Hier das Combofix:
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-11-03.02 - Alex 03.11.2012 18:13:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.966 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\inst.exe
c:\users\Alex\AppData\Roaming\Oleb
c:\users\Alex\AppData\Roaming\Oleb\fadek.exe
c:\users\Alex\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-03 bis 2012-11-03 ))))))))))))))))))))))))))))))
.
.
2012-11-03 17:22 . 2012-11-03 17:23 -------- d-----w- c:\users\Alex\AppData\Local\temp
2012-11-03 17:22 . 2012-11-03 17:22 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2012-11-03 17:22 . 2012-11-03 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 18:54 . 2012-11-03 16:46 -------- d-----w- c:\users\Alex\AppData\Roaming\Apype
2012-11-01 18:54 . 2012-11-01 18:54 -------- d-----w- c:\users\Alex\AppData\Roaming\Amopob
2012-10-28 09:40 . 2012-10-28 09:43 -------- d-----w- C:\Es war einmal der Mensch DVD 6 (C-XC O T-174 S-0 A-DE_EN_FR Q-124)
2012-10-17 22:15 . 2012-10-17 22:32 -------- d-----w- C:\Spacken Test
2012-10-10 06:05 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 06:05 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 06:05 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 06:05 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 06:04 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 06:04 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 06:04 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 13:49 . 2009-07-17 20:47 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-03 13:49 . 2009-06-13 14:57 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-10 00:07 . 2012-03-30 06:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 00:07 . 2011-06-25 19:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-22 07:54 . 2012-09-22 07:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 07:54 . 2012-09-08 05:46 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-22 07:54 . 2010-05-04 20:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-25 11:50 . 2012-09-22 06:02 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 06:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 06:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 06:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-25 11:44 . 2012-09-22 06:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-08-25 10:11 . 2012-09-22 06:02 385024 ----a-w- c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 06:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 06:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-27 20:27 . 2012-10-27 20:27 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185896]
"LiveUpdate"="c:\program files\Byteswarm\LiveUpdate\LiveUpdate.exe" [2004-08-28 2150400]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-29 5178664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 01045777
*Deregistered* - 01045777
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:07]
.
2012-11-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-30 07:54]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 08:32]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 08:32]
.
2012-11-03 c:\windows\Tasks\User_Feed_Synchronization-{0B478D9A-A3A0-425B-A64A-446EA1219869}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\
FF - ExtSQL: 2012-09-08 07:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 19:22; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-27 09:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
HKCU-Run-Kiehgoceuf - c:\users\Alex\AppData\Roaming\Oleb\fadek.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
AddRemove-Byteswarm_LiveUpdate - c:\windows\iun6002.exe
AddRemove-DesertCombat - c:\windows\iun6002.exe
AddRemove-LucasArts' X-Wing vs. TIE Fighter - c:\windows\unin0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-03 18:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-03 18:25:13
ComboFix-quarantined-files.txt 2012-11-03 17:24
.
Vor Suchlauf: 10 Verzeichnis(se), 26.848.944.128 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 29.685.669.888 Bytes frei
.
- - End Of File - - 574EA66B31486EDDD33C3626A88A5128
--- --- ---
Die Star Wars Battlefront Datei habe ich vermutlich mal vor zweieinhalb Jahren downgeloaded und ausgeführt. Sie stammt von Mai 2010. Danach habe ich nichts mehr damit gemacht.
03.11.2012, 18:32
Baum-Darstellung