Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-06-14.01 - Dankesreiter 14.06.2012 17:40:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2047.1263 [GMT 2:00]
ausgeführt von:: c:\users\Dankesreiter\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dankesreiter\Desktop\CFScript.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-14 bis 2012-06-14 ))))))))))))))))))))))))))))))
.
.
2012-06-14 15:51 . 2012-06-14 15:57 -------- d-----w- c:\users\Dankesreiter\AppData\Local\temp
2012-06-14 15:51 . 2012-06-14 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-14 15:51 . 2012-06-14 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 15:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81130647-2FFA-4FB7-A337-8B83B03A8870}\mpengine.dll
2012-06-13 14:27 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 04:07 . 2012-06-13 04:08 -------- d-----w- C:\FRST
2012-06-12 16:14 . 2012-06-12 16:14 -------- d-----w- c:\program files\PriceGong
2012-06-08 14:55 . 2012-06-08 14:55 98992 ----a-w- c:\windows\system32\drivers\16951383.sys
2012-06-02 21:03 . 2012-06-02 21:05 -------- d-----w- c:\program files\Google
2012-06-02 21:02 . 2012-06-02 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-02 17:15 . 2012-06-02 17:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-02 17:03 . 2012-06-02 17:03 -------- d-----w- c:\programdata\4Media
2012-06-02 17:03 . 2012-06-02 17:03 -------- d-----w- c:\program files\4Media
2012-06-02 09:23 . 2012-06-02 09:23 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\NVIDIA
2012-06-02 09:02 . 2012-06-02 09:14 -------- d-----w- c:\programdata\Xilisoft
2012-06-02 09:02 . 2012-06-02 09:14 -------- d-----w- c:\program files\Xilisoft
2012-06-02 08:51 . 2012-06-02 16:57 -------- d-----w- c:\program files\1ClickDownload
2012-06-01 13:20 . 2012-06-01 13:20 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\4Media
2012-05-31 14:56 . 2012-05-31 14:56 -------- d-----w- c:\users\Dankesreiter\AppData\Local\CrashRpt
2012-05-31 14:51 . 2012-05-31 14:52 -------- d-----w- c:\programdata\RapidSolution
2012-05-31 14:47 . 2012-05-31 15:09 -------- d-----w- c:\users\Dankesreiter\AppData\Local\RapidSolution
2012-05-31 13:33 . 2012-05-31 13:33 -------- d-----w- c:\program files\FreeTime
2012-05-31 10:44 . 2012-05-31 13:41 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\Any DVD Converter Professional
2012-05-31 10:33 . 2012-05-31 10:33 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\AnvSoft
2012-05-31 10:28 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-05-31 10:28 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-05-31 10:28 . 2012-05-31 10:28 -------- d-----w- c:\program files\AviSynth 2.5
2012-05-30 10:36 . 2012-05-30 11:01 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\WinAVI
2012-05-30 10:36 . 2012-05-30 11:01 -------- d-----w- c:\users\Dankesreiter\AppData\Local\WinAVI
2012-05-29 19:42 . 2012-05-29 19:42 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\XMedia Recode
2012-05-28 17:49 . 2012-06-02 17:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-28 17:49 . 2012-06-02 17:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-28 16:56 . 2012-05-28 16:56 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\Apowersoft
2012-05-27 18:14 . 2012-05-27 18:14 -------- d-----w- c:\program files\VideoLAN
2012-05-27 15:42 . 2012-05-27 15:42 -------- d--h--w- c:\programdata\Common Files
2012-05-27 15:24 . 2004-07-01 23:00 327749 ----a-w- c:\windows\system32\drvc.dll
2012-05-27 15:23 . 2012-01-20 12:14 17280 ----a-w- c:\windows\system32\roboot.exe
2012-05-27 15:23 . 2012-05-27 15:32 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\systweak
2012-05-27 15:04 . 2012-05-27 15:04 -------- d-----w- c:\users\Dankesreiter\AppData\Roaming\mkvtoolnix
2012-05-27 14:47 . 2012-05-27 14:47 -------- d-----w- c:\programdata\Apple
2012-05-24 17:47 . 2012-05-30 19:07 1382 ----a-w- C:\user.js
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 23:43 . 2012-06-05 19:21 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA41DF70-655D-43E4-AF00-99040948E1EA}\mpengine.dll
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\BatchCrypto.dll ---
Company:
File Description: BatchCrypto Dynamic Link Library
File Version: 2, 5, 3026, 14
Product Name: BatchCrypto Dynamic Link Library
Copyright: Copyright (C) 2006
Original Filename: BatchCrypto.dll
File size: 28672
Created time: 2007-02-06 21:56
Modified time: 2007-02-06 21:56
MD5: 7135365E28F2502D56FBEDB5854D1B9C
SHA1: F18C8F3108DAB0EAEDA65CA3A6DED7B9D2313407
.
