Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-07-16.01 - Babsi 16.07.2012 20:50:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3582.2099 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\intellidownload\gunzip.exe
c:\program files\OApps\bhO_project.dll
c:\programdata\1217777518
c:\programdata\1757406274
c:\programdata\SysWoW32
c:\programdata\SysWoW32\_u1656090184v0
c:\programdata\SysWoW32\mu1656090184v4.kwd
c:\programdata\SysWoW32\mu1656090184v5.kwd
c:\programdata\SysWoW32\mu1656090184v6.kwd
c:\programdata\SysWoW32\mu1656090184v7.kwd
c:\programdata\SysWoW32\wu1656090184v0
c:\programdata\SysWoW32\wu1656090184v0.kwd
c:\programdata\SysWoW32\wu1656090184v1.kwd
c:\programdata\SysWoW32\wu1656090184v2.kwd
c:\programdata\SysWoW32\wu1656090184v3.kwd
c:\programdata\unrar.exe
c:\users\Babsi\AppData\Local\assembly\tmp
c:\users\Babsi\AppData\Roaming\syswin
c:\windows\system32\Temp
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-16 bis 2012-07-16 ))))))))))))))))))))))))))))))
.
.
2012-07-16 18:54 . 2012-07-16 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 01:02 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 19:32 . 2012-07-14 19:32 -------- d-----w- c:\users\Babsi\AppData\Roaming\TuneUp Software
2012-07-14 19:32 . 2012-07-14 19:33 -------- d-----w- c:\programdata\TuneUp Software
2012-07-14 19:32 . 2012-07-14 19:32 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-14 19:09 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-14 19:09 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-14 19:09 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-14 19:08 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-14 19:08 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-14 19:08 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-14 19:08 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66DBADD7-0BFF-4D22-93A1-FC45D038FDA2}\mpengine.dll
2012-07-14 18:56 . 2012-07-14 19:21 -------- d-----w- C:\_OTL
2012-07-09 18:08 . 2012-07-09 18:08 -------- d--h--w- c:\programdata\Common Files
2012-07-09 18:08 . 2012-07-09 18:11 -------- d-----w- c:\programdata\MFAData
2012-07-05 22:40 . 2012-07-05 22:40 -------- d-----w- c:\programdata\EA Core
2012-07-05 22:38 . 2012-07-05 22:28 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2012-07-05 22:38 . 2012-07-05 22:38 -------- d-----w- c:\program files\Microsoft WSE
2012-07-05 21:15 . 2012-07-05 21:30 -------- d-----w- c:\program files\Origin Games
2012-07-05 21:15 . 2012-07-05 21:15 -------- d-----w- c:\users\Babsi\AppData\Local\Origin
2012-07-05 21:15 . 2012-07-05 22:39 -------- d-----w- c:\programdata\Origin
2012-07-05 21:14 . 2012-07-05 21:15 -------- d-----w- c:\users\Babsi\AppData\Roaming\Origin
2012-07-05 21:14 . 2012-07-05 21:14 -------- d-----w- c:\programdata\Electronic Arts
2012-06-28 18:18 . 2012-06-28 18:18 -------- d-----w- c:\users\Babsi\AppData\Roaming\Publish Providers
2012-06-28 18:18 . 2012-06-28 18:18 -------- d-----w- c:\users\Babsi\AppData\Roaming\Sony
2012-06-28 18:18 . 2012-06-28 18:18 -------- d-----w- c:\users\Babsi\AppData\Local\Sony
2012-06-28 16:54 . 2012-07-16 18:53 -------- d-----w- c:\program files\OApps
2012-06-28 16:54 . 2012-06-28 16:58 -------- d-----w- c:\program files\TorrentSearch
2012-06-28 16:54 . 2012-07-16 18:53 -------- d-----w- c:\program files\intellidownload
2012-06-25 15:32 . 2012-06-25 15:32 -------- d-----w- c:\users\Babsi\AppData\Roaming\Audacity
2012-06-23 20:42 . 2012-06-23 20:42 -------- d-----w- c:\users\Babsi\AppData\Local\Macromedia
2012-06-21 15:01 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:01 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:01 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:01 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:01 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:01 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:01 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:00 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:00 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 06:07 . 2012-06-18 06:07 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-18 06:07 . 2012-06-18 06:07 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 22:38 . 2012-04-06 09:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-14 22:38 . 2011-06-11 06:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2011-03-01 09:54 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-09 18:09 . 2011-10-18 09:53 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-09 18:09 . 2011-10-18 09:53 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-01 14:03 . 2012-06-13 17:15 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 17:15 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 17:15 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 17:15 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-18 06:07 . 2011-04-13 00:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar_DE\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59 269824 ----a-w- c:\users\Babsi\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"= "c:\program files\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"GAINWARD"="d:\expertool\TBPanel.exe" [2011-08-02 2273608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"Skytel"="Skytel.exe" [2007-04-04 1822720]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - TuneUpUtilitiesDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 22:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={14038E56-2253-4594-83D4-E0196069BFD9}&mid=42c89a57fff347d0a054d16dca82eb1c-2721e51587cfc871fde70c0021627031221bff8e&lang=de&ds=hk011&pr=sa&d=2012-07-14 21:16&v=11.1.0.12&sap=hp
uInternet Settings,ProxyOverride = 127.0.0.1:9421
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Babsi\AppData\Roaming\Mozilla\Firefox\Profiles\uul9qr3c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - prefs.js: network.proxy.http - 157.181.228.181
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{ff88a983-649d-4207-9336-9b999280b436} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-Raptr - c:\progra~2\Raptr\raptrstub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-16 20:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2898027726-3380410112-3257453159-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*n*i*e�a\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2898027726-3380410112-3257453159-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a1,24,ac,58,a0,f4,af,c6,b2,a3,e6,0d,b6,91,6d,4a,f6,d9,55,3a,9a,a9,b2,
d5,3d,b1,ab,59,80,66,23,d2,4c,60,f4,a0,2c,70,36,eb,38,76,a0,86,3b,36,c0,4e,\
"??"=hex:98,4f,0b,a2,2b,94,7a,d2,60,e7,f1,64,05,29,d4,fd
.
[HKEY_USERS\S-1-5-21-2898027726-3380410112-3257453159-1000\Software\SecuROM\License information*]
"datasecu"=hex:0e,53,2f,0b,db,d2,48,45,67,50,ea,5c,bc,98,dd,16,77,ee,61,5b,6f,
43,30,2b,9a,8b,ec,25,55,15,5b,00,d9,ce,8e,2b,48,84,a3,ee,dc,12,d1,90,8d,3e,\
"rkeysecu"=hex:fc,01,84,f3,ad,9f,dc,99,f6,4e,69,62,88,14,ea,a4
.
Zeit der Fertigstellung: 2012-07-16 20:56:38
ComboFix-quarantined-files.txt 2012-07-16 18:56
.
Vor Suchlauf: 10 Verzeichnis(se), 17.280.585.728 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 17.043.087.360 Bytes frei
.
- - End Of File - - 13D2F764331D9002755294CDF36BC7B3
So das wäre der Log. TuneUp ist wieder unten^^
Dachte der wär ok weil der auf eurer Seite stand.
Baum-Darstellung