| Wombat44 | 09.06.2010 17:16 |
Combofix Code:
ComboFix 10-06-08.05 - xxx 09.06.2010 17:55:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1919.1080 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Downloads\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\xxx\AppData\Local\ykuykyw.dat
c:\users\xxx\AppData\Local\ykuykyw_nav.dat
c:\users\xxx\AppData\Local\ykuykyw_navps.dat
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-09 bis 2010-06-09 ))))))))))))))))))))))))))))))
.
2010-06-09 16:00 . 2010-06-09 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-09 16:00 . 2010-06-09 16:00 -------- d-----w- c:\users\xxx\AppData\Local\temp
2010-06-09 13:51 . 2010-06-09 13:53 -------- d-----w- c:\program files\ICQ7.2
2010-06-08 20:07 . 2010-06-08 20:07 -------- d-----w- C:\_OTL
2010-06-08 18:33 . 2010-06-08 18:33 -------- d-----w- C:\rsit
2010-06-08 18:10 . 2010-06-08 18:10 -------- d-----w- c:\program files\CCleaner
2010-05-26 14:13 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 09:22 . 2010-05-21 09:22 7168 ----a-w- c:\programdata\Lexware\QuickSteuer Deluxe\2010\versionSteuerHtml.dll
2010-05-21 09:22 . 2010-05-21 09:22 7168 ----a-w- c:\programdata\Lexware\QuickSteuer Deluxe\2010\versionTaxAppData.dll
2010-05-21 09:22 . 2010-05-21 09:22 7168 ----a-w- c:\programdata\Lexware\QuickSteuer Deluxe\2010\Daten\versionTaxDB.dll
2010-05-21 08:37 . 2010-05-21 08:37 716800 ----a-w- c:\windows\system32\lxter20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 69632 ----a-w- c:\windows\system32\PXTTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 557056 ----a-w- c:\windows\system32\zvkonline80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 4661248 ----a-w- c:\windows\system32\LxXtreme70VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 27648 ----a-w- c:\windows\system32\LXTPSW20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 1347584 ----a-w- c:\windows\system32\LXTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 110592 ----a-w- c:\windows\system32\LxUISettings20Native.dll
2010-05-21 08:37 . 2010-05-21 08:37 323584 ----a-w- c:\windows\system32\LxImport80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 299008 ----a-w- c:\windows\system32\LXBtr80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 225280 ----a-w- c:\windows\system32\LxBasics80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 192512 ----a-w- c:\windows\system32\LXDasi80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 135168 ----a-w- c:\windows\system32\LxMail30VC8.dll
2010-05-12 12:06 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 15:05 . 2008-03-07 21:28 -------- d-----w- c:\programdata\Google Updater
2010-06-09 12:08 . 2006-11-02 15:33 628210 ----a-w- c:\windows\system32\perfh007.dat
2010-06-09 12:08 . 2006-11-02 15:33 126850 ----a-w- c:\windows\system32\perfc007.dat
2010-06-08 18:39 . 2009-07-11 15:47 -------- d-----w- c:\program files\Trend Micro
2010-06-08 18:17 . 2009-07-11 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 17:55 . 2007-09-21 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 17:14 . 2010-05-09 11:30 -------- d-----w- c:\program files\ICQ7.0
2010-06-04 14:42 . 2009-07-11 20:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 11:01 . 2008-01-15 20:39 -------- d-----w- c:\program files\Microsoft
2010-05-22 09:47 . 2007-09-21 12:41 -------- d-----w- c:\program files\Google
2010-05-12 12:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 12:54 . 2007-09-21 10:04 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-03 10:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-09 11:26 . 2010-05-09 11:26 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-09 11:26 . 2009-03-15 14:19 -------- d-----w- c:\programdata\ICQ
2010-04-29 14:46 . 2008-03-08 00:10 -------- d-----w- c:\program files\Java
2010-04-29 13:39 . 2009-07-11 13:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-07-11 13:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 15:29 . 2010-04-29 14:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 13:34 . 2010-04-05 13:34 680 ----a-w- c:\users\xxx\AppData\Local\d3d9caps.dat
2010-04-05 13:29 . 2008-11-22 17:56 110144 ----a-w- c:\users\xxxRef\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-30 21:14 . 2010-03-30 21:14 1232496 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_D9AEC8D4D1915047.dll
2010-03-29 11:03 . 2010-03-29 11:03 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-29 10:59 . 2010-03-29 11:03 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-03-22 09:36 . 2010-03-29 11:03 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2008-10-21 12:19 . 2008-03-07 22:37 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-04-17 08:30 . 2007-04-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SystemExplorer"="c:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-09 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"GnabTray"="c:\program files\Common Files\Gnab\Service\GnabTray.exe" [2007-04-13 327680]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 12:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,f9,16,ce,4c,05,ca,01
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R4 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-21 29744]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-07 14:46]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:21]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:21]
2009-10-24 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-09-22 05:33]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{A103A693-F92C-4A81-8F7F-6C80799EFF3D} - c:\program files\Tomato\TubeDownload\TDIEPage.html
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
TCP: {F025EAFD-A26D-4098-A476-9699D0CA24BB} = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\xxxAppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
ActiveSetup-ccc-core-static - msiexec
AddRemove-ACRM1_is1 - f:\rescue master 2008\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 18:01
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dc,d2,a4,19,a9,a9,09,cc,c9,e2,98,a6,e6,2f,7f,17,9a,2a,39,4e,d5,20,24,
5e,4b,fa,43,f9,35,e3,b0,b4,af,4f,7a,94,03,44,c5,52,48,a6,15,10,cb,30,e7,f3,\
"??"=hex:49,93,a4,55,8a,40,8c,12,34,e1,0f,92,d5,d6,e0,4d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-09 18:03:57
ComboFix-quarantined-files.txt 2010-06-09 16:03
Vor Suchlauf: 16 Verzeichnis(se), 292.939.489.280 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 292.875.378.688 Bytes frei
- - End Of File - - 5027EFCF028224B13BF367045EDFFEBE
|
