ausgeführt von:: c:\documents and settings\LIUK\Desktop\roba scaricata\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\LIUK\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
FILE ::
"c:\windows\system32\drivers\ethtjjmz.sys"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ethtjjmz
((((((((((((((((((((((( Dateien erstellt von 2009-12-13 bis 2010-01-13 ))))))))))))))))))))))))))))))
.
2010-01-12 14:29 . 2010-01-12 14:29 77312 ----a-w- C:\mbr.exe
2010-01-12 10:01 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-11 19:42 . 2010-01-11 19:42 52224 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-11 19:42 . 2010-01-11 19:42 117760 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-11 19:42 . 2010-01-11 19:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-11 18:26 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 16:58 . 2010-01-11 17:06 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\BitDefender Deployment Tool
2010-01-11 16:57 . 2010-01-11 16:57 -------- d-----w- c:\programmi\BitDefender
2010-01-11 16:56 . 2010-01-11 16:56 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-01-10 12:53 . 2010-01-10 12:53 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\Nokia
2010-01-10 12:52 . 2010-01-10 12:52 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\NokiaAccount
2010-01-10 12:05 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-10 12:05 . 2010-01-10 12:05 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-01-10 12:03 . 2010-01-10 12:03 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-01-10 12:03 . 2010-01-10 12:03 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-01-10 12:03 . 2010-01-10 12:03 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-01-10 12:03 . 2010-01-10 12:03 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-01-10 12:02 . 2010-01-10 12:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-01-10 12:02 . 2010-01-10 12:02 95992424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
2010-01-08 15:44 . 2010-01-08 15:58 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-01-04 22:57 . 2010-01-04 22:58 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-27 19:17 . 2009-12-27 19:17 -------- d-----w- c:\programmi\Ubisoft
2009-12-20 18:15 . 2009-12-20 18:15 -------- d-----w- C:\WESTWOOD
2009-12-19 22:42 . 2006-09-28 14:04 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-12-19 22:42 . 2006-09-28 14:04 1073152 ----a-w- c:\windows\system32\libeay32.dll
2009-12-19 22:42 . 2009-12-20 17:09 -------- d-----w- C:\USDownloader
2009-12-19 13:40 . 2009-12-19 13:40 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-19 13:40 . 2009-12-19 13:40 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-19 13:40 . 2009-12-19 13:40 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-19 13:40 . 2009-12-19 13:40 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-19 13:40 . 2009-12-19 13:40 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:23 . 2009-12-19 13:23 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-19 13:23 . 2009-12-19 13:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-19 13:22 . 2010-01-13 01:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-12-19 13:22 . 2009-12-19 13:22 -------- d-----w- c:\programmi\Kaspersky Lab
2009-12-19 13:20 . 2009-12-19 13:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 22:28 . 2009-12-08 16:19 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\vlc
2010-01-11 02:53 . 2009-08-13 12:16 -------- d-----w- c:\programmi\Panda Security
2010-01-11 00:44 . 2009-10-01 19:55 -------- d-----w- c:\programmi\Nokia
2010-01-11 00:43 . 2009-10-01 19:55 -------- d-----w- c:\programmi\File comuni\Nokia
2010-01-11 00:39 . 2006-11-15 11:05 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-10 19:01 . 2009-06-09 16:36 1 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-10 12:53 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Nokia
2010-01-08 15:44 . 2009-01-17 12:56 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2010-01-08 15:44 . 2009-01-17 12:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-08 15:44 . 2009-08-15 14:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-29 11:31 . 2008-10-18 16:03 -------- d-----w- c:\programmi\uTorrent
2009-12-29 11:31 . 2008-10-18 16:02 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\uTorrent
2009-12-27 23:56 . 2009-07-07 16:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\dvdcss
2009-12-16 15:46 . 2006-04-10 12:00 81242 ----a-w- c:\windows\system32\perfc010.dat
2009-12-16 15:46 . 2006-04-10 12:00 482408 ----a-w- c:\windows\system32\perfh010.dat
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-08 19:58 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\PC Suite
2009-12-08 19:33 . 2009-12-08 19:33 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-12-08 19:30 . 2009-12-08 19:30 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-08 19:30 . 2009-12-08 19:30 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-08 19:30 . 2009-10-01 19:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-08 19:30 . 2009-12-08 19:31 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita.exe
2009-12-06 21:00 . 2009-12-06 20:59 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\RevoluTV
2009-12-06 20:59 . 2009-12-06 20:59 -------- d-----w- c:\programmi\RevoluTV
2009-12-06 20:57 . 2009-12-06 20:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-12-05 12:30 . 2009-05-15 15:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-12-04 16:50 . 2009-12-04 16:47 -------- d-----w- c:\programmi\rockbox
