| MC_Butsch | 21.04.2011 14:36 |
Combofix Logfile: Code:
ComboFix 11-04-20.04 - Rene 21.04.2011 14:32:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2525.1360 [GMT 2:00]
ausgeführt von:: c:\users\Rene\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\blyadstvoeb\blyadstvoeb.exe
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\games\GameCategories.xml
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\games\GameTypes.xml
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\guid.dat
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\preferences.dat
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\stats.dat
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\uninstallFF.dat
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\weather\9af25dd7fefc08598ce28b794feae353
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\weather\c51d69581751263e4ac841cbfa20fc2e
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\weather\forecasts_cache.xml
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\weather\observations_cache.xml
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\weatherbutton_prefs.xml
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\widgets_cache\category_cache.xml
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9fifpalg.Rene\searchqutb\widgets_cache\widget_cache.xml
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-21 bis 2011-04-21 ))))))))))))))))))))))))))))))
.
.
2011-04-21 13:19 . 2011-04-21 13:20 -------- d-----w- c:\users\Rene\AppData\Local\temp
2011-04-21 13:19 . 2011-04-21 13:19 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-04-21 13:19 . 2011-04-21 13:19 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2011-04-21 13:19 . 2011-04-21 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-21 12:55 . 2011-04-21 12:55 220728 ----a-w- c:\program files\Internet Explorer\iexploremgr.exe
2011-04-21 11:28 . 2011-04-21 12:55 220728 ----a-w- c:\windows\Explorermgr.exe
2011-04-21 07:56 . 2011-04-21 07:56 220728 ----a-w- c:\windows\system32\msfeedssyncmgr.exe
2011-04-21 05:37 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7145B7C-F0CA-4148-83E0-AF31055970F2}\mpengine.dll
2011-04-19 14:56 . 2011-04-19 14:56 -------- d-----w- c:\program files\cndxsqvf
2011-04-11 19:32 . 2011-04-19 09:18 -------- d-----w- c:\programdata\SecTaskMan
2011-04-07 17:34 . 2011-04-07 17:34 -------- d-----w- c:\users\Butsch\Eigene Dateien
2011-04-03 05:48 . 2011-04-03 05:48 -------- d-----w- c:\windows\system32\Adobe
2011-03-27 18:01 . 2000-08-19 18:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-25 12:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-23 13:04 . 2011-01-23 13:04 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-03-05 22:23 . 2010-07-21 22:04 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider(40).dll
2011-03-05 22:23 . 2010-07-21 22:04 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp(41).dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ------w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Google Update"="c:\users\Rene\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"MobileConnect"=%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
R0 gmdfm;gmdfm;c:\windows\System32\drivers\ohbhp.sys [x]
R0 kqmu;kqmu;c:\windows\System32\drivers\uusb.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R3 AppBoosterService;AppBooster Service;c:\program files\Common Files\2ToX Common\BoostService.exe [x]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2007-12-28 281984]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 770471]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-04 691696]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-27 210432]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-03-19 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-08 c:\windows\Tasks\1-Klick-Wartung(1815).job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
.
2011-04-21 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
.
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964061590-1107440280-3191657767-1000Core.job
- c:\users\Rene\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 00:18]
.
2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964061590-1107440280-3191657767-1000UA.job
- c:\users\Rene\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 00:18]
.
2011-03-07 c:\windows\Tasks\NeroLiveEpgUpdate-Rene-PC_Rene(1820).job
- c:\program files\Nero 8\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
2011-04-14 c:\windows\Tasks\NeroLiveEpgUpdate-Rene-PC_Rene.job
- c:\program files\Nero 8\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
2011-03-08 c:\windows\Tasks\User_Feed_Synchronization-{EB18CC0B-8650-4D9D-9ECC-000CF8060F19}(1823).job
- c:\windows\system32\msfeedssync.exe [2010-12-18 04:25]
.
2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{EB18CC0B-8650-4D9D-9ECC-000CF8060F19}.job
- c:\windows\system32\msfeedssync.exe [2010-12-18 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-21 15:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"34D27A2BB6A8FBF9"="c:\\blyadstvoeb\\blyadstvoeb.exe /q"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,02,dd,a6,de,7c,32,4d,ad,00,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,02,dd,a6,de,7c,32,4d,ad,00,12,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1348)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Zeit der Fertigstellung: 2011-04-21 15:25:15
ComboFix-quarantined-files.txt 2011-04-21 13:25
.
Vor Suchlauf: 15 Verzeichnis(se), 25.288.572.928 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 25.220.288.512 Bytes frei
.
- - End Of File - - 3A382826C47021044E3601D537075828
--- --- ---
so....bitteschön |
