Hallo. Erstmal danke für die Hilfe bislang.
Wie lang kann es eigentlich dauern bis die Daten wieder sichtbar werden? Denn trotz unhide sehe ich sie noch nicht.
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 11-05-04.04 - Andy 05.05.2011 15:58:12.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.917 [GMT 2:00]
ausgeführt von:: c:\users\Andy\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\kungsfcnqdrcci.dat
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_kungsfaapatpqw
-------\Service_kungsfaapatpqw
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-05 bis 2011-05-05 ))))))))))))))))))))))))))))))
.
.
2011-05-05 14:08 . 2011-05-05 14:08 -------- d-----w- c:\users\Mcx3\AppData\Local\temp
2011-05-05 14:08 . 2011-05-05 14:08 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-05-04 18:50 . 2011-05-04 18:52 -------- d-----w- c:\windows\system32\ca-ES
2011-05-04 18:50 . 2011-05-04 18:52 -------- d-----w- c:\windows\system32\eu-ES
2011-05-04 18:50 . 2011-05-04 18:52 -------- d-----w- c:\windows\system32\vi-VN
2011-05-04 16:41 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-04 16:41 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-04 16:34 . 2011-05-04 16:34 -------- d-----w- c:\windows\system32\EventProviders
2011-05-04 15:13 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-05-04 15:04 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 15:03 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-05-04 15:03 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-05-04 15:03 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-05-04 15:03 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-05-04 15:03 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-05-04 15:03 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-05-04 15:03 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 15:03 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 15:03 . 2009-04-11 06:28 1305600 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2011-05-04 15:03 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-05-04 15:01 . 2009-04-11 06:28 274432 ----a-w- c:\windows\system32\bcrypt.dll
2011-05-04 15:00 . 2009-04-11 06:28 147456 ----a-w- c:\windows\system32\Faultrep.dll
2011-05-04 14:59 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-04 14:58 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-05-04 14:51 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-05-04 14:36 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-05-04 14:35 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-05-04 14:34 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-04 14:34 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-04 14:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-04 14:34 . 2011-03-03 10:49 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 14:34 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-04 14:29 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-05-04 14:29 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-05-04 14:29 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-05-04 14:29 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-05-04 14:29 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-05-04 14:29 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-05-04 14:29 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-05-04 14:29 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-05-04 14:29 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-05-04 14:28 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-05-04 14:28 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2011-05-04 13:55 . 2011-05-04 13:55 -------- d-----w- C:\PerfLogs
2011-05-04 12:57 . 2011-05-04 12:57 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-03 16:35 . 2011-05-03 17:06 -------- d-----w- C:\_OTL
2011-05-03 16:13 . 2011-04-14 16:40 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-03 16:13 . 2011-04-14 16:40 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-03 16:13 . 2011-04-14 16:40 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-03 16:13 . 2011-04-14 16:40 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-03 16:13 . 2011-04-14 16:40 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-03 16:13 . 2011-04-14 16:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-03 16:13 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-03 16:13 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-03 16:04 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B3C64B-0361-4DFE-AA98-C9BA6EB06526}\mpengine.dll
2011-04-29 15:34 . 2011-04-29 15:34 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-29 13:26 . 2011-04-29 13:26 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2011-04-29 13:26 . 2011-04-29 13:26 -------- d-----w- c:\programdata\Malwarebytes
2011-04-29 13:26 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 13:26 . 2011-04-29 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-29 13:26 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 13:38 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-05-04 13:37 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-04-27 15:23 . 2009-07-16 09:16 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-05-04 16:41 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-04 16:41 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-04 16:41 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-04 16:41 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-04-14 16:40 . 2011-05-03 16:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-08-28 169312]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-4 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2007-06-15 143256]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2009-07-13 35840]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-05 c:\windows\Tasks\User_Feed_Synchronization-{FE96D7E8-71EB-4CBA-ABC7-CDCFEE1C5CE9}.job
- c:\windows\system32\msfeedssync.exe [2011-05-04 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
LSP: bmnet.dll
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2j35kolb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(5832)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\Ashampoo\ASHAMP~2\bin\DEFRAG~3.EXE
c:\progra~1\Ashampoo\ASHAMP~2\bin\defragActivityMonitor.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-05 16:21:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-05 14:21
.
Vor Suchlauf: 8 Verzeichnis(se), 193.023.389.696 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 192.560.480.256 Bytes frei
.
- - End Of File - - 5C484D6701C118A6B02FFC5E34E1310D
05.05.2011, 15:48
Baum-Darstellung