ComboFix 10-05-20.05 - **** 22.05.2010 13:55:59.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2082 [GMT 2:00] ausgeführt von:: c:\users\****\Desktop\test.exe SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\Real\Update_OB\lang\faust_de.dll c:\program files\Common Files\Real\Update_OB\lang\rpsearch_de.dll c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll c:\program files\Internet Explorer\Plugins\npqtplugin3.dll c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll c:\program files\Internet Explorer\Plugins\npqtplugin5.dll c:\program files\Internet Explorer\Plugins\npqtplugin6.dll c:\program files\Internet Explorer\Plugins\npqtplugin7.dll c:\program files\QuickTime\Plugins\npqtplugin2.dll c:\program files\QuickTime\Plugins\npqtplugin3.dll c:\program files\QuickTime\Plugins\npqtplugin4.dll c:\program files\QuickTime\Plugins\npqtplugin5.dll c:\program files\QuickTime\Plugins\npqtplugin6.dll c:\program files\QuickTime\Plugins\npqtplugin7.dll c:\program files\Real\RealPlayer\lang\cdplay_de.dll c:\program files\Real\RealPlayer\lang\dbcomp_de.dll c:\program files\Real\RealPlayer\lang\embed_de.dll c:\program files\Real\RealPlayer\lang\gemctl_de.dll c:\program files\Real\RealPlayer\lang\mydevices_de.dll c:\program files\Real\RealPlayer\lang\pngui_de.dll c:\program files\Real\RealPlayer\lang\rjctl_de.dll c:\program files\Real\RealPlayer\lang\rjdlg_de.dll c:\program files\Real\RealPlayer\lang\rjeq_de.dll c:\program files\Real\RealPlayer\lang\rjfade_de.dll c:\program files\Real\RealPlayer\lang\rjmisc_de.dll c:\program files\Real\RealPlayer\lang\rjprog_de.dll c:\program files\Real\RealPlayer\lang\rjres_de.dll c:\program files\Real\RealPlayer\lang\rjskin_de.dll c:\program files\Real\RealPlayer\lang\rjviz_de.dll c:\program files\Real\RealPlayer\lang\rjwma_de.dll c:\program files\Real\RealPlayer\lang\rnuninst_de.dll c:\program files\Real\RealPlayer\lang\rpapp_de.dll c:\program files\Real\RealPlayer\lang\rpbgr_de.dll c:\program files\Real\RealPlayer\lang\rpbrp_de.dll c:\program files\Real\RealPlayer\lang\rpclsvc_de.dll c:\program files\Real\RealPlayer\lang\rpclutil_de.dll c:\program files\Real\RealPlayer\lang\rpdemand_de.dll c:\program files\Real\RealPlayer\lang\rpdsplyr_de.dll c:\program files\Real\RealPlayer\lang\rpext_de.dll c:\program files\Real\RealPlayer\lang\rpgutil_de.dll c:\program files\Real\RealPlayer\lang\rpmnpane_de.dll c:\program files\Real\RealPlayer\lang\rpplylst_de.dll c:\program files\Real\RealPlayer\lang\rpsearch_de.dll c:\program files\Real\RealPlayer\lang\rpwebctl_de.dll c:\program files\Real\RealPlayer\lang\systray_de.dll c:\program files\Real\RealPlayer\lang\tcdinfo_de.dll c:\program files\Real\RealPlayer\lang\tclsvc_de.dll c:\program files\Real\RealPlayer\lang\tdwnmgr_de.dll c:\program files\Real\RealPlayer\lang\tearm_de.dll c:\program files\Real\RealPlayer\lang\teasdk_de.dll c:\program files\Real\RealPlayer\lang\tmdedit_de.dll c:\program files\Real\RealPlayer\lang\tmp3_de.dll c:\program files\Real\RealPlayer\lang\twave_de.dll c:\program files\Real\RealPlayer\lang\upgrdhlp_de.dll c:\program files\Real\RealPlayer\lang\upgrdlib_de.dll c:\programdata\Microsoft\Windows\Start Menu\Programs\Buena Vista Interactive c:\windows\system32\AbaleZip.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-04-22 bis 2010-05-22 )))))))))))))))))))))))))))))) . 2010-05-22 12:03 . 2010-05-22 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-19 20:15 . 