Ich hab den Combifix Scan durchgeführt, ich glaub er hat 2 Sachen gefunden, hier ist der Log dazu. Was muss ich als Nächstes tun?
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-04-18.02 - xxx 18.04.2012 23:35:30.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3070.2058 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\QUAD Utilities
c:\users\xxx\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-18 bis 2012-04-18 ))))))))))))))))))))))))))))))
.
.
2012-04-18 21:41 . 2012-04-18 21:41 -------- d-----w- c:\users\xxx\AppData\Local\temp
2012-04-18 21:41 . 2012-04-18 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 19:43 . 2012-04-18 19:43 -------- d-----w- C:\_OTL
2012-04-18 10:50 . 2012-04-18 10:50 56200 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{F78A1672-932A-46B4-B732-1B9064548BA9}\offreg.dll
2012-04-18 10:45 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{F78A1672-932A-46B4-B732-1B9064548BA9}\mpengine.dll
2012-04-17 17:46 . 2012-04-17 17:46 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2012-04-17 17:46 . 2012-04-17 17:46 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 20:10 . 2012-04-16 20:10 -------- d-----w- c:\program files\Common Files\Skype
2012-04-11 22:41 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 15:06 . 2012-04-14 22:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 22:56 . 2011-05-17 14:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2010-11-05 21:39 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-02 14:30 . 2010-05-03 14:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-24 11:10 . 2012-02-24 11:10 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-24 11:10 . 2012-02-24 11:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-24 11:10 . 2012-02-24 11:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-24 11:10 . 2012-02-24 11:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-24 11:10 . 2012-02-24 11:10 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-24 11:10 . 2012-02-24 11:10 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-24 11:10 . 2012-02-24 11:10 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-24 11:10 . 2012-02-24 11:10 367104 ----a-w- c:\windows\system32\html.iec
2012-02-24 11:10 . 2012-02-24 11:10 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-24 11:10 . 2012-02-24 11:10 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-24 11:10 . 2012-02-24 11:10 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-24 11:10 . 2012-02-24 11:10 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-24 11:10 . 2012-02-24 11:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-24 11:10 . 2012-02-24 11:10 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-24 11:10 . 2012-02-24 11:10 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-24 11:10 . 2012-02-24 11:10 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-24 11:10 . 2012-02-24 11:10 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-14 15:45 . 2012-03-14 23:35 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 23:35 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 23:35 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 23:35 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 23:35 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 23:35 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2009-10-04 09:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-19 11:58 . 2011-12-11 19:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"Akamai NetSession Interface"="c:\users\xxx\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-22 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
AutoCAD-Startbeschleuniger.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-21 535336]
Philips GoGear ARIA Device Manager.lnk - c:\philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2010-5-11 1611152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2008-05-06 14:53 196128 ----a-w- c:\windows\System32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 28798480
*Deregistered* - 28798480
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:56]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3559759172-3097272205-1206507809-1000Core.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 20:59]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3559759172-3097272205-1206507809-1000UA.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 20:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yahoo.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=1&o=vp32&d=0109&m=aspire_m3641
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: pokemon-gl.com\de
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jebo5yec.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.de/
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{9D81AF43-DE53-48D0-A199-42C2A226B24C} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-WarReg_PopUp - c:\acer\WR_PopUp\WarReg_PopUp.exe
HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-18 23:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3559759172-3097272205-1206507809-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBF2369A-3293-D259-BB98-5AB9A3F7ED3D}*]
"hafcgfgfjadojdod"=hex:6b,61,6c,63,6d,61,67,6e,62,67,61,61,65,70,6e,6b,6c,68,
6f,64,70,63,00,00
"gaoebcilificgg"=hex:61,63,6e,66,66,61,62,69,6c,62,6c,68,64,67,67,6c,64,6d,70,
68,6d,63,6d,67,6f,61,66,67,65,6e,6a,64,65,6d,68,68,6f,6e,67,6a,69,6c,6d,64,\
"iapdmieomjbmjbdgha"=hex:6b,61,6c,63,6d,61,67,6e,62,67,61,61,65,70,6e,6b,6c,68,
6f,64,70,63,00,00
.
[HKEY_USERS\S-1-5-21-3559759172-3097272205-1206507809-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:77,e4,fd,7c,c1,3f,dd,bd,36,d4,1b,e9,f8,5e,b1,74,14,61,39,d4,02,
98,bc,a6,12,18,73,72,05,27,76,67,60,f4,3b,2e,59,cc,c2,de,7f,d2,de,89,4c,f2,\
"rkeysecu"=hex:e1,00,94,73,b3,4c,a0,b9,de,12,bc,5b,5a,b5,ce,70
.
[HKEY_USERS\S-1-5-21-3559759172-3097272205-1206507809-1000\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".023810"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(400)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Common Files\Apple\Apple Application Support\libdispatch.dll
c:\program files\Common Files\Apple\Apple Application Support\icudt40.dll
.
Zeit der Fertigstellung: 2012-04-18 23:42:58
ComboFix-quarantined-files.txt 2012-04-18 21:42
.
Vor Suchlauf: 21 Verzeichnis(se), 153.311.907.840 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 153.225.687.040 Bytes frei
.
- - End Of File - - 36A57B36EE800D371280FEAEA717338D
18.04.2012, 22:51
Baum-Darstellung