|
Kann sich jemand diesen Log anschauen? ComboFix 11-03-08.07 - Enrico 09.03.2011 12:52:43.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.1790.918 [GMT 1:00] ausgeführt von:: c:\users\Enrico\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Acer\Acer Bio Protection\PwdFilter.dll . . ((((((((((((((((((((((( Dateien erstellt von 2011-02-09 bis 2011-03-09 )))))))))))))))))))))))))))))) . . 2011-03-09 12:13 . 2011-03-09 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-09 11:37 . 2011-03-09 11:37 -------- d-----w- c:\program files\CCleaner 2011-03-08 17:49 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81A4FE1A-444F-4F9C-A7B6-7FE3C340AA35}\mpengine.dll 2011-02-24 13:56 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-02-08 18:13 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys 2011-02-08 18:12 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 16:11 . 2009-10-03 00:13 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-12-28 15:55 . 2011-01-12 19:47 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-14 14:49 . 2011-01-12 19:47 1169408 ----a-w- c:\windows\system32\sdclt.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Google Update"="c:\users\Enrico\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-07 135664] "ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-20 3687936] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-08 864576] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] . c:\users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-07-20 11:27 3085824 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968] R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x] S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-20 43184] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-20 3484672] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-03-19 22072] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925481773-4280297250-3569480464-1003Core.job - c:\users\Enrico\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 09:58] . 2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925481773-4280297250-3569480464-1003UA.job - c:\users\Enrico\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 09:58] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://google.de/ uDefault_Search_URL = hxxp://search.qip.ru mStart Page = hxxp://de.intl.acer.yahoo.com uSearchAssistant = hxxp://search.qip.ru/ie uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://92.51.137.94/objects/NpFv522.dll DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} - hxxp://92.51.137.94/objects/NpFv530.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-eRecoveryService - (no file) MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-03-09 13:20 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-925481773-4280297250-3569480464-1003\Software\SecuROM\License information*] "datasecu"=hex:ad,b9,17,8a,ea,6b,27,7f,a6,2e,76,28,8e,70,bb,f0,44,30,a4,a4,1b, 84,1f,2e,ee,d3,8b,1e,8b,7d,12,d7,1d,38,2b,0b,a1,00,56,53,a8,a7,99,31,a5,eb,\ "rkeysecu"=hex:a8,1f,a5,80,19,85,88,da,46,8d,06,df,f9,65,e5,4d . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(5108) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btmmhook.dll c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\SPBA\upeksvr.exe c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\windows\system32\WLANExt.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\windows\system32\conime.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\RtHDVCpl.exe c:\program files\Launch Manager\LManager.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-03-09 13:27:16 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-03-09 12:27 . Vor Suchlauf: 9 Verzeichnis(se), 21.047.377.920 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 20.474.617.856 Bytes frei . - - End Of File - - 32FBFC139A39FD2317D28771FBDB54A7 |
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 03:23 Uhr. |
Copyright ©2000-2025, Trojaner-Board