2010-05-19 21:27 17146 ----a-w- c:\users\****\WinRAR-ZIP-Archiv (neu).zip 2010-05-19 16:43 . 2010-05-19 16:43 -------- d-----w- c:\programdata\WindowsSearch 2010-05-19 16:30 . 2010-05-19 16:30 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes 2010-05-19 16:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-19 16:29 . 2010-05-19 16:29 -------- d-----w- c:\programdata\Malwarebytes 2010-05-19 16:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-15 14:02 . 2010-05-15 20:04 -------- d-----w- c:\users\****\AppData\Roaming\SpieleEntwicklungsKombinat 2010-05-15 14:00 . 2010-05-15 14:02 -------- d-----w- c:\programdata\SpieleEntwicklungsKombinat 2010-05-14 17:52 . 2010-05-14 18:14 -------- d-----w- c:\users\****\AppData\Roaming\Webocton - Scriptly 2010-05-13 01:13 . 2010-05-13 01:13 -------- d-----w- c:\users\****\AppData\Roaming\DVDVideoSoftIEHelpers 2010-05-12 16:12 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-11 17:56 . 2010-05-11 17:56 -------- d-----w- c:\programdata\Isotx 2010-05-08 12:20 . 2010-05-08 12:20 -------- d-----w- c:\users\****\AppData\Roaming\Red Alert 3 2010-05-08 10:47 . 2010-05-13 19:25 -------- d-----w- c:\users\****\AppData\Local\Microsoft Game Studios 2010-05-08 10:46 . 2010-05-13 19:25 -------- d-----w- c:\programdata\Microsoft Games 2010-05-08 10:45 . 2010-05-13 19:24 -------- d-----w- c:\users\****\AppData\Roaming\Microsoft Game Studios 2010-05-07 15:33 . 2010-05-07 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-05-07 14:57 . 2010-05-07 14:58 -------- d-----w- C:\temp 2010-05-07 14:44 . 2010-05-17 17:13 -------- d-----w- c:\users\****\AppData\Roaming\InstallShield Installation Information 2010-05-07 14:34 . 2010-05-07 14:34 -------- d-----w- c:\program files\MSXML 4.0 2010-05-07 14:16 . 1998-06-17 16:07 57344 ----a-w- c:\windows\system32\Mfc42loc.dll 2010-05-07 13:44 . 2010-05-07 13:44 1 ----a-w- c:\windows\system32\SI.bin 2010-05-04 16:13 . 2010-05-22 12:06 -------- d-----w- c:\users\****\AppData\Local\LogMeIn Hamachi 2010-05-03 19:17 . 2010-05-13 22:22 -------- d-----w- c:\users\****\AppData\Roaming\mIRC 2010-05-02 14:28 . 2010-05-02 14:28 -------- d-----w- C:\sound 2010-05-02 14:28 . 2010-05-02 14:28 -------- d-----w- C:\launcherdata 2010-05-01 23:43 . 2010-05-02 15:10 -------- d-----w- c:\users\****\AppData\Local\Gas Powered Games 2010-05-01 23:43 . 2010-05-01 23:43 -------- d--h--r- c:\users\****\AppData\Roaming\SecuROM 2010-04-29 18:21 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-22 12:07 . 2010-04-04 15:25 -------- d-----w- c:\users\****\AppData\Roaming\Skype 2010-05-22 12:05 . 2010-04-03 14:00 -------- d-----w- c:\users\****\AppData\Roaming\Vidalia 2010-05-22 11:45 . 2010-04-03 18:55 2313765 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-05-22 11:45 . 2010-04-03 14:00 -------- d-----w- c:\users\****\AppData\Roaming\Tor 2010-05-22 11:44 . 2010-04-04 15:34 -------- d-----w- c:\users\****\AppData\Roaming\skypePM 2010-05-21 20:08 . 2010-04-03 15:02 -------- d-----w- c:\users\****\AppData\Roaming\Winamp 2010-05-20 21:43 . 2010-04-04 15:28 -------- d-----w- c:\users\****\AppData\Roaming\vlc 2010-05-20 17:58 . 2010-04-03 22:06 -------- d-----w- c:\users\****\AppData\Roaming\Free Download Manager 2010-05-20 16:51 . 2010-04-14 18:57 -------- d-----w- c:\users\****\AppData\Roaming\dvdcss 2010-05-19 21:17 . 2010-05-19 21:18 1955328 ----a-w- c:\windows\Internet Logs\xDBA0F6.tmp 2010-05-19 20:39 . 2010-05-19 20:40 2876928 ----a-w- c:\windows\Internet Logs\xDB827A.tmp 2010-05-19 19:35 . 