ComboFix 10-04-05.01 - lsdap 06.04.2010 3:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2269.1321 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\$recycle.bin\S-1-5-21-1114903475-303346532-2826288875-500
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-06 bis 2010-04-06 ))))))))))))))))))))))))))))))
.
2010-04-06 01:38 . 2010-04-06 01:38 -------- d-----w- c:\users\lsdap\AppData\Local\temp
2010-04-06 01:38 . 2010-04-06 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-05 21:30 . 2010-04-05 21:30 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-04-04 10:15 . 2010-04-04 10:16 -------- d-----w- c:\users\lsdap\AppData\Local\PokerStars.IT
2010-04-04 10:14 . 2010-04-04 15:42 -------- d-----w- c:\program files\PokerStars.IT
2010-04-03 23:02 . 2010-04-03 23:02 -------- d-----w- c:\programdata\Ableton
2010-04-03 23:02 . 2010-04-03 23:02 -------- d-----w- c:\users\lsdap\AppData\Roaming\Ableton
2010-04-03 22:56 . 2010-04-03 22:56 -------- d-----w- c:\program files\Ableton
2010-04-03 22:16 . 2010-04-03 22:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-03 20:17 . 2010-04-03 20:17 -------- d-----w- C:\Sounds
2010-04-03 20:12 . 2008-09-04 04:28 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-04-03 20:12 . 2008-09-04 04:27 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-04-03 20:12 . 2008-09-04 04:27 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-04-03 20:12 . 2010-04-03 20:12 -------- d-----w- c:\program files\LG Electronics
2010-04-03 20:10 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-04-03 20:10 . 2010-04-03 20:25 -------- d-----w- c:\program files\LG PC Suite II
2010-04-03 20:10 . 2010-04-03 20:10 -------- d-----w- c:\users\lsdap\AppData\Roaming\LG Electronics
2010-04-02 01:04 . 2010-04-02 01:04 -------- d-----w- C:\WebcamMax
2010-04-01 14:44 . 2010-04-01 14:44 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-01 14:44 . 2010-04-01 14:44 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-01 14:44 . 2010-04-01 14:44 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-01 14:44 . 2010-04-01 14:44 4250976 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-01 14:44 . 2010-04-01 14:44 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-01 14:44 . 2010-04-01 14:44 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-01 14:44 . 2010-04-01 14:44 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-01 14:44 . 2010-04-01 14:44 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-01 14:44 . 2010-04-01 14:44 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-01 14:44 . 2010-04-01 14:44 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-01 14:44 . 2010-04-01 14:44 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-01 14:44 . 2010-04-01 14:44 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-01 14:42 . 2010-04-01 14:42 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-01 14:42 . 2010-04-01 14:42 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-03-30 09:45 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-30 09:41 . 2010-03-30 09:42 -------- d-----w- c:\users\lsdap\AppData\Local\TwinglyScreensaver
2010-03-30 09:37 . 2010-03-30 09:37 -------- d-----w- c:\windows\system32\System47 dir
2010-03-30 09:37 . 2010-03-30 09:37 197120 ----a-w- c:\windows\system32\System47.scr
2010-03-30 09:36 . 2010-03-30 09:36 -------- d-----w- c:\windows\system32\PolarClock3 dir
2010-03-30 09:36 . 2010-03-30 09:36 201728 ----a-w- c:\windows\system32\PolarClock3.scr
2010-03-30 09:30 . 2010-03-30 09:30 -------- d-----w- c:\windows\leogeo_timebeat Uninstaller
2010-03-30 09:30 . 2008-02-20 15:50 903680 ----a-w- c:\windows\leogeo_timebeat.scr
2010-03-30 09:30 . 2008-02-20 15:49 495104 ----a-w- c:\windows\leogeo_timebeat.exe
2010-03-30 09:28 . 2010-03-30 09:29 -------- d-----w- c:\windows\system32\Digg Bigspy dir
2010-03-30 09:26 . 2010-03-30 09:28 -------- d-----w- c:\windows\system32\Digg Arc dir
2010-03-30 09:06 . 2001-06-19 16:35 138752 ----a-w- c:\windows\system32\ijl15.dll
2010-03-30 09:06 . 2007-02-23 23:56 1275904 ----a-w- c:\windows\system32\Online News.scr
2010-03-30 08:33 . 2007-09-23 21:08 2789376 ----a-w- c:\windows\system32\Cities.scr
2010-03-30 08:31 . 2008-10-15 19:11 1087488 ----a-w- c:\windows\Atomic Clock.scr
2010-03-30 08:31 . 2010-03-30 09:43 -------- d-----w- c:\program files\schoner
2010-03-23 15:45 . 2010-04-06 01:26 -------- d-----w- c:\users\lsdap\AppData\Roaming\ICQ
2010-03-23 15:38 . 2010-03-23 15:38 -------- d-----w- c:\users\lsdap\AppData\Local\AOL
2010-03-23 15:38 . 2010-04-04 19:35 -------- d-----w- c:\program files\ICQ7.0
2010-03-23 14:35 . 2010-03-23 14:37 -------- d-----w- c:\program files\Clicktionary
2010-03-20 12:08 . 2010-03-20 16:05 -------- d-----w- c:\program files\Enigma Software Group
2010-03-16 17:18 . 2010-03-23 00:13 -------- d-----w- c:\programdata\WebcamMax
2010-03-16 17:18 . 2010-03-16 17:18 -------- d-----w- c:\users\lsdap\AppData\Roaming\WebcamMax
2010-03-16 17:18 . 2010-03-16 17:18 -------- d-----w- c:\program files\WebcamMax
2010-03-15 17:49 . 2010-03-15 17:49 -------- d-----w- c:\program files\JRE
