Trojaner-Board - Malwarebytes Anti-Malware Runtime error 372

Dial-a-fix log:

Code:

Notes about this log:

1) "->" denotes an external command being executed, and "-> (number)" indicates

     the return code from the previous command

2) Not all external command return codes are accurate, or useful

3) Sometimes commands return 0 (no error) even when they fail or crash

4) If an error occurs while registering an object, please send an email to:

     dial-a-fix@DjLizard.net and include a copy of this log
 

DAF version: v0.60.0.24
 

--- System info ---

OS: Microsoft Windows XP Service Pack 2

IE version: 6.0.2900.2180

MPC: 55274-640

CPU: AMD Athlon(tm) XP 1600+ (~1390MHz)

BIOS: 29.10.2002

Memory (approx): 767MB

Uptime: 2 hour(s) 

Current directory: C:\Dokumente und Einstellungen\DUMMY\Desktop\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24

---
 

01.08.2010 22:25:53 -- Dial-a-fix : [v0.60.0.24] -- started

22:25:53 | Policy scan started

22:25:53 | The following restrictive policies were found:

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer\NoInstrumentation

22:26:35 | Deleting policy: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer\NoInstrumentation

22:26:35 | ^ Success

22:26:35 | Policy scan started

22:26:35 | Policy scan ended - no restrictive policies were found

22:26:40 | Policy scan started

22:26:40 | Policy scan ended - no restrictive policies were found

--- Emptying temp folders ---

22:27:43 | Deleting C:\Dokumente und Einstellungen\DUMMY\Lokale Einstellungen\temp...

22:27:44 | C:\Dokumente und Einstellungen\DUMMY\Lokale Einstellungen\temp could not be completely emptied, please reboot and try again

22:27:44 | Deleting C:\WINDOWS\temp...

22:27:44 | C:\WINDOWS\temp has been re-created

22:27:44 | Deleting C:\DOKUME~1\DUMMY\LOKALE~1\Temp...

22:27:44 | Re-created directory C:\DOKUME~1\DUMMY\LOKALE~1\Temp

--- MSI ---

22:28:01 | Registered: C:\WINDOWS\system32\msi.dll

--- Windows Update ---

--- Registration: Windows Update/Automatic Update DLLs ---

22:28:03 | Unregistered: C:\WINDOWS\system32\msxml.dll

22:28:03 | Registered: C:\WINDOWS\system32\msxml.dll

22:28:04 | Unregistered: C:\WINDOWS\system32\msxml2.dll

22:28:04 | Registered: C:\WINDOWS\system32\msxml2.dll

22:28:04 | Unregistered: C:\WINDOWS\system32\msxml3.dll

22:28:05 | Registered: C:\WINDOWS\system32\msxml3.dll

22:28:06 | Unregistered: C:\WINDOWS\system32\msxml4.dll

22:28:06 | Registered: C:\WINDOWS\system32\msxml4.dll

22:28:07 | Unregistered: C:\WINDOWS\system32\qmgr.dll

22:28:09 | Registered: C:\WINDOWS\system32\qmgr.dll

22:28:09 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll

22:28:09 | Registered: C:\WINDOWS\system32\qmgrprxy.dll

22:28:09 | Unregistered: C:\WINDOWS\system32\winhttp.dll

22:28:09 | Registered: C:\WINDOWS\system32\winhttp.dll

22:28:09 | Registered: C:\WINDOWS\system32\wuapi.dll

22:28:09 | Unregistered: C:\WINDOWS\system32\wuaueng.dll

22:28:11 | Registered: C:\WINDOWS\system32\wuaueng.dll

22:28:11 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll

22:28:11 | Registered: C:\WINDOWS\system32\wuaueng1.dll

22:28:11 | Unregistered: C:\WINDOWS\system32\wucltui.dll

22:28:11 | Registered: C:\WINDOWS\system32\wucltui.dll

22:28:11 | Unregistered: C:\WINDOWS\system32\wups.dll

22:28:11 | Registered: C:\WINDOWS\system32\wups.dll

22:28:11 | Unregistered: C:\WINDOWS\system32\wuweb.dll

22:28:11 | Registered: C:\WINDOWS\system32\wuweb.dll

22:28:11 | Registered: C:\WINDOWS\system32\ole32.dll

--- SSL/HTTPS/Cryptography ---

22:28:14 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'

