Windows security center virus

ypk5 · 13.03.2012, 19:22

Code:

ATTFilter

ComboFix 12-03-13.01 - *** 13.03.2012  18:59:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3581.2355 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 18:10 . 2012-03-13 18:10	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-03-13 18:10 . 2012-03-13 18:10	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-03-13 18:10 . 2012-03-13 18:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-13 17:35 . 2012-03-13 17:43	--------	d-----w-	C:\_OTL
2012-03-13 16:26 . 2012-03-13 16:26	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-03-13 16:25 . 2012-03-13 16:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-13 16:25 . 2012-03-13 16:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-13 16:25 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-13 14:55 . 2012-03-13 14:55	--------	d-----w-	c:\users\***\AppData\Roaming\TuneUp Software
2012-03-13 14:51 . 2012-03-13 14:51	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2012-03-13 13:35 . 2012-03-13 15:12	--------	d-----w-	c:\users\***\AppData\Roaming\tor
2012-03-13 13:35 . 2012-03-13 13:35	--------	d-----w-	c:\users\***\AppData\Roaming\Vidalia
2012-03-13 13:33 . 2012-03-13 13:35	--------	d-----w-	c:\users\***\AppData\Local\VirtualStore
2012-03-13 10:38 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{53C2367C-501B-41D2-9305-6EA0BEE884F6}\mpengine.dll
2012-03-08 16:02 . 2012-03-08 16:02	--------	d-----w-	c:\program files\LogMeIn Hamachi
2012-02-25 16:49 . 2011-08-01 16:24	3889424	----a-w-	c:\windows\system32\GameMon.des
2012-02-25 16:48 . 2005-01-01 09:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2012-02-25 16:48 . 2003-07-17 18:17	5174	----a-w-	c:\windows\system32\nppt9x.vxd
2012-02-25 16:48 . 2012-02-25 16:48	--------	d-----w-	c:\program files\Common Files\INCA Shared
2012-02-25 14:42 . 2012-02-25 14:42	--------	d-----w-	C:\AeriaGames
2012-02-25 13:19 . 2012-02-25 13:21	--------	d-----w-	c:\users\***\AppData\Local\Akamai
2012-02-25 13:18 . 2012-03-13 17:37	--------	d-----w-	c:\program files\Common Files\Akamai
2012-02-13 11:56 . 2012-03-13 13:36	--------	d-----w-	c:\programdata\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-11 09:54	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-09 10:59 . 2012-02-11 16:28	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2012-02-09 10:59 . 2012-02-11 16:28	21312	----a-w-	c:\windows\system32\authuitu.dll
2012-01-30 20:45 . 2010-07-14 11:48	413696	----a-w-	c:\windows\system32\wrap_oal.dll
2012-01-30 20:45 . 2010-07-14 11:48	110592	----a-w-	c:\windows\system32\OpenAL32.dll
2011-12-15 14:15 . 2011-12-15 14:15	1207568	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-25 17:52 . 2011-05-02 11:23	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08	2393184	----a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 14:38	1869152	----a-w-	c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23	1385864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-05-25 5475403]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-02 122368]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-08 352976]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-13 928096]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-08-26 13:27	103824	----a-w-	c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" silent loginmode=4
"DAEMON Tools Lite"="c:\users\***\Desktop\Marius\Programme\Deamon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"jswtrayutil"="c:\program files\Jumpstart\jswtrayutil.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3802202468-3237917644-3958045181-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 14:20]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 14:20]
.
2012-03-12 c:\windows\Tasks\Norton Security Scan for Meyer M2.job
- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-25 23:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube Download - c:\users\Meyer M2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Meyer M2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.shortnews.de/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Steam - c:\users\Meyer M2\Desktop\Marius\Programme\Steam\Steam.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-13 19:10
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????O??l?????W???W???W?( W?P  
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3802202468-3237917644-3958045181-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,69,6a,9c,fb,dd,60,29,06,85,8e,30,a7,f2,9c,3d,8f,78,c6,13,f6,21,10,
   1b,90,19,54,de,6b,02,71,4f,5e,d7,7f,b6,14,84,61,51,e4,1d,b5,84,26,70,22,76,\
"??"=hex:39,7a,eb,27,38,62,be,4f,24,bc,9d,2f,4e,1f,11,3a
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-13  19:14:40
ComboFix-quarantined-files.txt  2012-03-13 18:14
.
Vor Suchlauf: 11 Verzeichnis(se), 57.403.510.784 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 58.347.405.312 Bytes frei
.
- - End Of File - - 30FBD4A4D4C4B1F8E05C0B0E5B419509

Windows security center virus

Log-Analyse und Auswertung: Windows security center virus

Windows security center virus

Ähnliche Themen: Windows security center virus