2010-03-15 17:43 . 2010-03-15 17:43 -------- d-----w- c:\program files\Common Files\Java
2010-03-15 17:43 . 2010-03-15 17:43 -------- d-----w- c:\program files\Java
2010-03-15 15:25 . 2010-03-15 15:25 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-15 15:25 . 2010-03-15 15:25 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-15 15:25 . 2010-03-15 15:25 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-15 15:24 . 2010-03-15 15:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 21:56 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 21:56 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 21:56 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-09 21:09 . 2010-03-09 21:59 -------- d-----w- c:\users\lsdap\AppData\Roaming\SoundSpectrum
2010-03-09 21:05 . 2010-03-09 21:52 -------- d-----w- c:\program files\SoundSpectrum
2010-03-09 19:50 . 2010-03-09 19:50 -------- d-----w- c:\users\lsdap\AppData\Local\DFX
2010-03-09 19:46 . 2010-03-09 19:46 -------- d-----w- c:\programdata\DFX
2010-03-09 19:46 . 2010-03-09 21:00 -------- d-----w- c:\program files\DFX
2010-03-09 19:46 . 2010-03-09 19:46 -------- d-----w- c:\program files\Common Files\DFX
2010-03-09 18:40 . 2010-03-09 18:40 -------- d-----w- c:\users\lsdap\AppData\Local\Chromium
2010-03-09 18:12 . 2010-03-09 18:12 -------- d-----w- C:\ [System]
2010-03-09 17:44 . 2010-03-09 17:45 -------- d-----w- c:\users\lsdap\AppData\Roaming\TrueCrypt
2010-03-09 17:42 . 2010-03-09 17:42 -------- d-----w- c:\programdata\TrueCrypt
2010-03-09 17:42 . 2010-03-09 17:42 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-03-09 17:41 . 2010-03-09 17:46 -------- d-----w- c:\program files\TrueCrypt
2010-03-09 17:11 . 2010-03-09 17:11 -------- d-----w- c:\program files\QS
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 01:29 . 2010-02-07 08:45 -------- d-----w- c:\users\lsdap\AppData\Roaming\vlc
2010-04-05 21:34 . 2008-01-21 07:15 633836 ----a-w- c:\windows\system32\perfh007.dat
2010-04-05 21:34 . 2008-01-21 07:15 127776 ----a-w- c:\windows\system32\perfc007.dat
2010-04-03 22:22 . 2009-12-05 14:38 -------- d-----w- c:\users\lsdap\AppData\Roaming\MP3Find
2010-04-03 22:17 . 2009-09-22 12:22 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-03 22:16 . 2009-09-22 12:37 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-04-03 20:12 . 2008-09-05 03:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 02:20 . 2009-09-22 11:12 -------- d-----w- c:\users\lsdap\AppData\Roaming\dvdcss
2010-04-02 01:55 . 2009-09-23 11:24 1 ----a-w- c:\users\lsdap\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-01 15:27 . 2010-01-20 08:29 -------- d-----w- c:\program files\JDownloader
2010-03-29 01:36 . 2009-10-18 14:03 -------- d-----w- c:\users\lsdap\AppData\Roaming\PC Suite
2010-03-24 18:53 . 2009-09-20 19:58 -------- d-----w- c:\users\lsdap\AppData\Roaming\phonostar-Player
2010-03-24 13:34 . 2010-02-01 23:52 -------- d-----w- c:\program files\Miranda IM
2010-03-16 17:23 . 2010-03-04 20:44 -------- d-----w- c:\program files\map&guide professional 2009
2010-03-15 23:58 . 2009-09-20 19:38 112808 ----a-w- c:\users\lsdap\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-15 17:50 . 2009-09-23 11:01 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-15 17:43 . 2009-09-20 19:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 15:24 . 2009-09-20 20:03 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 15:24 . 2009-09-20 20:03 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 15:24 . 2009-09-20 20:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 15:13 . 2010-02-21 18:17 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-14 21:39 . 2010-02-14 15:51 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-14 21:39 . 2010-02-14 15:51 -------- d-----w- c:\program files\DVDVideoSoft
2010-03-12 22:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 18:10 . 2010-02-21 18:17 -------- d-----w- c:\users\lsdap\AppData\Roaming\Thunderbird
2010-03-10 15:42 . 2010-02-28 16:11 -------- d-----w- c:\programdata\Skype
2010-03-06 16:24 . 2010-03-06 16:24 -------- d-----w- c:\users\lsdap\AppData\Roaming\MixMeister Technology
2010-03-06 16:03 . 2010-03-06 16:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-05 12:47 . 2010-02-28 16:11 -------- d-----w- c:\users\lsdap\AppData\Roaming\Skype
2010-03-05 08:35 . 2009-09-20 19:32 -------- d-----w- c:\program files\Picasa2
2010-03-04 21:19 . 2009-09-20 23:29 -------- d-----w- c:\program files\Image-Line
2010-03-04 20:18 . 2009-09-21 12:40 -------- d-----w- c:\users\lsdap\AppData\Roaming\Nero
2010-03-04 20:15 . 2010-01-21 17:54 -------- d-----w- c:\program files\VstPlugins
2010-03-04 20:12 . 2009-09-20 19:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-04 19:59 . 2010-03-04 19:59 -------- d-----w- c:\program files\Microsoft.NET
2010-03-04 19:57 . 2010-03-04 19:16 -------- d-----w- c:\program files\Common Files\Nero
2010-03-04 19:39 . 2008-09-05 03:53 -------- d-----w- c:\program files\Nero
2010-03-04 19:24 . 2008-09-05 03:53 -------- d-----w- c:\programdata\Nero
