Code:
Alles auswählen Aufklappen ATTFilter
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-11-23.02 - Karin 24.11.2012 11:40:10.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.1014.304 [GMT 1:00]
ausgeführt von:: c:\users\Karin\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karin\Documents\ComboFix.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-24 bis 2012-11-24 ))))))))))))))))))))))))))))))
.
.
2012-11-24 10:47 . 2012-11-24 10:48 -------- d-----w- c:\users\Karin\AppData\Local\temp
2012-11-24 10:47 . 2012-11-24 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-21 11:23 . 2012-11-21 11:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 11:23 . 2012-11-21 11:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 09:51 . 2012-11-21 09:51 -------- d-----w- c:\users\Karin\AppData\Roaming\Malwarebytes
2012-11-21 09:50 . 2012-11-21 09:50 -------- d-----w- c:\programdata\Malwarebytes
2012-11-21 09:50 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-21 09:50 . 2012-11-21 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-21 09:04 . 2012-11-21 09:05 -------- d-----w- C:\8250e52f1d499fcea2b595
2012-11-20 13:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8293122-DCAF-41ED-BFFD-A93DF88D7EB1}\mpengine.dll
2012-11-12 15:18 . 2012-11-12 15:18 -------- d-----w- c:\programdata\AVS4YOU
2012-11-12 15:18 . 2012-11-12 15:18 -------- d-----w- c:\users\Karin\AppData\Roaming\AVS4YOU
2012-11-12 15:16 . 2012-11-20 21:49 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-11-12 15:15 . 2012-04-20 11:09 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-11-12 15:15 . 2012-11-20 21:50 -------- d-----w- c:\program files\AVS4YOU
2012-11-12 15:15 . 2012-04-20 11:08 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-11-12 14:14 . 2012-11-20 21:57 -------- d-----w- c:\program files\Soda PDF 5
2012-11-12 14:09 . 2012-11-12 14:09 -------- d--h--w- c:\programdata\Common Files
2012-11-12 14:08 . 2012-11-12 14:20 -------- d-----w- c:\users\Karin\AppData\Roaming\PDF Software
2012-11-12 14:08 . 2012-11-12 14:19 -------- d-----w- c:\program files\Common Files\Soda PDF 5
2012-11-12 13:45 . 2012-11-12 13:45 -------- d-----w- c:\programdata\Systweak
2012-11-12 13:45 . 2012-11-12 13:45 -------- d-----w- c:\program files\Advanced System Protector
2012-11-12 13:45 . 2012-07-25 11:03 17136 ----a-w- c:\windows\system32\sasnative32.exe
2012-11-12 13:43 . 2012-11-13 10:19 -------- d-----w- c:\users\Karin\AppData\Roaming\Systweak
2012-11-12 13:43 . 2012-09-21 11:05 15544 ----a-w- c:\windows\system32\roboot.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 09:59 . 2012-06-08 09:38 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-09-19 16:06 . 2012-07-25 12:53 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-09-19 16:06 . 2012-05-25 17:38 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C737F472-1193-4281-BF53-A00B67AB3E19}]
2012-11-05 17:18 91992 ----a-w- c:\program files\Soda PDF 5\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}"= "c:\program files\Soda PDF 5\PDFIEPlugin.dll" [2012-11-05 729944]
.
[HKEY_CLASSES_ROOT\clsid\{f335aba2-fdb4-4644-92b2-5cc4b0fc91d6}]
[HKEY_CLASSES_ROOT\SodaPDF5_IEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{DC275339-6DF9-41FB-AFB8-03BC81FBD9E5}]
[HKEY_CLASSES_ROOT\SodaPDF5_IEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-08-04 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-26 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-26 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-26 133912]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-16 356376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 11:23]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 08:05]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 08:05]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488933513-3408225345-1180953356-1000Core.job
- c:\users\Karin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:44]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488933513-3408225345-1180953356-1000UA.job
- c:\users\Karin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:44]
.
2012-11-23 c:\windows\Tasks\User_Feed_Synchronization-{264932C7-3D20-403D-B0FD-8D617F4F58D6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
TCP: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-24 11:48
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-11-24 11:50:43
ComboFix-quarantined-files.txt 2012-11-24 10:50
ComboFix2.txt 2012-11-22 21:44
.
Vor Suchlauf: 8 Verzeichnis(se), 111.613.857.792 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 111.595.855.872 Bytes frei
.
- - End Of File - - 815C12BCB7B28C0EE23965BDCCCE58C6
--- --- ---
24.11.2012, 12:02
Hybrid-Darstellung
