ComboFix 13-05-04.01 - 04.05.2013 18:11:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3036.1988 [GMT 2:00]
ausgeführt von:: c:\users\ \Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100812.txt
c:\cflog\CrashLog_20101031.txt
c:\cflog\CrashLog_20101219.txt
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\~GLH0014.TMP
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-04 bis 2013-05-04 ))))))))))))))))))))))))))))))
.
.
2013-05-04 16:18 . 2013-05-04 16:18 -------- d-----w- c:\users\Jörg&Natalie\AppData\Local\temp
2013-05-04 16:18 . 2013-05-04 16:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-04 16:18 . 2013-05-04 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-04 15:11 . 2009-01-25 10:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-04 15:11 . 2013-05-04 15:11 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-04 13:56 . 2013-05-04 13:56 -------- d-----w- c:\users\Jörg&Natalie\AppData\Roaming\Avira
2013-05-04 13:51 . 2013-05-04 13:52 -------- d-----w- c:\program files\Ask.com
2013-05-04 13:51 . 2013-03-06 13:13 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-05-04 13:51 . 2013-02-27 10:22 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-05-04 13:51 . 2013-02-27 10:22 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-05-04 13:51 . 2013-05-04 13:52 -------- d-----w- c:\programdata\Avira
2013-05-04 13:51 . 2013-05-04 13:51 -------- d-----w- c:\program files\Avira
2013-05-04 13:37 . 2013-05-04 15:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-04 08:26 . 2013-05-04 09:38 -------- d-----w- c:\users\Jörg&Natalie\AppData\Local\LogMeIn Rescue Applet
2013-04-10 16:14 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 16:14 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 16:14 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 16:14 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 16:14 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 16:14 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 16:14 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 16:14 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 19:03 . 2012-04-01 10:21 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 19:03 . 2011-07-23 15:20 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 01:57 . 2013-03-21 19:29 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-12 13:50 . 2013-04-12 13:50 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-01 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-01 1646216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-19 345312]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Jörg&Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:03]
.
2013-05-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-04 12:08]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-23 15:21]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-23 15:21]
.
2013-05-04 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-04 12:07]
.
2013-05-04 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-04 12:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://nl.ask.com/?l=dis&o=APN10462&gct=hp&apn_ptnrs=^AKM&apn_dtid=^zzz002^YY^NL&p2=^AKM^zzz002^YY^NL&tpid=ATU4&apn_dbr=ff_17.0&apn_uid=DD8A519B-56CC-4C93-89EB-8D5801767007&itbv=11.5.0.798&doi=2012-12-25
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jörg&Natalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://chkr-web.ifolor.net/app_support/3/ActiveX/IfolorUploader_chkr.cab
FF - ProfilePath - c:\users\Jörg&Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\oo2lp7by.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.de/ig?hl=de
FF - ExtSQL: 2013-05-01 15:19;
toolbar@gmx.net; c:\users\Jörg&Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\oo2lp7by.default\extensions\
toolbar@gmx.net.xpi
FF - ExtSQL: 2013-05-04 15:52;
toolbar@ask.com; c:\users\Jörg&Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\oo2lp7by.default\extensions\
toolbar@ask.com
FF - ExtSQL: !HIDDEN! 2009-07-11 12:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKCU-Run-Spyware Doctor - c:\users\Jörg&Natalie\Desktop\sdsetup[1].exe
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Clean_tool.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-05-04 18:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2013-05-04 18:20:30
ComboFix-quarantined-files.txt 2013-05-04 16:20
ComboFix2.txt 2010-04-17 15:41
.
Vor Suchlauf: 602.587.136 Bytes frei
Nach Suchlauf: 1.473.155.072 Bytes frei
.
- - End Of File - - A37A8135D8DC9D7C25546EDE0F22E48C