guten morgen, hier der log:
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-07-24.06 - Mrs.Smith 27.07.2010 8:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1878 [GMT 2:00]
ausgeführt von:: c:\users\Mrs.Smith\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Mrs.Smith\AppData\Roaming\Yfaze\ivkid.exe
c:\users\Public\OOo_3.0.0_Win32Intel_install_de.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-27 bis 2010-07-27 ))))))))))))))))))))))))))))))
.
2010-07-26 21:32 . 2010-07-26 21:32 -------- d-----w- c:\windows\system32\Adobe
2010-07-26 19:50 . 2010-07-26 19:50 -------- d-----w- C:\_OTL
2010-07-26 19:39 . 2010-07-26 19:39 -------- d-----w- c:\users\Mrs.Smith\AppData\Local\Threat Expert
2010-07-26 10:22 . 2010-07-26 10:22 -------- d-----w- c:\program files\7-Zip
2010-07-22 09:01 . 2010-07-22 09:15 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-22 09:01 . 2010-01-22 06:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-22 09:01 . 2010-01-22 06:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-22 09:01 . 2010-01-22 06:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-22 09:01 . 2009-10-27 22:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-22 09:01 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-07-22 08:59 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-07-22 08:59 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-22 08:58 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-22 08:58 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-22 08:58 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-22 08:58 . 2010-07-26 19:48 -------- d-----w- c:\program files\Spyware Doctor
2010-07-22 08:58 . 2010-07-22 09:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-22 08:58 . 2010-07-22 08:58 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\PC Tools
2010-07-22 08:58 . 2010-07-22 08:58 -------- d-----w- c:\programdata\PC Tools
2010-07-21 09:26 . 2010-07-21 09:26 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Malwarebytes
2010-07-21 07:27 . 2010-07-21 07:27 -------- d-----w- c:\program files\Trend Micro
2010-07-21 07:26 . 2010-07-21 07:26 -------- d-----w- c:\program files\CCleaner
2010-07-21 07:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 07:16 . 2010-07-21 07:16 -------- d-----w- c:\programdata\Malwarebytes
2010-07-21 07:16 . 2010-07-25 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 07:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 06:37 . 2010-07-20 16:30 145 --s-a-w- c:\users\Mrs.Smith\AppData\Local\1447393971.dat
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 21:35 . 2009-01-05 23:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 19:55 . 2009-01-05 22:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-07-26 19:40 . 2009-11-02 17:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-26 19:39 . 2010-02-23 08:18 -------- d-----w- c:\program files\Application Updater
2010-07-26 11:15 . 2009-01-05 20:06 1 ----a-w- c:\users\Mrs.Smith\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-22 19:37 . 2009-11-02 17:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-22 09:31 . 2009-06-08 07:32 680 ----a-w- c:\users\Mrs.Smith\AppData\Local\d3d9caps.dat
2010-07-21 10:57 . 2008-04-16 11:11 632252 ----a-w- c:\windows\system32\perfh007.dat
2010-07-21 10:57 . 2008-04-16 11:11 127464 ----a-w- c:\windows\system32\perfc007.dat
2010-07-21 10:51 . 2010-07-20 06:37 16 ----a-w- c:\users\Mrs.Smith\AppData\Roaming\vdnxlf.dat
2010-07-21 08:21 . 2009-07-22 20:48 -------- d-----w- c:\program files\DivX
2010-07-21 07:54 . 2010-04-26 20:36 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Qeekq
2010-07-21 06:58 . 2009-03-19 07:36 -------- d-----w- c:\program files\Nokia
2010-07-21 06:56 . 2009-07-22 20:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-21 06:56 . 2009-07-22 20:49 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-21 06:55 . 2009-01-22 00:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-21 06:53 . 2008-11-04 13:35 -------- d-----w- c:\program files\ASUS
2010-07-21 06:53 . 2008-11-04 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-21 06:31 . 2010-06-06 17:37 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\Gyvay
2010-07-20 07:01 . 2009-12-25 17:23 -------- d-----w- c:\users\Mrs.Smith\AppData\Roaming\gtk-2.0
2010-07-15 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-26 01:01 . 2010-06-26 01:01 -------- d-----w- c:\program files\Microsoft.NET
2010-06-12 05:26 . 2010-01-06 22:36 -------- d-----w- c:\program files\Ares
2010-06-05 07:32 . 2010-02-13 19:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 17:06 . 2010-06-10 06:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 06:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-01-26 19:07 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-10 06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 06:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 06:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 06:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 06:23 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-11-04 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-04 33136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5a,71,1a,95,f8,5b,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 133104]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 264704]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-23 5120]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 19:54]
2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 19:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {94C1B70E-2FCE-43DD-ADF0-4ADBB450E6B9} = 192.168.178.1
FF - ProfilePath - c:\users\Mrs.Smith\AppData\Roaming\Mozilla\Firefox\Profiles\0ukcfep3.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-{45F1407F-6ED4-82F5-EF23-385F11A24913} - c:\users\Mrs.Smith\AppData\Roaming\Yfaze\ivkid.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-27 09:03
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
C:\ADSM_PData_0150
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-07-27 09:09:36
ComboFix-quarantined-files.txt 2010-07-27 07:09
Vor Suchlauf: 6 Verzeichnis(se), 108.851.638.272 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 108.793.061.376 Bytes frei
- - End Of File - - 2ECA236B1194BF3C25572B37F836248B
--- --- ---
27.07.2010, 08:17
Baum-Darstellung