koala_89 | 28.01.2013 21:21 | hier das log file
[CODE]
Combofix Logfile: Code:
ComboFix 13-01-28.02 - Barbara neu 28.01.2013 21:05:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.2974.1763 [GMT 1:00]
ausgeführt von:: c:\users\Barbara neu\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Barbara neu\AppData\Roaming\cacaoweb
c:\users\Barbara neu\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Barbara neu\AppData\Roaming\Microsoft\bass.dll
c:\users\Barbara neu\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Barbara neu\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Barbara neu\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Barbara neu\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Barbara neu\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-28 bis 2013-01-28 ))))))))))))))))))))))))))))))
.
.
2013-01-25 10:13 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84CDA6F1-B6D5-40B0-840D-24D83CE2E497}\mpengine.dll
2013-01-23 17:59 . 2013-01-23 18:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-01-23 17:59 . 2013-01-23 17:59 -------- d-----w- c:\program files\LSoft Technologies
2013-01-23 17:56 . 2013-01-23 19:54 -------- d-----w- c:\programdata\Tarma Installer
2013-01-23 15:02 . 2013-01-28 08:49 -------- d-----w- c:\users\Barbara neu\AppData\Roaming\Wise Care 365
2013-01-19 21:00 . 2013-01-19 21:00 -------- d-----w- c:\program files\Common Files\Java
2013-01-19 20:59 . 2013-01-19 20:59 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-13 12:38 . 2013-01-23 19:56 -------- d-----w- c:\program files\Wise
2013-01-09 10:41 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 10:40 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 10:40 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-03 21:10 . 2013-01-03 21:10 -------- d-----w- c:\users\Barbara neu\AppData\Local\PutLockerDownloader
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 20:59 . 2012-05-03 13:41 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-19 20:59 . 2010-05-19 06:21 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-16 16:58 . 2012-03-30 10:42 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-16 16:58 . 2011-06-02 22:56 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-21 12:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 12:28 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-12-19 17:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 02:09 . 2012-12-14 11:52 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 11:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 11:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 11:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 11:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 11:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-13 21:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18 . 2012-12-13 21:00 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-13 21:00 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-30 22:51 . 2012-09-30 14:31 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-09-30 14:31 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-09-30 14:31 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-09-30 14:31 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-09-30 14:31 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-09-30 14:31 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-09-30 14:30 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-09-30 14:30 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-20 13:46 . 2013-01-20 13:46 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Barbara neu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Barbara neu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Barbara neu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-14 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-14 153624]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-10 7399968]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-24 21:04 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:58]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 19:08]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 19:08]
.
2013-01-28 c:\windows\Tasks\User_Feed_Synchronization-{5DD97CF1-442C-45FF-9906-8EEE2E1F9D73}.job
- c:\windows\system32\msfeedssync.exe [2011-04-07 06:30]
.
2013-01-28 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-01-23 16:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Barbara neu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Barbara neu\AppData\Roaming\Mozilla\Firefox\Profiles\4mq0wbaf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F1AF26F8-1828-4279-ABCE-074EF3235BD7} - c:\program files\SockshareDownloader\smarterdownloader.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-28 21:15
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2456872967-582595542-1276562325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]yJY]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2456872967-582595542-1276562325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]yJY\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2456872967-582595542-1276562325-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{542BA5AB-9C0A-14C0-2E12-88310E242B1F}*]
"hajmgicmgdcfjlli"=hex:6a,61,70,6e,64,64,66,6f,63,63,62,64,62,67,68,6e,65,61,
67,6c,00,07
"iadnecmacfafmlpjdm"=hex:6a,61,70,6e,64,64,66,6f,63,63,62,64,62,67,68,6e,65,61,
67,6c,00,07
.
[HKEY_USERS\S-1-5-21-2456872967-582595542-1276562325-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9D7D5DC-1268-1582-6A9D-C9898DB2E4AC}*]
@Allowed: (Read) (RestrictedCode)
"nabmgaokdohmfpiebdljeobhkabj"=hex:69,61,67,62,6e,6c,65,6f,64,67,63,6c,62,6d,
6d,70,6a,63,00,00
"mahdmopmgclgeahdemihkpdfhl"=hex:69,61,67,62,6e,6c,65,6f,64,67,63,6c,62,6d,6d,
70,6a,63,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5292)
c:\users\Barbara neu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Zeit der Fertigstellung: 2013-01-28 21:19:18
ComboFix-quarantined-files.txt 2013-01-28 20:19
.
Vor Suchlauf: 15 Verzeichnis(se), 139.056.123.904 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 138.966.708.224 Bytes frei
.
- - End Of File - - 718403874FD443DAC07E41FD7597D309 --- --- --- |