- Rookit und Sirefef -Malwarebytes

Mr.Mkay · 28.06.2012, 16:33

Code:

ATTFilter

ComboFix 12-06-28.01 - Marcel Klahn 28.06.2012  17:16:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1984 [GMT 2:00]
ausgeführt von:: c:\users\Marcel Klahn\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\kikin\kikin.ico
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))
.
.
2012-06-28 15:28 . 2012-06-28 15:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-25 14:17 . 2012-06-25 14:17	--------	d-----w-	C:\_OTL
2012-06-22 12:11 . 2012-06-22 12:11	--------	d-----w-	c:\users\Marcel Klahn\AppData\Roaming\Malwarebytes
2012-06-21 21:14 . 2012-06-21 21:14	--------	d-----w-	c:\program files\ESET
2012-06-06 11:18 . 2012-06-06 11:19	--------	d-----w-	c:\program files\PokerStars
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2011-03-28 20:13	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-06-14 22:19 . 2012-06-22 11:42	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-22 22:41 . 2009-12-03 14:55	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2008-07-27 18:03	282112	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Facebook Update"="c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-25 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job
- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job
- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = 
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\balegvbu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files\kikin\uninst.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-TeamSpeak 3 Client - c:\users\Marcel Klahn\Desktop\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-28 17:28
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\SecuROM\License information*]
"datasecu"=hex:d7,f1,4b,ea,7c,d6,4b,ee,73,e7,80,47,4e,fa,85,c2,d3,f1,bc,cf,79,
   d3,60,7f,71,d5,f4,4d,fc,6b,97,53,b2,1b,6e,09,ea,3f,be,7f,1c,fe,a2,a7,0a,f5,\
"rkeysecu"=hex:cf,93,cb,c3,6b,74,46,3a,94,96,51,0e,7d,ea,65,e2
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-06-28  17:31:40
ComboFix-quarantined-files.txt  2012-06-28 15:31
.
Vor Suchlauf: 16 Verzeichnis(se), 121.768.992.768 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 121.712.115.712 Bytes frei
.
- - End Of File - - 63DBC3A7E816081557E9A743882DF885

- Rookit und Sirefef -Malwarebytes

Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -Malwarebytes

- Rookit und Sirefef -Malwarebytes

Ähnliche Themen: - Rookit und Sirefef -Malwarebytes