Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 11-12-21.02 - Margit_2 22.12.2011 13:40:25.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3545.2328 [GMT 1:00]
ausgeführt von:: c:\users\Margit_2\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-22 bis 2011-12-22 ))))))))))))))))))))))))))))))
.
.
2011-12-22 12:52 . 2011-12-22 12:52 -------- d-----w- c:\users\Margit_2\AppData\Local\temp
2011-12-22 12:52 . 2011-12-22 12:52 -------- d-----w- c:\users\h\AppData\Local\temp
2011-12-22 12:52 . 2011-12-22 12:52 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-12-22 12:52 . 2011-12-22 12:52 -------- d-----w- c:\users\f\AppData\Local\temp
2011-12-22 12:52 . 2011-12-22 12:52 -------- d-----w- c:\users\f.Margit-PC\AppData\Local\temp
2011-12-22 12:52 . 2011-12-22 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\users\Margit_2\AppData\Roaming\Malwarebytes
2011-12-21 18:27 . 2011-12-21 18:27 -------- d-----w- c:\programdata\Malwarebytes
2011-12-21 18:27 . 2011-12-21 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-21 18:27 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 08:53 . 2011-12-21 17:08 -------- d-----w- c:\programdata\AVAST Software
2011-12-21 08:53 . 2011-12-21 08:53 -------- d-----w- c:\program files\AVAST Software
2011-12-16 15:48 . 2011-12-16 15:48 0 ---ha-w- c:\users\Margit_2\AppData\Local\BIT695.tmp
2011-12-15 19:38 . 2011-12-15 19:38 115 ----a-w- c:\users\Margit_2\AppData\Roaming\Microsoft\2171\bl10718142_64.bat
2011-12-15 19:35 . 2011-12-15 19:35 -------- d-----w- c:\users\Margit_2\AppData\Roaming\PCDr
2011-12-15 16:44 . 2011-12-15 19:33 -------- d-----w- c:\users\TEMP
2011-12-15 16:14 . 2011-12-15 16:23 -------- d-----w- C:\542311bc1d1cc07be6cbe8e940
2011-12-15 16:03 . 2011-12-15 16:03 115 ----a-w- c:\users\Margit_2\AppData\Roaming\Microsoft\2171\bl368817_64.bat
2011-12-14 12:23 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 12:23 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 12:23 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 12:23 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 12:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 12:23 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 12:23 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-11 19:37 . 2011-12-11 19:37 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-11 19:21 . 2011-12-21 07:54 -------- d-sh--w- c:\users\Margit_2\AppData\Local\6c3fb6ff
2011-12-11 19:18 . 2011-12-21 07:55 -------- d-----w- c:\users\Margit_2\AppData\Roaming\3F48C
2011-12-11 19:18 . 2011-12-15 19:33 -------- d-----w- c:\users\Margit_2\Tracing
2011-12-11 19:18 . 2011-12-21 10:13 -------- d-----w- c:\users\Margit_2\AppData\Roaming\14F3F
2011-12-11 19:17 . 2011-12-21 07:54 -------- d-sh--r- c:\users\Margit_2\2397-5973-7874-8623
2011-12-09 07:38 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACDEF732-E5AF-4A98-977B-0342703A206F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 19:15 . 2011-05-09 18:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
.
c:\users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-28 03:15 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" -bootmode
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"3AE.exe"=c:\users\Margit_2\AppData\Roaming\Microsoft\2171\3AE.exe
"NokiaSuite.exe"=c:\program files\Nokia\Nokia Suite\NokiaSuite.exe -tray
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" /m
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"QuickSet"=c:\program files\Dell\QuickSet\QuickSet.exe
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"3AE.exe"=c:\program files\LP\2171\3AE.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-06 133632]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-22 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:02]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyServer = http=127.0.0.1:55374
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Margit_2\AppData\Roaming\Mozilla\Firefox\Profiles\7xiiiyxa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - t-online.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-22 13:52
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-22 13:55:20
ComboFix-quarantined-files.txt 2011-12-22 12:55
ComboFix2.txt 2011-12-21 22:10
.
Vor Suchlauf: 14 Verzeichnis(se), 227.640.389.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 227.601.367.040 Bytes frei
.
- - End Of File - - CACE21FE694275ADBB25EC8C77BB9AA8
22.12.2011, 14:02
Linear-Darstellung