2010-04-03 14:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-05-19 19:30 . 2010-05-19 19:31 1953280 ----a-w- c:\windows\Internet Logs\xDB8BE1.tmp 2010-05-17 17:06 . 2010-05-17 17:13 552214 ----a-w- c:\users\****\AppData\Roaming\InstallShield Installation Information\{83708FDE-ECDE-4392-AACC-A1B7CC4502D5}\ISSetup.dll 2010-05-17 17:06 . 2010-05-17 17:13 455600 ----a-w- c:\users\****\AppData\Roaming\InstallShield Installation Information\{83708FDE-ECDE-4392-AACC-A1B7CC4502D5}\setup.exe 2010-05-17 17:06 . 2010-05-17 17:13 152496 ----a-w- c:\users\****\AppData\Roaming\InstallShield Installation Information\{83708FDE-ECDE-4392-AACC-A1B7CC4502D5}\_setup.dll 2010-05-16 22:19 . 2006-11-02 15:33 618204 ----a-w- c:\windows\system32\perfh007.dat 2010-05-16 22:19 . 2006-11-02 15:33 122442 ----a-w- c:\windows\system32\perfc007.dat 2010-05-16 20:23 . 2010-04-03 22:02 443912 ----a-w- c:\users\****\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-05-15 14:34 . 2010-05-15 14:34 12862 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe 2010-05-15 14:24 . 2010-04-02 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-13 19:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games 2010-05-13 18:47 . 2010-04-02 23:34 -------- d-----w- c:\program files\Common Files\Steam 2010-05-13 01:13 . 2010-04-04 02:07 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-05-12 17:15 . 2010-05-12 17:26 147456 ----a-w- c:\users\****\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll 2010-05-12 16:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-05-12 09:21 . 2010-04-02 23:26 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-11 16:15 . 2010-04-04 16:10 -------- d-----w- c:\users\****\AppData\Roaming\ICQ 2010-05-07 15:26 . 2010-04-02 14:37 -------- d-----w- c:\users\****\AppData\Roaming\Media Center Programs 2010-05-07 14:56 . 2010-05-07 14:56 4710 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_FF02FD0831F4C529FF6494.exe 2010-05-07 14:56 . 2010-05-07 14:56 4710 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_6FEFF9B68218417F98F549.exe 2010-05-07 14:56 . 2010-05-07 14:56 4710 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_4708847016EFACC47BFD4B.exe 2010-05-06 21:25 . 2010-04-02 14:38 52448 ----a-w- c:\users\****\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-06 17:23 . 2010-05-07 13:42 2917888 ----a-w- c:\windows\Internet Logs\xDB2B27.tmp 2010-05-02 01:57 . 2010-05-02 01:56 32719575 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2010_05_02_03_21_32_full.dmp.zip 2010-04-29 21:35 . 2010-04-03 22:31 -------- d-----w- c:\users\****\AppData\Roaming\Mount&Blade 2010-04-29 01:03 . 2010-04-16 13:36 -------- d-----w- c:\users\****\AppData\Roaming\Audacity 2010-04-21 17:24 . 2010-04-02 22:52 -------- d-----w- c:\program files\NVIDIA Corporation 2010-04-21 16:54 . 2010-04-02 14:56 -------- d-----w- c:\programdata\NVIDIA 2010-04-20 21:10 . 2010-04-20 21:06 -------- d-----w- c:\users\****\AppData\Roaming\Mp3tag 2010-04-20 16:23 . 2010-04-12 14:43 -------- d-----w- c:\program files\HP 2010-04-20 16:19 . 2010-04-20 16:10 23687 ----a-w- c:\windows\hpqins15.dat 2010-04-17 13:57 . 2010-04-17 13:57 -------- d-----w- c:\program files\directx 2010-04-17 00:51 . 2010-04-04 01:42 60696384 ----a-w- c:\programdata\Sony Corporation\AutoUpdateClient\CT\ContentTransferSetup.exe 2010-04-16 13:42 . 2010-04-02 22:48 -------- d--h--w- c:\program files\Temp 2010-04-13 20:26 . 