| standardhans | 13.01.2011 16:31 |
Combofix Logfile: Code:
ComboFix 11-01-12.04 - Batu 13.01.2011 16:02:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3197.2332 [GMT 1:00]
ausgeführt von:: c:\users\Batu\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\HyperCam Toolbar\tbHElper.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-13 bis 2011-01-13 ))))))))))))))))))))))))))))))
.
2011-01-13 15:16 . 2011-01-13 15:16 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-01-13 15:16 . 2011-01-13 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-13 14:39 . 2011-01-13 14:39 -------- d-----w- c:\program files\CCleaner
2011-01-12 10:15 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 10:15 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 10:15 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 10:15 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 10:15 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 10:15 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 10:15 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-12 09:30 . 2011-01-12 09:30 -------- d-----w- c:\users\Batu\AppData\Roaming\Malwarebytes
2011-01-12 09:29 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 09:29 . 2011-01-12 09:29 -------- d-----w- c:\programdata\Malwarebytes
2011-01-12 09:29 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 09:29 . 2011-01-12 09:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 14:59 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6661C960-0776-4773-8DC1-5BADC8ABBB3C}\mpengine.dll
2011-01-09 20:13 . 2011-01-13 15:13 -------- d-----w- c:\program files\HyperCam Toolbar
2011-01-09 20:13 . 2011-01-09 20:13 -------- d-----w- c:\program files\HyCam2
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\program files\Emicsoft Studio
2011-01-08 16:59 . 2011-01-08 16:59 -------- d-----w- c:\programdata\MFAData
2010-12-19 18:20 . 2010-12-19 19:18 -------- d-----w- c:\users\Batu\bluej
2010-12-19 18:14 . 2010-12-19 18:14 -------- d-----w- c:\program files\Sun
2010-12-19 18:10 . 2010-12-19 18:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-19 18:10 . 2010-12-19 18:10 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-19 16:16 . 2010-12-19 16:16 -------- d-----w- C:\BlueJ
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 14:50 . 2010-03-28 12:29 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 15:49 . 2010-03-28 12:29 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 10:07 . 2010-11-24 10:07 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-15 20:28 . 2010-03-27 11:42 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-15 20:28 . 2010-03-27 11:49 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-15 20:28 . 2010-03-27 11:42 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-14 17:31 . 2010-03-27 11:42 138056 ----a-w- c:\users\Batu\AppData\Roaming\PnkBstrK.sys
2010-11-14 17:30 . 2010-03-27 11:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-14 17:30 . 2010-03-27 11:42 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-14 15:59 . 2010-03-28 14:31 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-19 09:41 . 2010-03-27 10:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-03-27 2356088]
"Google Update"="c:\users\Batu\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-15 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-10 18:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-11-02 13:27 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2010-08-18 08:53 249856 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 08:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 12:01 71216 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-08 02:27 6273568 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-03-02 20:23 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Batu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 136176]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-05-29 13224]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 420920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-01 13312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-05-29 27632]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-08-28 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 10:16]
2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 10:16]
2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2856599818-3961926855-1914498154-1003Core.job
- c:\users\Batu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 17:12]
2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2856599818-3961926855-1914498154-1003UA.job
- c:\users\Batu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 17:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Batu\AppData\Roaming\Mozilla\Firefox\Profiles\uumq2u4w.default\
FF - prefs.js: browser.startup.homepage - www.faridbang.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Fox!Box: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8} - %profile%\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: myFireFox: {e213bb8f-8ebd-11db-96b7-005056c00008} - %profile%\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-13 16:17
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2856599818-3961926855-1914498154-1003\Software\SecuROM\License information*]
"datasecu"=hex:cf,90,d5,eb,f6,41,78,bd,d6,17,03,40,39,27,3f,09,b9,20,c0,c4,b4,
98,ba,f0,82,b1,e8,a4,be,5f,0f,56,ef,8c,77,09,a9,1a,41,8f,ca,ea,e6,c1,65,bc,\
"rkeysecu"=hex:cc,56,1b,d0,11,df,b3,aa,de,a5,17,9e,e7,1e,34,f0
.
Zeit der Fertigstellung: 2011-01-13 16:28:17
ComboFix-quarantined-files.txt 2011-01-13 15:28
Vor Suchlauf: 10 Verzeichnis(se), 44.698.091.520 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 44.633.669.632 Bytes frei
- - End Of File - - FA6A0A98FD53C76658404E39316D09B4
--- --- --- |