--- Registration: SSL/HTTPS/Cryptography ---

22:28:16 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll

22:28:16 | Registered: C:\WINDOWS\system32\cryptdlg.dll

22:28:16 | Unregistered: C:\WINDOWS\system32\cryptui.dll

22:28:16 | Registered: C:\WINDOWS\system32\cryptui.dll

22:28:16 | Unregistered: C:\WINDOWS\system32\cryptext.dll

22:28:16 | Registered: C:\WINDOWS\system32\cryptext.dll

22:28:17 | Unregistered: C:\WINDOWS\system32\dssenh.dll

22:28:17 | Registered: C:\WINDOWS\system32\dssenh.dll

22:28:17 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll

22:28:17 | Registered: C:\WINDOWS\system32\gpkcsp.dll

22:28:17 | Unregistered: C:\WINDOWS\system32\initpki.dll

22:28:18 | Registered: C:\WINDOWS\system32\initpki.dll

22:28:19 | Unregistered: C:\WINDOWS\system32\licdll.dll

22:28:19 | Registered: C:\WINDOWS\system32\licdll.dll

22:28:19 | Unregistered: C:\WINDOWS\system32\mssign32.dll

22:28:19 | Registered: C:\WINDOWS\system32\mssign32.dll

22:28:19 | Unregistered: C:\WINDOWS\system32\mssip32.dll

22:28:19 | Registered: C:\WINDOWS\system32\mssip32.dll

22:28:19 | Unregistered: C:\WINDOWS\system32\scardssp.dll

22:28:19 | Registered: C:\WINDOWS\system32\scardssp.dll

22:28:19 | Unregistered: C:\WINDOWS\system32\sccbase.dll

22:28:19 | Registered: C:\WINDOWS\system32\sccbase.dll

22:28:19 | Unregistered: C:\WINDOWS\system32\scecli.dll

22:28:20 | Registered: C:\WINDOWS\system32\scecli.dll

22:28:20 | Unregistered: C:\WINDOWS\system32\softpub.dll

22:28:20 | Registered: C:\WINDOWS\system32\softpub.dll

22:28:20 | Unregistered: C:\WINDOWS\system32\slbcsp.dll

22:28:20 | Registered: C:\WINDOWS\system32\slbcsp.dll

22:28:20 | Unregistered: C:\WINDOWS\system32\regwizc.dll

22:28:20 | Registered: C:\WINDOWS\system32\regwizc.dll

22:28:20 | Unregistered: C:\WINDOWS\system32\rsaenh.dll

22:28:20 | Registered: C:\WINDOWS\system32\rsaenh.dll

22:28:20 | Unregistered: C:\WINDOWS\system32\winhttp.dll

22:28:20 | Registered: C:\WINDOWS\system32\winhttp.dll

22:28:20 | Unregistered: C:\WINDOWS\system32\wintrust.dll

22:28:21 | Registered: C:\WINDOWS\system32\wintrust.dll

--- Registration: ActiveX controls/codecs ---

22:28:21 | Registered: C:\WINDOWS\system32\acelpdec.ax

22:28:21 | Registered: C:\WINDOWS\system32\actxprxy.dll

22:28:21 | Registered: C:\WINDOWS\system32\asctrls.ocx

22:28:21 | Registered: C:\WINDOWS\system32\daxctle.ocx

22:28:22 | Registered: C:\WINDOWS\system32\hhctrl.ocx

22:28:22 | Registered: C:\WINDOWS\system32\l3codecx.ax

22:28:22 | Registered: C:\WINDOWS\system32\licmgr10.dll

22:28:22 | Registered: C:\WINDOWS\system32\mpg4ds32.ax

22:28:24 | Registered: C:\WINDOWS\system32\msdxm.ocx

22:28:24 | Registered: C:\WINDOWS\system32\plugin.ocx

22:28:24 | Registered: C:\WINDOWS\system32\proctexe.ocx

22:28:24 | Registered: C:\WINDOWS\system32\tdc.ocx

22:28:24 | Registered: C:\WINDOWS\system32\wshom.ocx

--- Registration: Control Panel applets ---

22:28:25 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl

22:28:26 | DllInstalled: C:\WINDOWS\system32\appwiz.cpl

22:28:26 | Registered: C:\WINDOWS\system32\appwiz.cpl

