Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-07-31.04 - Michael 02.08.2010 1:10.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2047.1224 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Michael\avira_antivir_personal_de.exe
c:\users\Michael\FileZilla_3.2.6.1_win32-setup.exe
c:\users\Michael\httspaket.exe
c:\users\Michael\MediaCoder-0.7.1.4433.exe
c:\users\Michael\multiAVCHD_3.0.exe
c:\users\Michael\Nero8_chm_Deu.exe
c:\users\Michael\SetupCloneCD5314.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-01 bis 2010-08-01 ))))))))))))))))))))))))))))))
.
2010-08-01 23:16 . 2010-08-01 23:16 -------- d-----w- c:\users\Michael\AppData\Local\temp
2010-08-01 23:16 . 2010-08-01 23:16 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-08-01 23:16 . 2010-08-01 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-01 22:52 . 2010-08-01 22:52 -------- d-----w- c:\program files\CCleaner
2010-07-29 23:14 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 23:14 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 23:13 . 2010-07-29 23:13 6153352 ----a-w- c:\users\Michael\mbam-setup-1.46.exe
2010-07-12 08:03 . 2010-07-12 15:41 -------- d-----w- c:\users\Michael\AppData\Roaming\Wienerberger18599 Standard
2010-07-12 07:58 . 2010-07-12 07:58 -------- d-----w- c:\program files\dena Energieausweis
2010-07-12 07:57 . 2010-07-12 08:03 -------- d-----w- c:\programdata\Wienerberger18599 Standard
2010-07-12 07:57 . 2010-07-12 07:57 -------- d-----w- c:\program files\Wienerberger18599 Standard V3
2010-07-09 08:24 . 2010-07-09 08:24 -------- d-----w- C:\Programme
2010-07-09 08:24 . 2010-07-09 08:24 -------- d-----w- c:\programdata\Ziegel
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 23:14 . 2010-05-20 10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 20:39 . 2008-04-29 21:14 -------- d-----w- c:\users\Michael\AppData\Roaming\Goasv
2010-07-29 07:11 . 2008-02-07 22:34 -------- d-----w- c:\users\Michael\AppData\Roaming\Heixy
2010-07-01 08:23 . 2010-07-01 08:23 -------- d-----w- c:\program files\IKEA HomePlanner
2010-07-01 08:23 . 2010-07-01 08:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-29 00:11 . 2009-12-25 21:22 -------- d-----w- c:\users\Michael\AppData\Roaming\vlc
2010-06-12 17:43 . 2007-10-23 12:39 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 23:13 . 2006-11-02 15:33 641106 ----a-w- c:\windows\system32\perfh007.dat
2010-06-09 23:13 . 2006-11-02 15:33 116500 ----a-w- c:\windows\system32\perfc007.dat
2010-06-06 11:24 . 2008-05-29 08:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 19:15 . 2010-05-21 13:07 35093 ----a-w- c:\programdata\nvModes.dat
2010-05-23 12:16 . 2008-04-14 16:14 680 ----a-w- c:\users\Michael\AppData\Local\d3d9caps.dat
2010-05-21 12:14 . 2009-10-03 12:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 10:33 . 2010-05-20 10:33 6153648 ----a-w- c:\users\Michael\mbam-setup.exe
2010-05-20 00:48 . 2010-05-20 00:48 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-20 00:48 . 2010-05-20 00:48 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-20 00:48 . 2010-05-20 00:48 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-20 00:48 . 2010-05-20 00:48 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-20 00:48 . 2010-05-20 00:48 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-20 00:48 . 2010-05-20 00:48 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-20 00:48 . 2010-05-20 00:48 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-20 00:48 . 2010-05-20 00:48 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-20 00:48 . 2010-05-20 00:48 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-20 00:45 . 2010-05-20 00:45 738824 ----a-w- c:\users\Michael\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe
2010-05-19 23:00 . 2010-05-19 23:00 388608 ----a-w- c:\users\Michael\HiJackThis204.exe
2010-05-11 08:18 . 2010-05-11 08:17 1203200 ----a-w- c:\users\Michael\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold_de.exe
2008-03-03 18:08 . 2008-03-03 17:49 72 --sha-w- c:\windows\S9A6E3F3B(172).tmp
2008-03-03 18:08 . 2008-03-03 17:49 72 --sha-w- c:\windows\S9A6E3F3B(205).tmp
2008-03-03 18:08 . 2008-03-03 17:49 72 --sha-w- c:\windows\S9A6E3F3B(52).tmp
2008-03-03 18:08 . 2008-03-03 17:49 72 --sha-w- c:\windows\S9A6E3F3B(54).tmp
2008-03-03 18:08 . 2008-03-03 17:49 72 --sha-w- c:\windows\S9A6E3F3B(59).tmp
2008-03-03 18:08 . 2008-03-03 17:49 72 --sha-w- c:\windows\S9A6E3F3B(85).tmp
2008-03-03 18:08 . 2008-03-03 17:49 72 --sh--w- c:\windows\S9A6E3F3B.tmp
2006-05-03 09:06 . 2009-06-29 16:14 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-06-29 16:14 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-06-29 16:14 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-23 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^E-Mail - Verknüpfung.lnk]
path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
backup=c:\windows\pss\E-Mail - Verknüpfung.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Internet - Verknüpfung.lnk]
path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet - Verknüpfung.lnk
backup=c:\windows\pss\Internet - Verknüpfung.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-30 11:39 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: comdirect.de
Trusted Zone: comdirect.de\brokerage
Trusted Zone: luderworld.de\www
Trusted Zone: salsa-munich.de\www
Trusted Zone: vcn-online.de\www
DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} - hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\uhvu7q81.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-{34FD15BC-CEBA-5E4C-6376-740B714F5D5B} - c:\users\Michael\AppData\Roaming\Goasv\uqyw.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-02 01:18:59
ComboFix-quarantined-files.txt 2010-08-01 23:18
Vor Suchlauf: 23 Verzeichnis(se), 152.598.204.416 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 151.806.271.488 Bytes frei
- - End Of File - - CB3318E1348F44613AE01423025911E1
--- --- ---
02.08.2010, 00:23
Baum-Darstellung