Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 11-11-20.01 - Brigitte 20.11.2011 13:45:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2175 [GMT 1:00]
ausgeführt von:: c:\users\Brigitte\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-20 bis 2011-11-20 ))))))))))))))))))))))))))))))
.
.
2011-11-20 12:52 . 2011-11-20 12:54 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
2011-11-20 12:52 . 2011-11-20 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 23:51 . 2011-11-20 12:53 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-11-18 23:50 . 2011-11-18 23:50 -------- d-----w- C:\_OTL
2011-11-18 13:31 . 2011-11-18 13:31 -------- d-----w- c:\program files\ESET
2011-11-18 11:25 . 2011-11-18 11:25 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Malwarebytes
2011-11-18 11:25 . 2011-11-18 11:25 -------- d-----w- c:\programdata\Malwarebytes
2011-11-18 11:25 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 11:25 . 2011-11-18 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-18 08:21 . 2011-10-18 01:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C966712-6E72-43E8-83D8-6AF0A713F334}\mpengine.dll
2011-11-17 13:08 . 2011-11-17 13:08 -------- d-----w- c:\program files\CCleaner
2011-11-13 19:43 . 2011-11-13 20:16 -------- d-----w- c:\program files\DEUTSCHLAND SPIELT
2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\program files\OXXOGames
2011-11-12 21:57 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-12 21:57 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 21:57 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-06 20:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-06 20:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-06 20:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-06 20:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-06 20:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 20:08 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-05 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-05 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-05 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-11-05 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-02 19:19 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-11-02 19:19 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-11-02 19:19 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
Code:
Alles auswählen Aufklappen ATTFilter
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMTray .exe
c:\program files\ASUS\ATK Media\DMedia .exe
c:\program files\ASUS\ATKOSD2\ATKOSD2 .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\ATK Hotkey\HcontrolUser .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\CyberLink\Power2Go\CLMLSvc .exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu .exe
c:\windows\ASScrPro .exe
c:\windows\AsScrProlog .exe
</pre>
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72}]
2010-03-08 17:05 198656 ----a-w- c:\users\Brigitte\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-11 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="-start" [X]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-4-11 12862]
m-trip Launcher.lnk - c:\program files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2010-3-23 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca389331d1a7b6;Google Update Service (gupdate1ca389331d1a7b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 MDES;DVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [2008-10-21 307200]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 19:06]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 19:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,07,77,72,f9,bf,2d,41,b8,cc,82,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,07,77,72,f9,bf,2d,41,b8,cc,82,\
.
[HKEY_USERS\S-1-5-21-606707763-493663878-3417612450-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,4e,c5,79,7c,5b,b9,07,4a,5d,b4,7c,35,68,7e,d6,1e,23,7e,c0,7b,
fa,a1,da,b1,80,36,d9,61,b2,c9,37,c9,02,e0,65,85,a7,e6,fb,0d,9b,26,ba,be,7a,\
"rkeysecu"=hex:38,65,ae,95,05,f6,53,e0,bb,51,09,a3,03,0c,64,36
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(2472)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\MrobeService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-20 14:01:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-20 13:01
.
Vor Suchlauf: 9 Verzeichnis(se), 127.879.364.608 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 127.687.774.208 Bytes frei
.
- - End Of File - - C58DFAC86E748BB2CC4B45608E57BC85
20.11.2011, 13:31
Hybrid-Darstellung
