Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 11-09-28.03 - Papa 28.09.2011 21:27:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.1791.1076 [GMT 2:00]
ausgeführt von:: c:\users\Mama\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\users\Mama\AppData\Local\ApplicationHistory
c:\users\Mama\AppData\Local\ApplicationHistory\EULA.exe.3bdc8327.ini
c:\users\Mama\AppData\Local\ApplicationHistory\EULALauncher.exe.61ab3c67.ini
c:\users\Papa\AppData\Local\ApplicationHistory
c:\users\Papa\AppData\Local\ApplicationHistory\EULA.exe.3bdc8327.ini
c:\users\Papa\AppData\Local\ApplicationHistory\EULALauncher.exe.61ab3c67.ini
c:\windows\system32\comct332.ocx
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-28 bis 2011-09-28 ))))))))))))))))))))))))))))))
.
.
2011-09-28 19:52 . 2011-09-28 19:53 -------- d-----w- c:\users\Papa\AppData\Local\temp
2011-09-28 19:52 . 2011-09-28 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-28 18:16 . 2011-09-28 18:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EC5BA5B-6F0F-4C43-8C0F-EF2D6B81D9BC}\offreg.dll
2011-09-27 20:12 . 2011-09-27 20:12 -------- d-----w- C:\_OTL
2011-09-27 15:49 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EC5BA5B-6F0F-4C43-8C0F-EF2D6B81D9BC}\mpengine.dll
2011-09-26 17:27 . 2011-09-26 17:27 -------- d-----w- c:\users\Mama\AppData\Roaming\Malwarebytes
2011-09-25 20:34 . 2011-09-25 20:34 -------- d-----w- c:\program files\ESET
2011-09-25 18:27 . 2011-09-25 18:27 -------- d-----w- c:\users\Papa\AppData\Roaming\Malwarebytes
2011-09-25 18:27 . 2011-09-25 18:27 -------- d-----w- c:\programdata\Malwarebytes
2011-09-25 18:27 . 2011-09-25 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-25 18:27 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 18:07 . 2011-09-04 18:07 -------- d-----w- c:\users\Mama\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 06:16 . 2011-08-10 06:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-10 16:00 . 2011-07-10 16:00 9232 ----a-w- c:\users\Papa\mqdmmdfl.sys
2011-07-10 16:00 . 2011-07-10 16:00 92064 ----a-w- c:\users\Papa\mqdmmdm.sys
2011-07-10 16:00 . 2011-07-10 16:00 79328 ----a-w- c:\users\Papa\mqdmserd.sys
2011-07-10 16:00 . 2011-07-10 16:00 66656 ----a-w- c:\users\Papa\mqdmbus.sys
2011-07-10 16:00 . 2011-07-10 16:00 6208 ----a-w- c:\users\Papa\mqdmcmnt.sys
2011-07-10 16:00 . 2011-07-10 16:00 5936 ----a-w- c:\users\Papa\mqdmwhnt.sys
2011-07-10 16:00 . 2011-07-10 16:00 4048 ----a-w- c:\users\Papa\mqdmcr.sys
2011-07-10 16:00 . 2011-07-10 16:00 25600 ----a-w- c:\windows\system32\drivers\usbsermptxp.sys
2011-07-10 16:00 . 2011-07-10 16:00 25600 ----a-w- c:\users\Papa\usbsermptxp.sys
2011-07-10 16:00 . 2011-07-10 16:00 22768 ----a-w- c:\users\Papa\usbsermpt.sys
2011-09-09 18:54 . 2011-05-07 09:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-20 12:33 . 2010-06-20 12:33 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"Skytel"="Skytel.exe" [2007-05-07 1826816]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-06-14 548864]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-20 30192]
"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-09 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-20 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-14 455032]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-28 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-18 03:36]
.
2011-09-28 c:\windows\Tasks\Erweiterte Garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-09-10 16:38]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 09:05]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 09:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\0x5j975u.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-52448283.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-09-28 21:52
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-09-28 22:01:43
ComboFix-quarantined-files.txt 2011-09-28 20:01
.
Vor Suchlauf: 8 Verzeichnis(se), 72.469.745.664 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 72.398.458.880 Bytes frei
.
- - End Of File - - 0D53CC33F20E5A2A78F668119E24FC37
--- --- ---
28.09.2011, 21:40
Baum-Darstellung