trancemoisis | 17.01.2014 00:27 | Hallo schrauber!
Danke das du mir bei meinem Problem behilflich bist.
Leider hab ich den Fehler gemacht, dass ich Combofix nicht auf dem Desktop gespeichert habe. Ich hoffe, dass das nicht weiter schlimm ist. Sonst Poste ich ein neues Log.
Combofix Logfile: Code:
ComboFix 14-01-12.01 - Thomas 16.01.2014 12:12:47.2.2 - x86
ausgeführt von:: c:\downloads\Sylenth\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-16 bis 2014-01-16 ))))))))))))))))))))))))))))))
.
.
2014-01-15 18:41 . 2014-01-15 18:41 22688 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-01-15 18:37 . 2014-01-15 18:37 -------- d-----w- c:\program files\HWiNFO32
2014-01-15 13:39 . 2014-01-15 13:39 -------- d-----w- C:\FRST
2014-01-13 22:25 . 2014-01-13 22:25 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Disc_Soft_Ltd
2014-01-13 22:23 . 2014-01-13 22:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\DAEMON Tools Ultra
2014-01-13 21:55 . 2014-01-13 21:55 -------- d-----w- c:\windows\system32\de-DE
2014-01-13 21:42 . 2014-01-13 21:42 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2014-01-13 21:42 . 2014-01-13 22:25 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Ultra
2014-01-13 21:42 . 2014-01-13 21:42 -------- d-----w- c:\program files\DAEMON Tools Ultra
2014-01-13 21:40 . 2014-01-13 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Ultra
2014-01-13 20:10 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-01-13 20:10 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-01-13 20:10 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-01-13 20:10 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-01-13 20:10 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-01-13 20:10 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2014-01-13 20:09 . 2014-01-13 20:10 -------- d-----w- c:\program files\Dolphin x86
2014-01-13 20:07 . 2014-01-13 20:07 -------- d-----w- c:\program files\Common Files\DirectX
2014-01-12 16:30 . 2014-01-12 16:30 -------- d-----w- C:\Programme
2014-01-12 15:43 . 2014-01-12 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-12 15:40 . 2014-01-12 15:40 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-11 23:25 . 2014-01-11 23:25 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-11 21:32 . 2014-01-11 21:32 -------- d-----w- c:\documents and settings\Thomas\Application Data\Malwarebytes
2014-01-11 21:32 . 2014-01-11 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-11 21:32 . 2014-01-11 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-11 21:32 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-11 21:30 . 2014-01-11 21:30 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Sun
2014-01-11 21:28 . 2014-01-12 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2014-01-11 21:28 . 2014-01-12 08:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-01-11 21:11 . 2014-01-12 21:39 -------- d-----w- C:\AdwCleaner
2014-01-10 16:03 . 2014-01-10 16:03 -------- d-----w- c:\program files\Common Files\Java
2014-01-10 16:03 . 2014-01-10 16:02 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-10 16:03 . 2014-01-10 16:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 16:02 . 2014-01-10 16:02 -------- d-----w- c:\program files\Java
2014-01-09 14:46 . 2014-01-09 14:47 -------- d-----w- c:\program files\Common Files\VST3
2014-01-09 11:45 . 2014-01-09 11:45 -------- d-----w- c:\program files\Common Files\reFX
2014-01-09 11:33 . 2009-10-24 20:15 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2014-01-06 20:20 . 2014-01-06 20:20 -------- d-----w- c:\program files\u-he
2014-01-06 20:13 . 1999-12-17 09:13 86016 ----a-w- c:\windows\unvise32.exe
2014-01-06 20:12 . 2014-01-06 20:12 -------- d-----w- c:\program files\Common Files\Digidesign
2014-01-06 14:04 . 2014-01-06 14:04 -------- d-----w- c:\program files\LinPlug
2014-01-06 14:02 . 2014-01-06 14:02 -------- d-----w- c:\program files\Steinberg
2014-01-06 14:02 . 2014-01-06 14:02 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-01-05 14:05 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2014-01-05 14:05 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2014-01-05 13:52 . 2014-01-05 13:52 -------- d-----w- C:\ProgramData
2014-01-05 00:00 . 2014-01-05 00:00 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2014-01-05 00:00 . 2014-01-05 00:40 -------- d-----w- c:\documents and settings\Thomas\Application Data\Ableton
2014-01-04 23:39 . 2014-01-04 23:39 -------- d-----w- c:\program files\7-Zip
2014-01-03 23:01 . 2014-01-03 23:01 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\fontconfig
2014-01-03 23:01 . 2014-01-04 16:39 -------- d-----w- c:\documents and settings\Thomas\.smplayer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 01:01 . 2013-04-30 14:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 01:01 . 2011-07-19 06:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2004-08-03 22:56 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Thomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Thomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Thomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\documents and settings\Thomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Ultra Agent"="c:\program files\DAEMON Tools Ultra\DTAgent.exe" [2013-11-14 3192056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk.disabled [2013-2-15 1057]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-5706737-706353721-1019313964-13309\Scripts\Logon\0\0]
"Script"=\\triax.int\netlogon\logon-hirschmann-a.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-5706737-706353721-1019313964-17809\Scripts\Logon\0\0]
"Script"=\\triax.int\netlogon\logon-hirschmann-a.vbs
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-01-30 16:49 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-30 16:49 311296 ----a-w- c:\windows\system32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2 (0x2)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"BBUpdate"=3 (0x3)
"BBSvc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\JDownloader\\jre\\bin\\java.exe"=
"c:\\Program Files\\JDownloader\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [08.01.2012 16:18 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08.01.2012 16:18 314456]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [15.01.2014 19:41 22688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08.01.2012 16:18 20568]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [02.02.2009 09:09 45568]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\DAEMON Tools Ultra\DiscSoftBusService.exe [14.11.2013 09:35 723192]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [13.01.2014 22:42 24704]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11.01.2014 22:32 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2014 22:32 701512]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.06.2009 09:58 20480]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [30.01.2003 17:55 18864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2014 22:32 22856]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [15.11.2013 19:42 155824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [15.02.2013 19:13 11520]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-08 00:22 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-30 01:01]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-20 18:03]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-20 18:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page =
mLocal Page =
mStart Page = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: triax.com
Trusted Zone: triax.dk
Trusted Zone: triax.uk
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\a4n04b3a.default\
FF - prefs.js: browser.search.selectedEngine - Google Default
FF - prefs.js: browser.startup.homepage - hxxp://www.googe.at/
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-16 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-149951371-905379647-1706633954-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F5E76E1-FEC9-F271-8665-5AA0D4829C77}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pahmabijciooejeljcdkflalhofpplek"=hex:61,62,6d,6f,63,61,62,6e,68,6d,67,6e,6b,
6c,69,6d,6e,65,66,65,68,62,6f,67,6b,64,70,67,6d,62,6c,6d,6d,66,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2014-01-16 12:33:37
ComboFix-quarantined-files.txt 2014-01-16 11:33
ComboFix2.txt 2014-01-12 22:22
.
Vor Suchlauf: 10.947.411.968 bytes free
Nach Suchlauf: 20 Verzeichnis(se), 11.157.069.824 Bytes frei
.
- - End Of File - - 78BE0DA465F402C608ED828D08EAC9F2 --- --- ---
8F558EB6672622401DA993E1E865C861
[/CODE]
danke und bis bald
trancemoisis |