Guten Morgen schrauber,
hier die combofix.txt:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 15-11-27.01 - Pluto 27.11.2015 8:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1854 [GMT 1:00]
ausgeführt von:: c:\users\Pluto\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pluto\AppData\Local\lollipop
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-10-27 bis 2015-11-27 ))))))))))))))))))))))))))))))
.
.
2015-11-27 07:35 . 2015-11-27 07:35 -------- d-----w- c:\users\Pluto\AppData\Local\temp
2015-11-27 07:35 . 2015-11-27 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-26 08:03 . 2015-11-26 08:17 -------- d-----w- c:\users\Pluto\AppData\Roaming\Avira
2015-11-26 08:00 . 2015-11-26 08:08 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-11-26 08:00 . 2015-11-26 08:08 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-11-26 08:00 . 2015-03-17 12:01 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-11-25 19:50 . 2015-11-25 20:01 -------- d-----w- C:\FRST
2015-11-25 16:47 . 2015-11-25 16:47 -------- d-----w- c:\users\Pluto\AppData\Roaming\HpUpdate
2015-11-25 16:47 . 2011-09-16 10:01 544616 ------w- c:\windows\system32\HPDiscoPMa111.dll
2015-11-25 16:47 . 2015-11-25 16:47 -------- d-----w- c:\program files\HP
2015-11-25 16:44 . 2015-11-25 16:49 -------- d-----w- c:\users\Pluto\AppData\Local\HP
2015-11-25 16:43 . 2011-09-16 16:24 216424 ----a-w- c:\windows\system32\hpinkcoia111.dll
2015-11-25 16:43 . 2011-09-16 16:24 270696 ----a-w- c:\windows\system32\hpinkstsa111LM.dll
2015-11-25 16:42 . 2011-09-16 16:24 491368 ----a-w- c:\windows\system32\HPWia2_PS5510.dll
2015-11-25 16:42 . 2011-09-16 16:24 1946472 ----a-w- c:\windows\system32\HPScanTRDrv_PS5510.dll
2015-11-24 17:45 . 2015-10-29 09:46 8991856 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{216A2C9C-238D-4F6A-B7FA-9E6DFB647353}\mpengine.dll ERROR(0x00000005)
2015-11-18 10:23 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-11-18 10:23 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-11-18 10:22 . 2015-10-17 14:24 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-11-18 10:11 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-11-18 10:11 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-11-18 10:11 . 2015-10-13 14:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-18 10:11 . 2015-10-13 14:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-18 10:10 . 2015-09-01 16:00 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-11-18 10:10 . 2015-09-01 16:00 115200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-11-18 10:10 . 2015-10-17 16:01 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-11-18 10:06 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-11-18 10:05 . 2015-10-14 20:22 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-11-18 10:05 . 2015-10-14 16:01 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-11-18 10:05 . 2015-10-14 16:01 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-18 10:03 . 2015-10-01 16:04 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-11-18 10:03 . 2015-10-01 16:03 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-11-18 10:03 . 2015-08-05 14:24 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-11-18 10:03 . 2015-10-01 16:03 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-11-18 10:03 . 2015-10-01 16:03 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-11-18 07:38 . 2015-11-18 07:38 -------- d-----w- C:\7946853f5cd4f9464e4b
2015-11-18 07:34 . 2015-10-10 16:02 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-18 06:49 . 2015-09-26 16:04 206336 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-18 06:49 . 2015-09-26 16:05 281600 ----a-w- c:\windows\system32\schannel.dll
2015-11-18 06:49 . 2015-09-26 13:21 274432 ----a-w- c:\windows\system32\bcrypt.dll
2015-11-18 06:49 . 2015-09-22 13:11 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-11-18 06:32 . 2015-11-18 06:32 -------- d-----w- c:\program files\CCleaner
2015-11-18 06:23 . 2015-11-26 12:12 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-18 06:22 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-18 06:22 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-18 06:22 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-18 06:22 . 2015-11-18 06:22 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2015-11-17 09:18 . 2015-11-17 09:18 6420480 ----a-w- c:\program files\GUT52F0.tmp
2015-11-17 09:18 . 2015-11-17 09:18 -------- d-----w- c:\program files\GUM52EF.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-17 23:29 . 2014-03-14 07:45 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-17 23:29 . 2014-03-14 07:45 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-20 02:34 . 2008-09-30 01:25 8985080 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2010-07-23 15:49 . 2013-12-20 11:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-10-19 6564776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-24 6298144]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-11-26 782520]
.
c:\users\Pluto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN223397SX05V3;CONNECTION=USB;MONITOR=1; [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Pluto^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk]
path=c:\users\Pluto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
backup=c:\windows\pss\Picture Motion Browser Medien-Prüfung.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 14:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 18:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-04 10:23 1033512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 14:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"WrtMon.exe"=c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-18 01:48 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14 23:29]
.
2015-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-06 07:33]
.
2015-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-06 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = https://safesearch.avira.com/
mStart Page = https://safesearch.avira.com/
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=2534b294-3af3-481f-a884-00e1100ecea4&searchtype=ds&q={searchTerms}&installDate={installDate}
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
Toolbar-!{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-11-27 08:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2015-11-27 08:38:04
ComboFix-quarantined-files.txt 2015-11-27 07:38
.
Vor Suchlauf: 11 Verzeichnis(se), 207.804.293.120 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 207.037.054.976 Bytes frei
.
- - End Of File - - 1645718FEB0BE5FCF063A51C86D2DDCC
5C616939100B85E558DA92B899A0FC36
Fehlermeldungen gab es keine.
Danke, schmidtkers
27.11.2015, 08:39
Baum-Darstellung