ROBIBOR 114 | 21.05.2010 14:01 | Erfolg Der Sicherheitscenter funktioniert. :dankeschoen: Hier der Logfile von ComboFix: Code:
ComboFix 10-05-20.A1 - Robert 21.05.2010 14:31:37.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.43.1031.18.2045.1138 [GMT 2:00]
ausgeführt von:: c:\users\Robert\Downloads\combofix\cofi.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Robert\AppData\Roaming\295A82F90AB8BF3107601E7493E671E8
c:\users\Robert\AppData\Roaming\295A82F90AB8BF3107601E7493E671E8\enemies-names.txt
c:\users\Robert\AppData\Roaming\295A82F90AB8BF3107601E7493E671E8\lsrslt.ini
c:\windows\system32\Cache
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-21 bis 2010-05-21 ))))))))))))))))))))))))))))))
.
2010-05-20 14:47 . 2010-05-20 14:48 3290578 ----a-w- c:\users\Robert\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
2010-05-18 19:13 . 2010-05-18 19:13 -------- d-----w- c:\program files\CCleaner
2010-05-18 15:35 . 2010-05-18 15:37 -------- d-----w- c:\users\Robert\AppData\Roaming\Online Solutions
2010-05-12 12:25 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 14:14 . 2010-05-11 14:14 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes
2010-05-11 14:13 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-11 14:13 . 2010-05-11 14:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 14:13 . 2010-05-11 14:13 -------- d-----w- c:\programdata\Malwarebytes
2010-05-11 14:13 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 11:38 . 2010-04-24 11:38 9662 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{4527481F-E36D-408E-9F40-89E2630E2120}\_6FEFF9B68218417F98F549.exe
2010-04-24 11:38 . 2010-04-24 11:38 355574 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{4527481F-E36D-408E-9F40-89E2630E2120}\_D5F7931E8956E5F2853715.exe
2010-04-24 11:38 . 2010-04-24 11:38 355574 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{4527481F-E36D-408E-9F40-89E2630E2120}\_9418668BEEAABDC7D6D2ED.exe
2010-04-24 11:38 . 2010-04-24 11:38 25214 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{4527481F-E36D-408E-9F40-89E2630E2120}\_4B8709E2321C73F37A3A7B.exe
2010-04-24 11:38 . 2010-04-24 11:38 10134 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{4527481F-E36D-408E-9F40-89E2630E2120}\_06AD63CCBCBA508D193269.exe
2010-04-22 14:01 . 2010-05-13 20:33 -------- d-----w- c:\users\Robert\Neuer Ordner1
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 12:10 . 2010-02-12 17:40 163846 ----a-w- c:\programdata\nvModes.dat
2010-05-21 11:22 . 2009-08-03 16:05 -------- d-----w- c:\programdata\NVIDIA
2010-05-21 10:44 . 2009-11-27 13:23 659158 ----a-w- c:\windows\system32\perfh00A.dat
2010-05-21 10:44 . 2009-11-27 13:23 129720 ----a-w- c:\windows\system32\perfc00A.dat
2010-05-21 10:44 . 2009-11-26 17:30 661858 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-21 10:44 . 2009-11-26 17:30 655740 ----a-w- c:\windows\system32\perfh010.dat
2010-05-21 10:44 . 2009-11-26 17:30 123622 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-21 10:44 . 2009-11-26 17:30 120396 ----a-w- c:\windows\system32\perfc010.dat
2010-05-21 10:44 . 2009-11-26 17:30 376272 ----a-w- c:\windows\system32\perfh011.dat
2010-05-21 10:44 . 2009-11-26 17:30 101896 ----a-w- c:\windows\system32\perfc011.dat
2010-05-21 10:44 . 2009-11-26 16:30 659358 ----a-w- c:\windows\system32\perfh013.dat
2010-05-21 10:44 . 2009-11-26 16:30 126910 ----a-w- c:\windows\system32\perfc013.dat
2010-05-21 10:44 . 2006-11-02 15:48 621630 ----a-w- c:\windows\system32\perfh007.dat
2010-05-21 10:44 . 2006-11-02 15:48 123642 ----a-w- c:\windows\system32\perfc007.dat
2010-05-21 10:40 . 2009-10-09 14:05 -------- d-----w- c:\users\christinee\AppData\Roaming\LimeWire
2010-05-18 12:41 . 2009-09-24 12:50 -------- d-----w- c:\users\christinee\AppData\Roaming\vlc
2010-05-12 13:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 13:02 . 2010-02-23 19:05 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-02 23:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 12:58 . 2009-10-06 13:31 -------- d-----w- c:\users\Robert\AppData\Roaming\LimeWire
2010-05-09 11:54 . 2009-08-03 15:17 2032 ----a-w- c:\users\Robert\AppData\Local\d3d9caps.dat
2010-05-09 11:04 . 2010-01-26 15:22 -------- d-----w- c:\users\Robert\AppData\Roaming\Skype
2010-05-07 13:13 . 2010-02-27 15:54 -------- d-----w- c:\program files\Opera
2010-05-07 13:12 . 2009-08-06 21:37 -------- d-----w- c:\program files\Google
2010-04-27 17:35 . 2009-11-23 13:32 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-15 14:32 . 2010-04-15 14:32 -------- d-----w- c:\program files\ESET
2010-04-12 16:48 . 2010-04-12 16:48 -------- d-----w- c:\users\christinee\AppData\Roaming\Avira
2010-04-08 18:53 . 2010-02-06 18:31 -------- d-----w- c:\users\christinee\AppData\Roaming\Skype
