Asmodina | 17.12.2011 22:08 | Combofix Logfile: Code:
ComboFix 11-12-17.02 - Eric 17.12.2011 21:18:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2244 [GMT 1:00]
ausgeführt von:: c:\users\Eric\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Eric\AppData\Roaming\Mozilla\Firefox\firefox.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-17 bis 2011-12-17 ))))))))))))))))))))))))))))))
.
.
2011-12-17 20:11 . 2011-12-17 20:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E250293-AE79-424B-8DE2-2ECD5FE75FFE}\offreg.dll
2011-12-14 00:39 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E250293-AE79-424B-8DE2-2ECD5FE75FFE}\mpengine.dll
2011-11-30 14:31 . 2011-11-30 14:31 -------- d-----w- c:\users\Eric\AppData\Roaming\DVDVideoSoft
2011-11-30 14:31 . 2011-11-30 14:31 -------- d-----w- c:\program files\Conduit
2011-11-30 14:30 . 2011-11-30 14:30 -------- d-----w- c:\users\Eric\AppData\Local\Conduit
2011-11-30 14:30 . 2011-11-30 14:30 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-11-30 14:30 . 2011-11-30 14:30 -------- d-----w- c:\program files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 17:12 . 2011-11-08 17:12 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-01 20:04 . 2011-10-01 20:04 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-01 20:04 . 2011-10-01 20:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-01 20:04 . 2011-10-01 20:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-01 20:04 . 2011-10-01 20:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-01 20:04 . 2011-10-01 20:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-01 20:03 . 2011-10-01 20:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-01 20:03 . 2011-10-01 20:03 367104 ----a-w- c:\windows\system32\html.iec
2011-10-01 20:03 . 2011-10-01 20:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-01 20:03 . 2011-10-01 20:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-01 20:03 . 2011-10-01 20:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-01 20:03 . 2011-10-01 20:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-01 20:03 . 2011-10-01 20:03 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-01 20:03 . 2011-10-01 20:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-01 20:03 . 2011-10-01 20:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-01 20:03 . 2011-10-01 20:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-01 20:03 . 2011-10-01 20:03 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-01 20:03 . 2011-10-01 20:03 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-01 20:03 . 2011-10-01 20:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-09 15:39 . 2011-10-02 10:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 08:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-24 13:26 50240 ----a-w- c:\program files\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-08-01 958352]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-08-01 3507088]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]
"2F7ZUJ7G5IWX4J6DFEXBVXZXWJV"="c:\systemdata\217FA966926.exe" [2011-09-26 172787]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Linkury Chrome Smartbar"="c:\program files\Linkury\Linkury.exe" [2011-10-27 103224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl29d2b590;MpKsl29d2b590;c:\windows\system32\MpEngineStore\MpKsl29d2b590.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 114280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-08 232512]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-12-30 13312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-06-05 242048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 23:31]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 23:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Free YouTube to MP3 Converter - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8vkqqutx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63172
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-NvCplDaemonTool - (no file)
HKCU-Run-firefox.exe - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\firefox.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-17 21:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1291415068-3424697068-3179296514-1003\Software\SecuROM\License information*]
"datasecu"=hex:33,c3,a1,8d,03,d7,39,43,89,f0,aa,71,ca,88,95,d2,05,2c,74,0c,d0,
3e,e7,8b,46,d0,10,3a,cb,4c,58,72,f1,a7,ef,73,1c,7f,9b,09,bb,66,93,0c,d6,69,\
"rkeysecu"=hex:95,f3,fa,2e,a4,3f,ea,26,aa,a4,97,cb,fb,35,99,e2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-17 21:48:16
ComboFix-quarantined-files.txt 2011-12-17 20:48
.
Vor Suchlauf: 8 Verzeichnis(se), 86.959.505.408 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 87.362.584.576 Bytes frei
.
- - End Of File - - C714FD3006E79E8D465DF8492DE3B3BF --- --- --- |