.
--- c:\windows\system32\CryptoAPI.dll ---
Company: HiTRUST
File Description: CryptoAPI
File Version: 2, 2, 0, 34
Product Name: CryptoAPI
Copyright: Copyright (C) 2005
Original Filename: CryptoAP.dll
File size: 401408
Created time: 2006-11-29 19:30
Modified time: 2006-11-29 19:30
MD5: DF53B8BD2C2D86E8CFEB4BB488B5EA37
SHA1: 89B539A7FBE9CC12DBF481A504C6CDA74C276F02
.
.
--- c:\windows\system32\drivers\16951383.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.7.1.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright (c) Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 98992
Created time: 2012-06-08 14:55
Modified time: 2012-06-08 14:55
MD5: 58169FFB207940D4D84B4E85DB02CC1E
SHA1: DFB45534DC9AD266F0C5ECD2DBC4AFB3BA564BC5
.
.
--- c:\windows\system32\keyManager.dll ---
Company: HiTRSUT
File Description: keyManager
File Version: 2, 2, 0, 18
Product Name: keyManager
Copyright: Copyright (C) 2005
Original Filename: keyManag.dll
File size: 237568
Created time: 2006-11-16 20:41
Modified time: 2006-11-16 20:41
MD5: 998883A579D77E07F0833D84CE46593B
SHA1: A3814E4373E4241B785341C23156DA97C021E016
.
.
--- c:\windows\system32\MsnChatHook.dll ---
Company: HiTRUST Inc.
File Description: MsnChatHook
File Version: 2, 5, 3, 11
Product Name: MsnChatHook
Copyright: Copyright (C) 2007
Original Filename: MsnChatHook
File size: 94208
Created time: 2007-02-12 14:02
Modified time: 2007-02-12 14:02
MD5: 81ADB60C39DECB86676D1C6F9578E68B
SHA1: D257FB4BACEB30262EEAA5BA0F8A915F182683FC
.
.
--- c:\windows\system32\ShowErrMsg.dll ---
Company:
File Description: ShowErrMsg
File Version: 2, 5, 3024, 22
Product Name: ShowErrMsg
Copyright: Copyright (C) 2005
Original Filename: ShowErrsMsg.dll
File size: 63488
Created time: 2007-02-06 21:52
Modified time: 2007-02-06 21:52
MD5: DBC8E6FF0168A4F4BEA32565878571E0
SHA1: 2E3AC8468667034003F2E4860E5794CA1CDECAF1
.
.
--- c:\windows\system32\sysenv.dll ---
Company: HiTRUST
File Description: System share library
File Version: 2, 5, 3021, 108
Product Name: SysEnv
Copyright: Copyright (C) 2005
Original Filename: SysEnv.dll
File size: 286720
Created time: 2007-02-12 13:36
Modified time: 2007-02-12 13:36
MD5: 26114324A6F9A71DADC97413B22FF8AD
SHA1: 5FDED4FF78B78697D52B6AF7E151C94EAE806F94
.
---- Directory of c:\program files\PriceGong ----
.
2012-06-12 16:14 . 2012-06-12 16:14 52162 ----a-w- c:\program files\PriceGong\uninst.exe
2012-03-18 16:31 . 2012-03-18 16:31 413568 ----a-w- c:\program files\PriceGong\2.6.4\PriceGongIE.dll
2012-03-18 16:31 . 2012-03-18 16:31 54238 ----a-w- c:\program files\PriceGong\2.6.4\PriceGong.crx
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-10 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Acer Tour Reminder"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-7 528384]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-02 21:04]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-02 21:04]
.
2012-05-24 c:\windows\Tasks\Norton Security Scan for Dankesreiter.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-19 07:48]
.
2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{7FB96BDD-FE80-4E9F-AC1C-9721604E2FA0}.job
- c:\windows\system32\msfeedssync.exe [2010-12-25 04:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12
IE: &D&ownload &with BitComet - c:\users\Dankesreiter\Desktop\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\users\Dankesreiter\Desktop\BitComet\BitComet.exe/AddAllLink.htm
IE: Free YouTube Download - c:\users\Dankesreiter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Dankesreiter\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-14 17:57
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3000)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hama\Wireless LAN RTL8192SU\RtlService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hama\Wireless LAN RTL8192SU\RtWlan.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-14 18:04:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-14 16:04
ComboFix2.txt 2012-06-13 15:23
.
Vor Suchlauf: 14 Verzeichnis(se), 141.170.315.264 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 141.041.405.952 Bytes frei
.
- - End Of File - - 08DE28174C81D4A864AE4AFA6AF80179
--- --- ---
mfg
14.06.2012, 17:49
Baum-Darstellung