2010-03-04 11:50 . 2010-03-04 11:50 261152 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-02-28 23:27 . 2010-02-28 23:27 50354 ----a-w- c:\users\lsdap\AppData\Roaming\Facebook\uninstall.exe
2010-02-28 23:27 . 2010-02-28 23:27 -------- d-----w- c:\users\lsdap\AppData\Roaming\Facebook
2010-02-26 17:42 . 2010-02-26 17:41 -------- d-----w- c:\program files\ophcrack
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\lsdap\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\lsdap\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-24 23:26 . 2010-02-24 23:26 -------- d-----w- c:\users\lsdap\AppData\Roaming\InstallShield
2010-02-22 15:41 . 2010-02-22 15:41 -------- d-----w- c:\users\lsdap\AppData\Roaming\MAP&GUIDE
2010-02-21 19:11 . 2010-01-01 02:42 -------- d-----w- c:\program files\Yahoo!
2010-02-21 19:11 . 2010-01-01 04:44 -------- d-----w- c:\programdata\Yahoo!
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 23:35 . 2010-02-17 23:19 -------- d-----w- c:\users\lsdap\AppData\Roaming\TeamViewer
2010-02-17 23:19 . 2010-02-17 23:19 -------- d-----w- c:\program files\TeamViewer
2010-02-15 16:28 . 2010-02-15 16:26 -------- d-----w- c:\program files\Common Files\Logox.4.0
2010-02-15 16:26 . 2010-02-15 16:26 163840 ----a-w- c:\windows\lgpSetup.exe
2010-02-15 16:25 . 2010-02-15 16:25 163840 ----a-w- c:\windows\GSetup.exe
2010-02-14 19:26 . 2010-02-14 19:26 -------- d-----w- c:\users\lsdap\AppData\Roaming\teamspeak2
2010-02-14 19:26 . 2010-02-14 19:26 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-02-13 14:59 . 2010-02-13 14:59 28672 ----a-r- c:\users\lsdap\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2010-02-13 14:59 . 2010-02-13 14:59 5185536 ----a-r- c:\users\lsdap\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2010-02-12 22:00 . 2010-02-01 23:29 -------- d-----w- c:\users\lsdap\AppData\Roaming\Miranda
2010-02-03 10:24 . 2009-11-12 06:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-01-25 12:00 . 2010-02-24 23:36 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 23:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 23:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 23:36 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 23:35 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 23:35 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 23:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 23:35 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 23:35 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 23:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 23:45 . 2010-01-06 23:45 7 ----a-w- c:\windows\sbacknt.bin
2010-01-06 23:44 . 2010-01-06 23:44 152904 ----a-w- c:\windows\system32\vghd.scr
2010-01-06 15:39 . 2010-02-24 23:35 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 23:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 23:35 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 23:35 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 23:35 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 23:35 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 13:30 . 2010-02-24 23:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-10 09:43 . 2009-10-10 09:38 24 --sh--w- c:\windows\S6E1F47A3.tmp
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-05-23 192512]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-03 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"PhonostarAgent"=d:\programm files\Phonostar\ps_agent.exe
"PhonostarTimer"=d:\programm files\Phonostar\ps_timer.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" -a
"Online News Screensaver"=c:\program files\schoner\Online News Screensaver\onsagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a2,36,ba,9b,48,3a,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-874604810-1164511638-1598734804-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-03 691696]
R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService;c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-23 18432]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-15 242696]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-15 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]
S2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-02 53248]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-04-06 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 10:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
www.pcmasters.de
mStart Page =
www.pcmasters.de
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\users\lsdap\AppData\Roaming\Mozilla\Firefox\Profiles\4qvecbib.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\lsdap\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.tabs.tabMinWidth - 125
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-04-06 03:38
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-04-06 03:41:08
ComboFix-quarantined-files.txt 2010-04-06 01:41
Vor Suchlauf: 21 Verzeichnis(se), 86.231.957.504 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 85.857.587.200 Bytes frei
- - End Of File - - 82A81D3C251D931A7A43CE79B32A5C19