Soooo. Fertig.
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-09-04.06 - flynico 05.09.2010 19:19:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1789.1075 [GMT 2:00]
ausgeführt von:: c:\users\flynico\Desktop\cofi.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-05 bis 2010-09-05 ))))))))))))))))))))))))))))))
.
2010-09-05 15:37 . 2010-09-05 15:37 -------- d-----w- C:\_OTL
2010-09-03 12:06 . 2010-09-03 12:06 -------- d-----w- c:\users\flynico\Bewerbung
2010-09-03 12:06 . 2010-09-03 12:06 -------- d-----w- c:\users\flynico\Lenas Dokus
2010-09-03 09:21 . 2010-09-03 09:21 -------- d-----w- c:\program files\Trend Micro
2010-09-02 11:17 . 2010-09-02 11:17 -------- d--h--w- c:\users\flynico\car
2010-09-01 13:46 . 2010-09-01 13:46 -------- d-----w- c:\program files\ESET
2010-08-31 18:42 . 2010-08-31 18:42 -------- d-----w- c:\users\flynico\AppData\Roaming\Malwarebytes
2010-08-31 18:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 18:42 . 2010-08-31 18:42 -------- d-----w- c:\programdata\Malwarebytes
2010-08-31 18:42 . 2010-08-31 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 18:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 18:24 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-31 18:18 . 2010-08-31 18:18 -------- d-----w- c:\windows\Sun
2010-08-11 17:07 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 17:07 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 17:07 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 17:07 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 17:07 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 17:07 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 15:53 . 2008-02-12 14:13 -------- d-----w- c:\programdata\Lavasoft
2010-09-05 15:53 . 2007-06-16 20:50 -------- d-----w- c:\program files\Lavasoft
2010-09-05 15:53 . 2009-06-10 17:20 -------- dc-h--w- c:\programdata\~0
2010-09-05 15:38 . 2007-02-28 18:13 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-02 11:27 . 2010-05-02 21:00 -------- d-----w- c:\program files\CCleaner
2010-09-01 20:21 . 2008-01-10 18:42 1 ----a-w- c:\users\flynico\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-09-01 20:21 . 2008-01-10 18:41 -------- d-----w- c:\users\flynico\AppData\Roaming\OpenOffice.org2
2010-09-01 09:31 . 2007-02-28 17:48 685418 ----a-w- c:\windows\system32\perfh007.dat
2010-09-01 09:31 . 2007-02-28 17:48 150582 ----a-w- c:\windows\system32\perfc007.dat
2010-08-31 18:25 . 2007-11-28 18:05 -------- d-----w- c:\program files\Common Files\Java
2010-08-31 18:24 . 2007-11-28 18:07 -------- d-----w- c:\program files\Java
2010-06-26 06:05 . 2010-08-11 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 17:08 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 17:08 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 17:08 274944 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-12-09 815104]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-03-11 208528]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2010-04-08 286720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 19:27 312320 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-03-11 08:02 208528 ----a-w- c:\program files\pdf24\pdf24.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play AVStation TV Scheduler]
2007-01-09 02:09 73728 ----a-w- c:\program files\Samsung\Play AVStation\TvScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"wcmdmgr"=c:\windows\wt\updater\wcmdmgrl.exe -launch
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="D:\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):06,e2,fa,56,aa,e4,ca,01
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-02-28 13312]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - avgio
*Deregistered* - avipbb
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{EAC33792-E742-4586-AA1E-7C6F17AA71B4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: airberlin.com
Trusted Zone: ilearn24.net\www
Trusted Zone: myairberlin.com
Trusted Zone: myairberlin.com\www
FF - ProfilePath - c:\users\flynico\AppData\Roaming\Mozilla\Firefox\Profiles\zkwfkcxq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\flynico\AppData\LocalLow\POWERC~1\nppowerloader.dll
FF - plugin: c:\users\flynico\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\flynico\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-05 19:27
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-05 19:31:41
ComboFix-quarantined-files.txt 2010-09-05 17:31
Vor Suchlauf: 18 Verzeichnis(se), 14.566.359.040 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 15.172.456.448 Bytes frei
- - End Of File - - 62F569673A00476C3A3506607BA35A87
--- --- ---
05.09.2010, 19:14
Baum-Darstellung