Da bin ich wieder,
Habe CCleaner nochmal durchlaufen lassen. Ein Fehler / eine ungenutzte Dateiendung trat immer wieder auf, selbst nach 3 Versuchen. Nach dem Combofix wollte ich nochmal ccleaner drüberlaufen lassen... diesesmal waren alle Fehler wieder da.Auch wenn ich CCleaner nach dem löschen geschlossen und wieder geöffnet habe, sind die Fehler wieder angezeigt worden.
... Ist das normal?
Aber jetzt zum Combofix: Code:
ComboFix 10-03-22.02 - User 22.03.2010 23:02:43.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3071.2294 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-746874117-2882914437-1590519571-500
c:\windows\system32\Connect.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-02-22 bis 2010-03-22 ))))))))))))))))))))))))))))))
.
2010-03-22 22:23 . 2010-03-22 22:24 -------- d-----w- c:\users\User\AppData\Local\temp
2010-03-22 22:23 . 2010-03-22 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 16:34 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-22 16:34 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-22 16:34 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-22 16:30 . 2009-12-08 22:29 3503704 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-22 16:30 . 2009-12-08 22:29 3469912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-22 16:30 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-22 16:30 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-03-22 16:30 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-22 16:30 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-22 16:30 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-22 16:30 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-22 16:30 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-22 16:30 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-03-22 16:30 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 21:52 . 2007-12-15 02:21 -------- d-----w- c:\programdata\NVIDIA
2010-03-22 21:49 . 2008-12-06 12:18 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-03-22 21:37 . 2009-08-24 05:42 50553 ----a-w- c:\programdata\nvModes.dat
2010-03-22 21:37 . 2008-02-02 08:06 74392 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-22 21:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-22 16:38 . 2007-05-06 22:57 -------- d-----w- c:\programdata\Microsoft Help
2010-03-22 16:09 . 2006-11-02 15:33 641032 ----a-w- c:\windows\system32\perfh007.dat
2010-03-22 16:09 . 2006-11-02 15:33 116682 ----a-w- c:\windows\system32\perfc007.dat
2010-03-22 16:05 . 2008-12-06 12:20 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-02-24 09:16 . 2009-10-02 18:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 21:43 . 2007-05-06 22:59 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 15:00 . 2010-02-18 15:00 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-12 20:13 . 2010-02-12 20:12 -------- d-----w- c:\program files\trend micro
2010-02-12 20:12 . 2010-02-12 20:12 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-12 20:08 . 2008-02-02 08:05 15396 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-02-12 19:47 . 2008-02-08 18:30 -------- d-----w- c:\program files\ICQToolbar
2010-02-12 18:30 . 2010-02-12 18:30 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-02-12 18:30 . 2010-02-12 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 12:36 . 2010-02-12 18:12 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-12 18:12 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-12 18:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-12 18:12 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-12 18:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-12 18:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-12 18:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-12 18:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-12 18:12 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-12 18:12 65024 ----a-w- c:\windows\system32\avicap32.dll
2006-05-03 09:06 . 2008-04-30 15:44 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-04-30 15:44 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 . 2008-04-30 15:44 27648 --sh--w- c:\windows\System32\Smab0.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-03 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-15 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 178280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-7 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-5-7 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-19 717296]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-05-21 34576]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-08 208896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-03-22 c:\windows\Tasks\User_Feed_Synchronization-{370CB0A2-32DD-42F6-A071-83FBF2BE3D73}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\px87azt0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-03-22 23:24
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-746874117-2882914437-1590519571-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,bf,df,11,91,74,af,00,fa,b2,b7,c7,e1,1c,b3,94,0d,31,0a,2b,8e,
05,99,2c,77,1d,55,eb,65,bf,99,37,e5,ff,06,ce,39,88,c4,c9,35,56,3f,6c,0e,60,\
"rkeysecu"=hex:07,cd,5e,ae,a7,34,91,19,9a,ff,83,8c,a4,f1,b8,0c
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-03-22 23:26:48
ComboFix-quarantined-files.txt 2010-03-22 22:26
Vor Suchlauf: 17 Verzeichnis(se), 52.334.391.296 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 52.083.191.808 Bytes frei
- - End Of File - - 0985743B46B05FBC04561F4B54519BF1 Was nun Cosinus? |