BastianX75 | 20.11.2011 15:27 | Code:
ComboFix 11-11-20.01 - Brigitte 20.11.2011 15:07:57.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1954 [GMT 1:00]
ausgeführt von:: c:\users\Brigitte\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Brigitte\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-20 bis 2011-11-20 ))))))))))))))))))))))))))))))
.
.
2011-11-20 14:13 . 2011-11-20 14:16 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
2011-11-18 23:51 . 2011-11-20 14:15 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-11-18 23:50 . 2011-11-18 23:50 -------- d-----w- C:\_OTL
2011-11-18 13:31 . 2011-11-18 13:31 -------- d-----w- c:\program files\ESET
2011-11-18 11:25 . 2011-11-18 11:25 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Malwarebytes
2011-11-18 11:25 . 2011-11-18 11:25 -------- d-----w- c:\programdata\Malwarebytes
2011-11-18 11:25 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 11:25 . 2011-11-18 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-18 08:21 . 2011-10-18 01:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C966712-6E72-43E8-83D8-6AF0A713F334}\mpengine.dll
2011-11-17 13:08 . 2011-11-17 13:08 -------- d-----w- c:\program files\CCleaner
2011-11-13 19:43 . 2011-11-13 20:16 -------- d-----w- c:\program files\DEUTSCHLAND SPIELT
2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\program files\OXXOGames
2011-11-12 21:57 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-12 21:57 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 21:57 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-06 20:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-06 20:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-06 20:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-06 20:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-06 20:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 20:08 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-05 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-05 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-05 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-11-05 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-02 19:19 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-11-02 19:19 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-11-02 19:19 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
Code:
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMTray .exe
c:\program files\ASUS\ATK Media\DMedia .exe
c:\program files\ASUS\ATKOSD2\ATKOSD2 .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\ATK Hotkey\HcontrolUser .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\CyberLink\Power2Go\CLMLSvc .exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\ASScrPro .exe
c:\windows\AsScrProlog .exe
</pre> .
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---
Company: Adobe Systems Incorporated
File Description: Adobe Acrobat SpeedLauncher
File Version: 8.2.6.262
Product Name: Adobe Acrobat
Copyright: Copyright 2004-2010 Adobe Systems Incorporated. All rights reserved.
Original Filename: AcroSpeedLaunch.exe
File size: 40368
Created time: 2011-01-22 05:05
Modified time: 2011-01-22 05:05
MD5: 02EBF3A363F9F331CF1FAF0C00F53EB9
SHA1: 17BE368EEFCA22BADC5F5C78019F8505BA47C9D4
.
.
--- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray .exe ---
Company: ASUSTek Computer Inc.
File Description: ADSMTray
File Version: 1, 0, 0, 0
Product Name: ADSMTray
Copyright: All rights reserved
Original Filename:
File size: 266240
Created time: 2009-04-11 09:39
Modified time: 2008-04-01 06:09
MD5: 8EA12DFE1483241FD299D93DB872CC26
SHA1: 01EE29CC18A3099086A7E94E35755435333DF9FA
.
.
--- c:\program files\ASUS\ATK Media\DMedia .exe ---
Company: ASUS
File Description: ATK Media
File Version: 2, 0, 0, 2
Product Name: ATK Media
Copyright: Copyright (C) 2008
Original Filename: DMedia.exe
File size: 159744
Created time: 2008-06-25 02:01
Modified time: 2008-06-25 02:01
MD5: 18A713EFF246F3C1293AD1D921B44396
SHA1: 100DB14482A7E2B2184D7C3717A79A38B725965F
.
.
--- c:\program files\ASUS\ATKOSD2\ATKOSD2 .exe ---
Company: ASUS
File Description: ATKOSD2
File Version: 7, 0, 1, 4
Product Name: ATKOSD2
Copyright: Copyright (C) 2007
Original Filename: ATKOSD2.exe
File size: 7651328
Created time: 2008-07-15 18:29
Modified time: 2008-07-15 18:29
MD5: 6F3C6E627C038373237C25AC8F54E8F0
SHA1: E75E0E9FB933547E15744114BA16AE830B1541AD
.
.
--- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe ---
Company: Advanced Micro Devices, Inc.
File Description: Catalyst® Control Center Launcher
File Version: 1, 0, 0, 1
Product Name: Catalyst® Control Center
Copyright: © 2008 Advanced Micro Devices, Inc.
Original Filename: CLIStart.exe
File size: 61440
Created time: 2008-08-29 23:11
Modified time: 2008-08-29 23:11
MD5: 2659F9B422673A98D5629FA3294F5DF3
SHA1: C391AB55CED8B108A6F9AAE51CD3CA9E58B9E2C9
.
.
--- c:\program files\ATK Hotkey\HcontrolUser .exe ---
Company:
File Description: HControlUser
File Version: 1, 0, 0, 0
Product Name: HControlUser
Copyright: All rights resvered.