2010-04-10 16:20 -------- d-----w- c:\users\****\AppData\Roaming\gtk-2.0 2010-04-13 15:40 . 2010-04-13 15:40 -------- d-----w- c:\program files\Aspecto Software 2010-04-13 14:56 . 2010-04-13 14:56 45126 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe 2010-04-13 14:56 . 2010-04-13 14:56 45126 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe 2010-04-12 14:58 . 2010-04-12 14:57 -------- d-----w- c:\users\****\AppData\Roaming\HP 2010-04-12 14:57 . 2010-04-12 14:57 -------- d-----w- c:\programdata\WEBREG 2010-04-12 14:55 . 2010-04-12 14:42 181708 ----a-w- c:\windows\hpoins44.dat 2010-04-12 14:53 . 2010-04-12 14:42 -------- d-----w- c:\programdata\HP 2010-04-12 14:50 . 2010-04-12 14:50 -------- d-----w- c:\programdata\HP Product Assistant 2010-04-12 14:48 . 2010-04-12 14:48 -------- d-----w- c:\program files\Common Files\HP 2010-04-12 14:47 . 2010-04-12 14:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-04-11 13:20 . 2010-04-11 13:20 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2010-04-11 13:20 . 2010-04-11 13:20 441760 ----a-w- c:\windows\system32\drivers\timntr.sys 2010-04-11 13:17 . 2010-04-11 13:17 132224 ----a-w- c:\windows\system32\drivers\snapman.sys 2010-04-11 13:17 . 2010-04-11 13:17 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2010-04-11 13:17 . 2010-04-11 13:16 -------- d-----w- c:\program files\Common Files\Acronis 2010-04-10 22:57 . 2010-04-10 22:50 -------- d-----w- c:\users\****\AppData\Roaming\TS3Client 2010-04-10 22:37 . 2010-04-10 22:37 -------- d-----w- c:\users\****\AppData\Roaming\ImgBurn 2010-04-10 22:17 . 2010-04-02 14:45 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-10 16:28 . 2010-04-10 16:28 -------- d-----w- c:\users\****\AppData\Roaming\GeoVid 2010-04-09 23:45 . 2010-04-09 23:45 -------- d-----w- c:\program files\af0.net 2010-04-09 14:44 . 2010-04-09 14:44 -------- d-----w- c:\users\****\AppData\Roaming\Ubisoft 2010-04-09 14:40 . 2010-04-09 14:40 -------- d-----w- c:\programdata\Ubisoft 2010-04-09 14:23 . 2010-04-09 14:23 -------- d-----w- c:\users\****\AppData\Roaming\InstallShield 2010-04-09 14:19 . 2010-04-09 14:19 -------- d-----w- c:\programdata\Divinity 2 2010-04-09 14:01 . 2010-04-09 14:02 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-08 12:37 . 2010-04-08 12:37 -------- d-----w- c:\users\****\AppData\Roaming\Avira 2010-04-06 12:39 . 2010-04-06 15:51 1709056 ----a-w- c:\windows\Internet Logs\xDBB7FB.tmp 2010-04-06 12:39 . 2010-04-06 15:51 2803712 ----a-w- c:\windows\Internet Logs\xDBB6A3.tmp 2010-04-05 19:10 . 2010-04-05 19:06 -------- d-----w- c:\program files\EasyToolz 2010-04-05 19:05 . 2010-04-05 19:05 -------- d-----w- c:\program files\EA Games 2010-04-05 19:05 . 2010-04-05 19:05 -------- d-----w- c:\program files\Creative 2010-04-05 18:56 . 2010-04-05 18:56 -------- d-----w- c:\program files\Alcohol Soft 2010-04-04 15:35 . 2010-04-04 15:35 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-04-04 15:30 . 2010-04-04 15:30 -------- d-----w- c:\program files\Common Files\Skype 2010-04-04 15:30 . 2010-04-04 15:24 -------- d-----w- c:\programdata\Skype 2010-04-04 13:31 . 2010-04-03 17:56 -------- d-----w- c:\programdata\Media Center Programs 2010-04-04 13:05 . 2010-04-04 13:05 118784 ----a-w- c:\users\****\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-04-04 02:07 . 2010-04-04 02:07 -------- d-----w- c:\program files\DVDVideoSoft 2010-04-04 01:41 . 2010-04-04 01:41 -------- d-----w- c:\programdata\Sony Corporation 2010-04-04 01:41 . 