Hallo Leo,
amnbei das Log des Combofix
Code:
Alles auswählen Aufklappen ATTFilter
omboFix 13-08-22.01 - admin 24.08.2013 15:53:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1010 [GMT 2:00]
ausgeführt von:: c:\users\Karsten\Desktop\ComboFix.exe
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2433f433
c:\programdata\4974913.pad
c:\programdata\hpe42AA.dll
c:\users\Karsten\Documents\~WRL0004.tmp
c:\users\Karsten\Documents\~WRL2542.tmp
c:\users\Karsten\Documents\~WRL2750.tmp
c:\users\Karsten\Documents\~WRL3966.tmp
c:\users\Vera\AppData\Roaming\2433f433
c:\users\Vera\Documents\~WRL0005.tmp
c:\users\Vera\Documents\~WRL0694.tmp
c:\users\Vera\Documents\~WRL2637.tmp
c:\users\Vera\Documents\~WRL3218.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-24 bis 2013-08-24 ))))))))))))))))))))))))))))))
.
.
2013-08-24 14:12 . 2013-08-24 14:12 -------- d-----w- c:\users\Vera_Luis\AppData\Local\temp
2013-08-24 14:11 . 2013-08-24 14:11 -------- d-----w- c:\users\Vera\AppData\Local\temp
2013-08-24 14:11 . 2013-08-24 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-24 14:10 . 2013-08-24 14:17 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-08-24 14:10 . 2013-08-24 14:10 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2013-08-24 14:10 . 2013-08-24 14:10 -------- d-----w- c:\users\Daniela\AppData\Local\temp
2013-08-24 11:08 . 2013-08-24 11:08 -------- d-----w- C:\FRST
2013-08-17 18:41 . 2013-08-17 18:41 -------- d-----w- c:\users\Karsten\restore
2013-08-17 18:34 . 2013-08-18 21:34 -------- d-----w- c:\programdata\tmp
2013-08-17 18:34 . 2013-08-18 11:28 -------- d-----w- c:\programdata\hps
2013-08-17 11:01 . 2013-08-17 11:01 -------- d-----w- c:\program files\CEWE COLOR
2013-08-16 06:08 . 2013-08-16 06:12 -------- d-----w- c:\windows\system32\MRT
2013-08-16 06:00 . 2013-07-25 02:42 757400 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-08-16 06:00 . 2013-07-25 02:32 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-08-16 06:00 . 2013-07-25 02:25 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-16 06:00 . 2013-07-25 02:25 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-08-16 06:00 . 2013-07-25 02:25 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-08-16 06:00 . 2013-07-25 02:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-15 16:18 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-15 16:18 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 16:18 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 16:17 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 16:17 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 16:17 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 16:17 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 16:17 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 16:17 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 16:17 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 16:17 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 16:17 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-04 10:49 . 2013-08-04 10:49 -------- d-----w- c:\program files\Common Files\Windows Live
2013-08-04 07:22 . 2013-08-04 07:22 -------- d-----w- c:\program files\iPod
2013-08-04 07:22 . 2013-08-04 07:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-04 07:22 . 2013-08-04 07:23 -------- d-----w- c:\program files\iTunes
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-08-04 07:17 . 2013-08-04 07:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-04 07:16 . 2013-08-04 07:17 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 15:03 . 2012-04-01 09:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 15:03 . 2011-11-26 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-04 01:50 . 2013-07-11 16:42 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-11 16:42 505344 ----a-w- c:\windows\system32\qedit.dll
2011-06-24 17:10 . 2011-06-19 08:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"VMonitorVMUVC"="c:\program files\Vimicro\VMUVC\VMonitor.exe" [2008-03-26 135168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
t@x aktuell.lnk - c:\program files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe [2013-6-9 536176]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\Buhl finance\wiso2013\mshaktuell.exe [2013-6-1 1386136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
backup=c:\windows\pss\Microsoft Office Shortcut Bar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tax aktuell.lnk]
path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tax aktuell.lnk
backup=c:\windows\pss\tax aktuell.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-15 13:29 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 09:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Whiz]
2013-01-25 11:37 3534704 ----a-w- c:\program files\Driver Whiz\Driver Whiz\DriverWhiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-10-27 09:40 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 09:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-27 22:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-10-19 16:42 155648 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S3 3xHybrid;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2011-11-13 1006816]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 15:59 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:03]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 20:29]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 20:29]
.
2013-08-24 c:\windows\Tasks\User_Feed_Synchronization-{C876FE5A-1437-4CD4-9957-1A2CAE695F35}.job
- c:\windows\system32\msfeedssync.exe [2011-05-08 19:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2536373
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office10\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office10\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\lra50n2l.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-24 16:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-24 16:19:41
ComboFix-quarantined-files.txt 2013-08-24 14:19
.
Vor Suchlauf: 17 Verzeichnis(se), 149.908.402.176 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 152.024.252.416 Bytes frei
.
- - End Of File - - 314B2B0D42E23DE91C1D3B76CA4172F1
671B81004FDD1588FA9ED1331C9CECA9
24.08.2013, 15:35
Hybrid-Darstellung