2010-04-08 18:52 . 2010-04-08 18:52 -------- d-----w- c:\programdata\avG
2010-04-06 21:48 . 2010-02-12 17:14 1356 ----a-w- c:\users\christinee\AppData\Local\d3d9caps.dat
2010-04-03 11:55 . 2010-04-03 11:55 8 ----a-w- c:\users\Robert\AppData\Roaming\jasltw.dat
2010-04-02 15:45 . 2010-04-02 15:45 -------- d-----w- c:\users\christinee\AppData\Roaming\NCH Swift Sound
2010-04-02 11:19 . 2009-10-07 20:10 -------- d-----w- c:\users\christinee\AppData\Roaming\DivX
2010-04-02 10:57 . 2010-04-02 10:57 -------- d-----w- c:\program files\cezareea
2010-03-26 15:22 . 2009-11-22 14:17 -------- d-----w- c:\users\Robert\AppData\Roaming\DivX
2010-03-26 14:46 . 2010-03-26 14:46 -------- d-----w- c:\users\Robert\AppData\Roaming\Avira
2010-03-21 12:25 . 2010-03-21 12:25 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 57676 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 84035 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-21 12:25 . 2010-03-21 12:25 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-21 12:24 . 2010-03-21 12:27 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-03-21 12:24 . 2010-03-21 12:27 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 14:01 . 2010-04-14 14:34 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 08:05 . 2009-08-03 15:55 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-27 15:40 . 2010-02-27 15:40 0 ----a-w- c:\windows\nsreg.dat
2010-02-26 21:07 . 2009-08-03 17:40 100432 ----a-w- c:\users\christinee\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 18:32 . 2009-08-03 15:18 100432 ----a-w- c:\users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\227icpyr.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-23 11:32 . 2010-04-14 14:34 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:32 . 2010-04-14 14:34 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:32 . 2010-04-14 14:34 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 10:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 10:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 10:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 10:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 18:13 . 2010-03-04 19:53 52224 ----a-w- c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\227icpyr.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-02-22 18:13 . 2010-03-04 19:53 101376 ----a-w- c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\227icpyr.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-02-22 15:35 . 2010-02-06 18:18 38784 ----a-w- c:\users\Robert\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-22 15:35 . 2010-02-06 18:18 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 23:39 . 2010-03-10 22:25 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-10 22:25 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-10 22:25 411136 ----a-w- c:\windows\system32\drivers\http.sys
2007-07-11 03:18 . 2007-07-11 03:18 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e2e6c95-eb77-4d50-bd21-9dd81ddaaa37}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\cezareea\tbceza.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7e2e6c95-eb77-4d50-bd21-9dd81ddaaa37}"= "c:\program files\cezareea\tbceza.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{7e2e6c95-eb77-4d50-bd21-9dd81ddaaa37}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7E2E6C95-EB77-4D50-BD21-9DD81DDAAA37}"= "c:\program files\cezareea\tbceza.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{7e2e6c95-eb77-4d50-bd21-9dd81ddaaa37}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-26 39408]
c:\users\christinee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMB Medien-Prfung.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-6 327680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Inhalt des "geplante Tasks" Ordners
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 17:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.at/
uSearchURL,(Default) = hxxp://www.google.ro
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\227icpyr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\227icpyr.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-21 14:40
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3056211888-1799190059-1298741876-1000\Software\SecuROM\License information*]
"datasecu"=hex:6b,f5,3f,83,0c,17,e2,86,ff,73,6d,e0,0a,d4,a6,80,90,32,68,e0,b8,
a9,60,28,fa,83,ad,04,b9,69,0b,a3,fa,e9,2d,33,9b,c2,a6,c8,5f,d3,dd,05,c5,86,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
Zeit der Fertigstellung: 2010-05-21 14:43:32
ComboFix-quarantined-files.txt 2010-05-21 12:43
Vor Suchlauf: 10 Verzeichnis(se), 70.175.518.720 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 70.459.248.640 Bytes frei
- - End Of File - - 58F7BA696ABA6B094DFC00A3050FF505 |