 22:08 . 2010-05-12 16:44 -------- d-----w- c:\program files\Sierra 2010-05-11 21:18 . 2010-05-17 02:37 -------- d-----w- c:\program files\Common Files\Steam 2010-05-11 20:13 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll 2010-05-11 20:13 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll 2010-05-11 20:13 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-20 11:50 . 2008-04-16 11:11 618442 ----a-w- c:\windows\system32\perfh007.dat 2010-05-20 11:50 . 2008-04-16 11:11 122842 ----a-w- c:\windows\system32\perfc007.dat 2010-05-20 08:38 . 2010-05-20 08:38 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll 2010-05-20 08:38 . 2010-05-20 08:38 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll 2010-05-20 08:38 . 2010-05-20 08:38 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys 2010-05-20 08:38 . 2010-05-20 08:38 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll 2010-05-20 08:38 . 2010-05-20 08:38 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys 2010-05-20 08:38 . 2009-05-24 13:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2010-05-20 08:38 . 2010-05-20 08:38 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll 2010-05-20 08:38 . 2010-05-20 08:38 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll 2010-05-20 08:38 . 2010-05-20 08:38 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll 2010-05-20 08:38 . 2010-05-20 08:38 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys 2010-05-20 08:38 . 2010-05-20 08:38 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys 2010-05-20 06:37 . 2010-05-20 06:37 63488 ----a-w- c:\users\Andreas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-20 06:37 . 2010-05-20 06:37 52224 ----a-w- c:\users\Andreas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-20 06:37 . 2010-05-20 06:37 117760 ----a-w- c:\users\Andreas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-20 06:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-05-20 05:08 . 2010-05-20 05:08 16 ----a-w- c:\users\Andreas\AppData\Roaming\qvjsge.dat 2010-05-17 20:09 . 2010-05-15 22:07 22328 ----a-w- c:\users\Andreas\AppData\Roaming\PnkBstrK.sys 2010-05-17 20:09 . 2010-05-15 22:07 22328 ----a-w- c:\users\Andreas\AppData\Roaming\PnkBstrK.sys 2010-05-16 06:02 . 2010-05-16 06:02 12862 ----a-r- c:\users\Andreas\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe 2010-05-15 19:21 . 2010-05-15 19:21 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-15 19:19 . 2010-05-15 19:19 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-15 19:19 . 2010-05-15 19:19 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-05-15 19:19 . 2010-05-15 19:19 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-05-15 19:19 . 2010-05-15 19:19 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-05-15 19:19 . 2010-05-15 19:19 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-15 19:19 . 2010-05-15 19:19 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-05-15 19:18 . 2010-05-15 19:21 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-05-15 19:18 . 2010-05-15 19:18 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-15 19:18 . 2010-05-15 19:21 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-05-15 08:01 . 2010-05-09 11:28 680 ----a-w- c:\users\Andreas\AppData\Local\d3d9caps.dat 2010-05-11 15:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-05-11 15:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-05-11 15:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-05-11 15:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-05-11 15:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-05-11 15:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-05-11 15:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-26 21:30 . 2010-04-26 21:30 1216176 ----a-w- c:\users\Andreas\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe 2010-02-23 11:10 . 2010-05-10 06:28 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-23 11:10 . 2010-05-10 06:28 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-02-23 11:10 . 2010-05-10 06:28 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 06:39 . 2010-05-20 05:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-05-20 05:53 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-05-20 05:53 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-05-20 05:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *pfdnnt c:\windows\system32\pfdnnt_actions.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):39,3a,82,d6,21,f1,ca,01 R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336] R3 CRSICBZKXS;CRSICBZKXS;c:\users\Andreas\AppData\Local\Temp\CRSICBZKXS.exe [x] R3 GarenaPEngine;GarenaPEngine;c:\users\Andreas\AppData\Local\Temp\AOA2B06.tmp [x] R3 NSQWZDVMU;NSQWZDVMU;c:\users\Andreas\AppData\Local\Temp\NSQWZDVMU.exe [x] R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2009-01-18 3567] R3 TGB;TGB;c:\users\Andreas\AppData\Local\Temp\TGB.exe [x] R3 VRGAVGLOSE;VRGAVGLOSE;c:\users\Andreas\AppData\Local\Temp\VRGAVGLOSE.exe [x] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 135664] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-05-15 21008] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-06 68168] S2 lladrv;lladrv;c:\windows\system32\Drivers\lladrv.sys [2004-08-22 32544] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440] S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Andreas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0.sys [2010-05-11 14416] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - uefmfz HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 19:19] 2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 19:19] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8c8p4w2w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8c8p4w2w.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-20 16:02 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\Andreas\AppData\Local\Temp\AOA2B06.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uefmfz] . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-4215960297-907954673-812415898-1000\Software\SecuROM\License information*] "datasecu"=hex:f9,f1,6c,19,cc,c5,73,43,29,a1,e4,33,92,53,e2,57,d6,ab,a6,a2,54, b7,24,67,57,2e,1f,a0,e8,c9,21,c7,d0,bc,fc,f5,b2,e3,5b,c0,5c,d4,0f,7c,ca,84,\ "rkeysecu"=hex:f3,70,a1,43,2e,a8,77,84,61,70,3f,0c,67,c4,54,da [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-05-20 16:09:49 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-05-20 14:09 Vor Suchlauf: 8 Verzeichnis(se), 237.917.114.368 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 238.083.497.984 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 38850BAB4DD2613A278C32F7DABFDADA