ComboFix 11-02-23.01 - Annett 23.02.2011 18:39:36.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.2939.1459 [GMT 1:00] ausgeführt von:: c:\users\Annett\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Annett\AppData\Roaming\Internet Security Essentials c:\users\Annett\AppData\Roaming\Internet Security Essentials\cookies.sqlite c:\users\Annett\AppData\Roaming\Internet Security Essentials\Instructions.ini c:\users\Annett\AppData\Roaming\Microsoft\Windows\Recent\energy.dll c:\users\Annett\AppData\Roaming\Microsoft\Windows\Recent\FS.exe c:\users\Annett\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys c:\users\Annett\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\Annett\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv c:\users\Annett\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security Essentials.lnk c:\windows\system32\drivers\etc\lmhosts E:\install.exe . ((((((((((((((((((((((( Dateien erstellt von 2011-01-23 bis 2011-02-23 )))))))))))))))))))))))))))))) . 2011-02-23 17:31 . 2011-02-02 16:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F0A2576-F288-46E4-BDC0-1ADA36CE468C}\mpengine.dll 2011-02-23 17:31 . 2011-02-02 16:11 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-20 22:01 . 2011-02-20 22:01 -------- d-----w- c:\users\Annett\AppData\Roaming\Avira 2011-02-20 21:48 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-20 21:48 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-02-20 21:48 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-02-20 21:48 . 2011-02-20 21:48 -------- d-----w- c:\programdata\Avira 2011-02-20 21:48 . 2011-02-20 21:48 -------- d-----w- c:\program files\Avira 2011-02-20 21:36 . 2011-02-20 21:36 -------- d-sh--w- c:\programdata\ISJDJDE 2011-02-20 21:35 . 2011-02-22 18:25 -------- d-sh--w- c:\programdata\5d11fb 2011-02-20 19:32 . 2011-02-20 19:32 -------- d-----w- c:\program files\Common Files\Adobe 2011-02-16 15:09 . 2011-02-16 15:09 -------- d-----w- c:\windows\Sun 2011-02-09 11:50 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys 2011-02-09 11:50 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-02-09 11:50 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-02-09 11:50 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-09 11:48 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-02-09 11:48 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\plugins\nppdf32.dll 2011-01-29 09:03 . 2011-01-29 09:03 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-01-29 09:02 . 2011-01-29 09:02 -------- d-----w- c:\windows\PCHEALTH 2011-01-29 09:02 . 2011-01-29 09:02 -------- d-----w- c:\program files\Microsoft Sync Framework 2011-01-29 09:02 . 2011-01-29 09:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-01-29 09:00 . 2011-01-29 09:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-01-29 08:59 . 2011-01-29 08:59 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-01-29 08:59 . 2011-01-29 09:04 -------- d-----w- c:\windows\SHELLNEW 2011-01-29 08:57 . 2011-01-29 08:57 -------- d-----r- C:\MSOCache 2011-01-29 08:27 . 2011-01-29 08:28 -------- d-----w- c:\program files\DAEMON Tools Pro 2011-01-28 18:47 . 2011-02-07 09:06 -------- d-----w- c:\windows\system32\ZoneLabs 2011-01-28 18:31 . 2011-02-07 09:06 -------- d-----w- c:\windows\Internet Logs . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 20:40 . 2010-05-16 02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-29 08:28 . 2010-11-19 20:23 431672 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-12-28 15:55 . 2011-01-12 05:43 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-14 14:49 . 2011-01-12 05:43 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-10-13 21:28 . 2010-09-19 07:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "NDSTray.exe"="NDSTray.exe" [BU] "Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480] "Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-07 74752] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 136176] R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320] R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208] R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488] R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304] S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960] S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792] S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - mfeavfk01 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 19:22] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 19:22] 2011-02-23 c:\windows\Tasks\User_Feed_Synchronization-{7F01F867-C805-4E93-89C1-75F5CDC460F6}.job - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.ixquick.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA uInternet Settings,ProxyServer = http=127.0.0.1:25459 IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 18:47 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????s!?Y?l??P?R?x?R???R???R?? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5c4119f2-4d58-45aa-b0ec-14330be5ff49}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:100024d2 "Dhcpv6State"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{66ff8ba3-e2ac-4165-886a-2502ffa32ca0}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0a001e33 "Dhcpv6State"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8063b8bf-e98a-4896-b59a-0ac70752649b}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07001422 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8f2ce902-abc6-4b39-8fbe-191ec5e9b934}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0c001422 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba9e677f-0ef8-4bb2-a3e5-3ba5c63d1e87}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:06001422 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d728df5c-3e03-4d07-8b32-819277383a87}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:16020054 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fbd5060f-20a6-4dda-8c6e-67a10860fd75}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0e001422 "Dhcpv6State"=dword:00000000 . Zeit der Fertigstellung: 2011-02-23 18:50:40 ComboFix-quarantined-files.txt 2011-02-23 17:50 Vor Suchlauf: 8 Verzeichnis(se), 76.747.190.272 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 77.656.326.144 Bytes frei - - End Of File - - E600787936ED73DE4EE1C395C4362F8E