2010-04-04 01:40 -------- d-----w- c:\users\****\AppData\Roaming\Sony Corporation 2010-04-04 01:37 . 2010-04-04 01:37 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-04-04 01:37 . 2010-04-04 01:37 -------- d-----w- c:\program files\Sony 2010-04-04 01:26 . 2010-04-04 01:26 -------- d-----w- c:\program files\Windows Portable Devices 2010-04-04 01:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-04 01:26 . 2010-04-04 01:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-04-04 01:25 . 2010-04-04 01:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-04-04 01:01 . 2010-04-02 23:52 -------- d-----w- c:\programdata\NOS 2010-04-03 22:06 . 2010-04-03 22:06 -------- d-----w- c:\programdata\FreeDownloadManager.ORG 2010-04-03 21:55 . 2010-04-03 21:55 -------- d-----w- c:\program files\Common Files\xing shared 2010-04-03 21:55 . 2010-04-02 21:32 -------- d-----w- c:\program files\Common Files\Real 2010-04-03 21:55 . 2010-04-03 21:55 -------- d-----w- c:\program files\Real 2010-04-03 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-04-03 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-04-03 18:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2007-04-17 08:30 . 2007-04-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "erotube"="mshta http:" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "Vidalia"="c:\hilfe programme\Tor\Vidalia Bundle\Vidalia\vidalia.exe" [2010-02-28 5344807] "Steam"="l:\games & spiele\Vollversionen\Valve\Steam.exe" [2010-05-07 1238352] "Skype"="c:\hilfe programme\Skype\Phone\Skype.exe" [2010-03-09 26100520] "RocketDock"="c:\hilfe programme\RocketDock\RocketDock.exe" [2007-09-02 495616] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-04-03 282792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "WinampAgent"="c:\hilfe programme\Winamp\winampa.exe" [2010-01-13 37888] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-03 198160] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-20 136472] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "LogMeIn Hamachi Ui"="c:\hilfe programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040] "Malwarebytes Anti-Malware (reboot)"="c:\hilfe programme\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EasyToolz.lnk - c:\program files\EasyToolz\EasyToolz.exe [2010-4-5 1391616] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-4-2 1126400] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):fb,e1,1c,51,5f,d3,ca,01 R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-03-27 14336] R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-03-27 13312] R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x] R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x] R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-03 691696] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-04-20 337064] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-04-03 135336] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-20 405672] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\hilfe programme\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336] S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 25208] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528] S2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [2004-05-17 17280] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{C6EAAFD6-59A5-40E6-94CC-DB85D2DA1574}.job - c:\windows\system32\msfeedssync.exe [2010-04-02 04:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Alles mit FDM herunterladen - file://c:\hilfe programme\Free Download Manager\dlall.htm IE: Auswahl mit FDM herunterladen - file://c:\hilfe programme\Free Download Manager\dlselected.htm IE: Datei mit FDM herunterladen - file://c:\hilfe programme\Free Download Manager\dllink.htm IE: Free YouTube to Mp3 Converter - c:\users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Videos mit FDM herunterladen - file://c:\hilfe programme\Free Download Manager\dlfvideo.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6oi6h6io.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - Google.de hxxp://forum.worldofplayers.de/forum/forumdisplay.php?f=104 FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - component: c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6oi6h6io.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6oi6h6io.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-_alcohol.exe Autorun - m:\alcohol 120\_alcohol.exe HKLM-Run-TrueImageMonitor.exe - m:\acronis\TrueImageHome\TrueImageMonitor.exe HKLM-Run-AcronisTimounterMonitor - m:\acronis\TrueImageHome\TimounterMonitor.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-22 14:05 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\windows\TEMP\TMP00000006104EDE4F6251FCFA 524288 bytes executable c:\windows\TEMP\TMP000000078B7B0D9AB6B4F5DC 524288 bytes c:\windows\TEMP\TMP000000086BD848D17926A6C9 524288 bytes Scan erfolgreich abgeschlossen versteckte Dateien: 3 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8572D1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8a9d4d24 \Driver\ACPI -> acpi.sys @ 0x827bfd68 \Driver\atapi -> 0x8572b1f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3397024398-3564375434-3833253811-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2b,bd,f0,57,75,ed,8e,5a,88,dc,4e,92,a2,8e,d8,42,6f,89,8b,bf,aa,f1,77, 43,f8,b6,59,65,55,ba,47,32,75,cf,16,1a,9b,ef,37,57,a1,95,c2,b5,38,8d,61,8c,\ "??"=hex:ca,4f,d5,34,b4,0b,6f,39,69,dd,68,3f,c8,b6,3f,d6 [HKEY_USERS\S-1-5-21-3397024398-3564375434-3833253811-1000\Software\SecuROM\License information*] "datasecu"=hex:69,74,b7,2a,77,cc,e8,11,e9,f7,79,9d,49,04,02,94,09,82,97,af,65, 4c,28,be,8e,59,76,e1,51,8c,2a,66,0f,d2,c2,ab,32,87,4a,41,55,69,99,c5,7a,93,\ "rkeysecu"=hex:3f,63,4b,85,33,83,37,20,86,62,5c,b1,15,32,af,aa . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(980) c:\windows\system32\relog_ap.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll - - - - - - - > 'Explorer.exe'(5744) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\hilfe programme\RocketDock\RocketDock.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\windows\system32\WUDFHost.exe c:\hilfe programme\EasyToolz\EasyToolz.exe c:\windows\system32\conime.exe c:\windows\System32\mshta.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehsched.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\windows\ehome\ehRecvr.exe c:\hilfe programme\Skype\Plugin Manager\skypePM.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Avira\AntiVir Desktop\checkt.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-05-22 14:12:58 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-05-22 12:12 Vor Suchlauf: 26 Verzeichnis(se), 253.145.583.616 Bytes frei Nach Suchlauf: 30 Verzeichnis(se), 253.310.734.336 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14 - - End Of File - - 79D5D8979004221D919FE71439751D15