[code]
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 11-06-05.01 - dani 05.06.2011 14:00:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1906 [GMT 2:00]
ausgeführt von:: c:\users\dani\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\iuoidiosri.exe
c:\iuoidiosri.exe\config.bin
c:\windows\system32\setup.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-05 bis 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 11:57 . 2011-06-05 11:57 -------- d-----w- C:\32788R22FWJFW
2011-06-03 14:20 . 2011-06-03 14:20 -------- d-----w- C:\_OTL
2011-06-03 12:23 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5519886E-B10B-4A66-8E44-509DCD13BE66}\mpengine.dll
2011-05-31 16:49 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 16:49 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 16:52 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-17 18:57 . 2011-05-17 18:57 -------- d-----w- c:\users\dani\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA}
2011-05-14 14:38 . 2011-05-14 14:38 -------- d-----w- c:\users\dani\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E}
2011-05-12 18:33 . 2011-05-12 18:33 -------- d-----w- c:\users\dani\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654}
2011-05-11 14:17 . 2011-05-11 14:18 -------- d-----w- c:\users\dani\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300}
2011-05-11 11:59 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 17:07 . 2011-05-09 17:08 -------- d-----w- c:\users\dani\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50}
2011-05-07 19:03 . 2011-05-07 19:03 -------- d-----w- c:\users\dani\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-06-29 09:56 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-04-20 09:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-04-20 09:14 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-04-20 09:14 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-04-20 09:14 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-04-20 09:14 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-04-20 09:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-03-17 02:00 . 2011-03-17 02:00 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-12 21:55 . 2011-04-27 14:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 08:11 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 08:11 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 13:30 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2009-03-31 20:47 . 2009-08-07 21:19 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VLC play! Server.lnk - c:\program files\ageye\VLC play! Server\VLCplayServer.exe [2011-5-5 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"openvpn-gui"=c:\program files\OpenVPN\bin\openvpn-gui.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-05 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]
.
2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{3CDFAA12-AB5C-4A00-A36F-295ADAD51018}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\dani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\dani\AppData\Roaming\Mozilla\Firefox\Profiles\r40js1v1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-14851473.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-05 14:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-05 14:12:18
ComboFix-quarantined-files.txt 2011-06-05 12:12
.
Vor Suchlauf: 10 Verzeichnis(se), 11.564.052.480 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 11.478.540.288 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 08281A169C21FDAFDBEDC5C35F21BD99
--- --- ---
05.06.2011, 13:28
Baum-Darstellung