Original Filename: HControlUser.exe
File size: 98304
Created time: 2009-04-11 09:20
Modified time: 2008-01-12 05:40
MD5: A6001C8CF042D31AB1377CC7626A1046
SHA1: 2C115CB4EFF1E01E075454BBC849DC2829DDE0BB
.
.
--- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe ---
Company: Adobe Systems Incorporated
File Description: Adobe Reader and Acrobat Manager
File Version: 1.4.7.0
Product Name: Adobe Reader and Acrobat Manager
Copyright: Copyright © 2010 Adobe Systems Incorporated. All rights reserved.
Original Filename: AdobeARM.exe
File size: 932288
Created time: 2009-12-11 14:57
Modified time: 2010-09-21 18:37
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
SHA1: AEB900D7599C7E0AF6B4EC1D0C9B1423E60395BF
.
.
--- c:\program files\Common Files\InstallShield\UpdateService\issch .exe ---
Company: InstallShield Software Corporation
File Description: InstallShield Update Service Scheduler
File Version: 4, 50, 100, 33433
Product Name: InstallShield Update Service
Copyright: Copyright (C) 1990-2004 InstallShield Software Corporation
Original Filename: issch.exe
File size: 81920
Created time: 2005-06-10 09:44
Modified time: 2005-06-10 09:44
MD5: 583B7D111304BE63D7D9CB65482D2187
SHA1: 59DA4D58DB7A65F7A570CC75773849D006349880
.
.
--- c:\program files\CyberLink\Power2Go\CLMLSvc .exe ---
Company: CyberLink
File Description: CyberLink MediaLibray Service
File Version: 2.1.0718.0
Product Name: CyberLink MediaLibray Service
Copyright: Copyright (C) 2005
Original Filename: CLMLSvc.exe
File size: 104936
Created time: 2008-07-19 02:52
Modified time: 2008-07-19 02:52
MD5: 74EF10CD035DE51171C98E60E53AE221
SHA1: 8B19F58F7E1B6268AE4896491291CCDEB36366BA
.
.
--- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu .exe ---
Company: CyberLink Corp.
File Description: StartMen Application
File Version: 1.00.0613
Product Name: StartMen Application
Copyright: Copyright (C) 2008
Original Filename: StartMen.exe
File size: 210216
Created time: 2008-06-14 01:11
Modified time: 2008-06-14 01:11
MD5: 601D77C0AA637A99073210894554B6BA
SHA1: A861C7F3CCD6E014AF733490FBD153DA230F0FF5
.
.
--- c:\windows\ASScrPro .exe ---
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 33136
Created time: 2009-04-11 09:45
Modified time: 2009-04-11 09:45
MD5: 12C5C40440637B87D61600AE3DBEFA70
SHA1: B6105B4E52524888E965EAFA1FBAD6356360DD1A
.
.
--- c:\windows\AsScrProlog .exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 47672
Created time: 2009-04-11 09:45
Modified time: 2009-04-11 09:45
MD5: 768021CDB3B8D3CFAACCBAE39628B5BA
SHA1: 2E74C781217FE5A6022E85CCBA2BB2CC6A9AC8AD
.
.
--- c:\windows\system32\acovcnt.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 45056
Created time: 2011-11-18 23:51
Modified time: 2011-11-20 14:15
MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
SHA1: 6D5A81E3CF59832D73F28D6E87F51D073C3E4095
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72}]
2010-03-08 17:05 198656 ----a-w- c:\users\Brigitte\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-11 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="-start" [X]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-4-11 12862]
m-trip Launcher.lnk - c:\program files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2010-3-23 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca389331d1a7b6;Google Update Service (gupdate1ca389331d1a7b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 MDES;DVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [2008-10-21 307200]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 19:06]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 19:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-20 15:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,07,77,72,f9,bf,2d,41,b8,cc,82,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,07,77,72,f9,bf,2d,41,b8,cc,82,\
.
[HKEY_USERS\S-1-5-21-606707763-493663878-3417612450-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,4e,c5,79,7c,5b,b9,07,4a,5d,b4,7c,35,68,7e,d6,1e,23,7e,c0,7b,
fa,a1,da,b1,80,36,d9,61,b2,c9,37,c9,02,e0,65,85,a7,e6,fb,0d,9b,26,ba,be,7a,\
"rkeysecu"=hex:38,65,ae,95,05,f6,53,e0,bb,51,09,a3,03,0c,64,36
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(712)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(3188)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\lpksetup.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\MrobeService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-20 15:23:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-20 14:22
ComboFix2.txt 2011-11-20 13:01
.
Vor Suchlauf: 14 Verzeichnis(se), 127.400.349.696 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 128.280.190.976 Bytes frei
.
- - End Of File - - 1468B2CF4E93EF3C2AEEF1219FF54E8B |