lennox1982 | 09.01.2010 13:00 | Code:
ComboFix 10-01-04.01 - Tobias 09.01.2010 12:48:42.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.1977 [GMT 1:00]
ausgeführt von:: c:\users\Tobias\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\$recycle.bin\S-1-5-21-1095012008-2871332331-2265422203-500
c:\$recycle.bin\S-1-5-21-1881260713-4089407654-2850825354-500
C:\LOG.TXT
c:\program files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
c:\users\Tobias\AppData\Roaming\Desktopicon
c:\users\Tobias\AppData\Roaming\Desktopicon\config.ini
c:\windows\system32\oem6.inf
.
((((((((((((((((((((((( Dateien erstellt von 2009-12-09 bis 2010-01-09 ))))))))))))))))))))))))))))))
.
2010-01-09 11:55 . 2010-01-09 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-07 18:46 . 2010-01-07 18:46 -------- d-----w- c:\users\Tobias\AppData\Roaming\Avira
2010-01-02 11:16 . 2010-01-02 11:17 -------- d-----w- C:\rsit
2009-12-25 17:55 . 2009-12-25 17:55 -------- d-----w- c:\users\Tobias\AppData\Roaming\Malwarebytes
2009-12-25 17:55 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-25 17:55 . 2009-12-25 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-25 17:55 . 2009-12-25 17:55 -------- d-----w- c:\programdata\Malwarebytes
2009-12-25 17:55 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 12:22 . 2009-12-24 12:22 1239816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-21 19:42 . 2009-12-21 20:33 -------- d-----w- c:\users\Tobias\.housecall6.6
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 11:55 . 2008-07-22 13:46 -------- d-----w- c:\users\Tobias\AppData\Roaming\Skype
2010-01-09 11:46 . 2008-07-22 09:34 76020 ----a-w- c:\programdata\nvModes.dat
2010-01-09 11:27 . 2008-07-22 13:47 -------- d-----w- c:\users\Tobias\AppData\Roaming\skypePM
2010-01-08 13:03 . 2008-07-18 15:12 3067 ----a-w- c:\windows\bthservsdp.dat
2010-01-07 19:42 . 2008-12-03 17:38 -------- d-----w- c:\program files\ICQ6.5
2010-01-05 11:52 . 2008-07-18 15:10 -------- d-----w- c:\program files\Java
2010-01-05 11:48 . 2008-07-22 13:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-03 21:24 . 2008-01-21 07:15 664282 ----a-w- c:\windows\system32\perfh007.dat
2010-01-03 21:24 . 2008-01-21 07:15 142622 ----a-w- c:\windows\system32\perfc007.dat
2010-01-02 11:17 . 2008-11-26 12:43 -------- d-----w- c:\program files\Trend Micro
2009-12-09 16:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-21 06:40 . 2009-12-09 07:48 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 07:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 07:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 07:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-12 22:56 . 2009-11-12 22:56 -------- d-----w- c:\programdata\PC Suite
2009-11-12 22:56 . 2009-11-12 22:56 -------- d-----w- c:\users\Tobias\AppData\Roaming\PC Suite
2009-11-12 22:56 . 2008-07-18 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-12 22:54 . 2009-11-12 22:54 -------- d-----w- c:\program files\MarkAnyContentSAFER
2009-11-12 22:53 . 2007-10-25 16:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-11-12 22:52 . 2009-11-12 22:16 89289872 ----a-w- c:\users\Tobias\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_6_4.exe
2009-11-12 22:05 . 2009-11-12 20:47 -------- d-----w- c:\program files\Samsung
2009-11-12 21:54 . 2009-11-12 20:48 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-12 20:52 . 2009-11-12 20:52 -------- d-----w- c:\program files\DIFX
2009-11-12 20:51 . 2009-11-12 20:51 -------- d-----w- c:\users\Tobias\AppData\Roaming\Samsung
2009-11-12 20:48 . 2009-11-12 20:48 -------- d-----w- c:\program files\MarkAny
2009-11-12 20:22 . 2009-11-12 20:22 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-12 20:15 . 2009-11-12 20:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-12 19:57 . 2009-11-12 19:57 -------- d-----w- c:\program files\Sony Ericsson
2009-11-09 13:22 . 2009-12-09 14:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-09 14:24 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-09 14:24 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 07:45 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 23:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-07-19 00:52 . 2008-07-19 00:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-11-12 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-12-18 323216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programm_download\SuperAntiSpyWare\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 00:01 352256 ----a-w- c:\programm_download\SuperAntiSpyWare\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\j:\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
R1 SASDIFSV;SASDIFSV;c:\programm_download\SuperAntiSpyWare\sasdifsv.sys [17.11.2008 15:11 8944]
R1 SASKUTIL;SASKUTIL;c:\programm_download\SuperAntiSpyWare\SASKUTIL.SYS [17.11.2008 15:11 55024]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [19.07.2008 01:52 77824]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [28.11.2008 04:25 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [28.11.2008 04:25 258305]
R2 AVEService;Avira AntiVir Premium MailGuard Hilfsdienst;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [28.11.2008 04:25 41217]
R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [07.11.2006 17:26 127488]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [12.11.2009 21:51 233472]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [17.11.2008 10:22 185640]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\System32\drivers\BthAvrcp.sys [10.07.2008 14:43 15872]
R3 BTHFILT;Bluetooth-Befehlsfilter;c:\windows\System32\drivers\BthFilt.sys [19.07.2008 01:49 13824]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [12.11.2009 21:51 36608]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [19.07.2008 01:52 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [19.07.2008 01:52 43480]
S2 gupdate1ca07b46e687e50;Google Update Service (gupdate1ca07b46e687e50);c:\program files\Google\Update\GoogleUpdate.exe [18.07.2009 15:31 133104]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [12.11.2009 21:14 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [12.11.2009 21:16 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [12.11.2009 21:16 110632]
S3 SASENUM;SASENUM;c:\programm_download\SuperAntiSpyWare\SASENUM.SYS [17.11.2008 15:11 7408]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [21.01.2008 03:23 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [21.01.2008 03:23 251904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2010-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:31]
2010-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 14:31]
2010-01-09 c:\windows\Tasks\User_Feed_Synchronization-{773D4BC6-D14B-4341-A7B7-454FF3EC4E7B}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: avsda.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
FF - ProfilePath - c:\users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\6e9om7f3.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-NPSStartup - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 12:55
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1095012008-2871332331-2265422203-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8a,e4,ba,5b,5b,ce,ef,52,20,12,28,64,31,ff,09,a2,a0,c1,4b,ff,6c,e2,dd,
bf,25,7f,00,0f,35,7b,10,33,61,18,a8,d8,29,4d,34,7a,7b,3c,e5,2e,29,7a,81,05,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-01-09 12:57:57
ComboFix-quarantined-files.txt 2010-01-09 11:57
ComboFix2.txt 2008-11-27 20:26
Vor Suchlauf: 17 Verzeichnis(se), 132.863.397.888 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 132.797.034.496 Bytes frei
- - End Of File - - 0C4FD82663D43DEB1E14AF9BFB17A839 |