2009-11-30 20:43 . 2009-12-04 16:47 136192 ----a-w- c:\windows\system32\fsproflt.exe
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-11-11 08:26 . 2009-11-19 18:20 1195464 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-03 19:14 . 2009-11-03 19:06 175080 ----a-w- c:\windows\hpoins29.dat
2009-11-02 12:14 . 2009-11-02 12:14 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-02 12:14 . 2009-11-02 12:14 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-02 12:14 . 2009-11-02 12:14 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-02 12:13 . 2009-11-02 12:16 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-10-29 07:42 . 2006-04-10 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2006-04-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2006-04-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-04-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-04-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:20 . 2006-04-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-08-11 12:53 . 2009-08-11 12:37 148768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-11 12:53 . 2009-08-11 12:37 1568 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
------- Sigcheck -------
[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mylbx"="c:\programmi\rockbox\mylbx.exe" [2009-12-01 1088688]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRE_McciTrayApp]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2006-06-29 15:34 49152 ----a-w- c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:14 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2006-11-17 14:54 1552384 ----a-w- c:\programmi\D-Link\AirPlus G\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2006-07-17 14:36 684032 ----a-w- c:\programmi\VIAudioi\HDADeck\HDeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2006-04-10 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-04-10 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-04-21 13:41 438359 ----a-w- c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2006-04-10 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 23:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-25 23:08 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-12-25 23:08 1657376 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-09 16:30 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26 3561720 ----a-w- c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 21:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"Network WanMiniport First Position"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ANIWZCSdService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\NetMeeting\\Conf.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\RARBG Player\\rar.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\D-Link\\AirPlus for DWL-900AP+\\AirPlus_Manager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4643:TCP"= 4643:TCP:aayilkqe
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [04/12/2009 17.47.49 43792]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/01/2010 11.01.44 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/01/2009 13.51.52 691696]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [04/12/2009 17.47.50 136192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
S3 ADM851X;IDF Alice Gate 2 plus USB;c:\windows\system32\drivers\ADM851X.sys [27/10/2004 15.05.10 22144]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24/08/2009 15.17.03 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24/08/2009 15.17.03 3072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/01/2010 19.26.36 38224]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [20/06/2009 15.44.55 234888]
S4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [01/05/2009 23.54.54 8192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
2010-01-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-01-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
hxxp://www.google.it/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: Add to Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -
res://c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {40ECDB64-DFF7-488F-99F2-5CB8EC9E0C71} = 192.168.1.1,192.168.1.1
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: keyword.URL -
hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-13 02:10
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spiw.sys >>UNKNOWN [0x86788938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7664f28
\Driver\ACPI -> ACPI.sys @ 0xf73dccb8
\Driver\atapi -> atapi.sys @ 0xf7371b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> NDIS.sys @ 0xf7267bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7256a0d
SendHandler -> NDIS.sys @ 0xf726ab40
user & kernel MBR OK
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\Software\SecuROM\License information*]
"datasecu"=hex:28,a2,ba,61,10,f2,35,81,07,9d,7e,65,c2,05,0a,97,7c,4d,20,d8,ca,
3a,34,2b,4e,5d,20,8c,10,5e,b3,90,bf,75,47,15,d9,2d,05,53,9a,85,2b,49,3c,15,\
"rkeysecu"=hex:79,9d,3c,ea,33,92,37,b0,fa,2a,de,a7,90,35,98,2b
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
- - - - - - - > 'explorer.exe'(264)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-01-13 02:14:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-01-13 01:14
ComboFix2.txt 2010-01-12 12:47
ComboFix3.txt 2010-01-12 10:48
Vor Suchlauf: 47.543.877.632 byte disponibili
Nach Suchlauf: 47.536.226.304 byte disponibili
- - End Of File - - F5BF2CB2705E152F6DE291E0A8121BBC