22:28:26 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl

22:28:26 | Registered: C:\WINDOWS\system32\nusrmgr.cpl

--- Registration: Direct[X|Draw|Show|Media] ---

22:28:26 | Registered: C:\WINDOWS\system32\quartz.dll

22:28:27 | Registered: C:\WINDOWS\system32\danim.dll

22:28:27 | Registered: C:\WINDOWS\system32\dmscript.dll

22:28:27 | Registered: C:\WINDOWS\system32\dmstyle.dll

22:28:27 | Registered: C:\WINDOWS\system32\dxmasf.dll

22:28:27 | Registered: C:\WINDOWS\system32\dxtmsft.dll

22:28:28 | Registered: C:\WINDOWS\system32\dxtrans.dll

22:28:28 | Registered: C:\WINDOWS\system32\sbe.dll

--- Registration: Programming cores/runtimes ---

22:28:28 | Registered: C:\WINDOWS\system32\atl.dll

22:28:28 | Registered: C:\WINDOWS\system32\corpol.dll

22:28:28 | Registered: C:\WINDOWS\system32\jscript.dll

22:28:28 | Registered: C:\WINDOWS\system32\dispex.dll

22:28:28 | Registered: C:\WINDOWS\system32\scrrun.dll

22:28:28 | Registered: C:\WINDOWS\system32\scrobj.dll

22:28:28 | Registered: C:\WINDOWS\system32\vbscript.dll

22:28:29 | Registered: C:\WINDOWS\system32\wshext.dll

--- Registration: Explorer/IE/OE/shell/WMP ---

22:28:29 | Registered: C:\WINDOWS\system32\activeds.dll

22:28:29 | DllInstalled: C:\WINDOWS\system32\browseui.dll

22:28:29 | Registered: C:\WINDOWS\system32\browseui.dll

22:28:29 | Registered: C:\WINDOWS\system32\browsewm.dll

22:28:29 | Registered: C:\WINDOWS\system32\cabview.dll

22:28:29 | Registered: C:\WINDOWS\system32\cdfview.dll

22:28:29 | Registered: C:\WINDOWS\system32\clbcatex.dll

22:28:29 | Registered: C:\WINDOWS\system32\clbcatq.dll

22:28:29 | Registered: C:\WINDOWS\system32\comcat.dll

22:28:30 | Registered: C:\WINDOWS\system32\cscui.dll

22:28:30 | Registered: C:\WINDOWS\system32\credui.dll

22:28:30 | Registered: C:\WINDOWS\system32\datime.dll

22:28:30 | Registered: C:\WINDOWS\system32\devmgr.dll

22:28:30 | Registered: C:\WINDOWS\system32\dfsshlex.dll

22:28:30 | Registered: C:\WINDOWS\system32\dmdlgs.dll

22:28:30 | Registered: C:\WINDOWS\system32\dmdskmgr.dll

22:28:30 | Registered: C:\WINDOWS\system32\dmloader.dll

22:28:30 | Registered: C:\WINDOWS\system32\dmocx.dll

22:28:30 | Registered: C:\WINDOWS\system32\dmview.ocx

22:28:30 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll

22:28:30 | Registered: C:\WINDOWS\system32\dsuiext.dll

22:28:30 | DllInstalled: C:\WINDOWS\system32\dsquery.dll

22:28:31 | Registered: C:\WINDOWS\system32\dsquery.dll

22:28:31 | Registered: C:\WINDOWS\system32\dskquoui.dll

22:28:31 | Registered: C:\WINDOWS\system32\els.dll

22:28:32 | Registered: C:\WINDOWS\system32\es.dll

22:28:32 | Registered: C:\WINDOWS\system32\fontext.dll

22:28:32 | Registered: C:\WINDOWS\system32\hlink.dll

22:28:32 | Registered: C:\WINDOWS\system32\hnetcfg.dll

22:28:32 | Registered: C:\WINDOWS\system32\iedkcs32.dll

22:28:32 | Registered: C:\WINDOWS\system32\iepeers.dll

22:28:32 | DllInstalled: C:\WINDOWS\system32\iesetup.dll

22:28:32 | Registered: C:\WINDOWS\system32\iesetup.dll

22:28:33 | Registered: C:\WINDOWS\system32\ils.dll

22:28:33 | Registered: C:\WINDOWS\system32\imgutil.dll

22:28:33 | Registered: C:\WINDOWS\system32\inetcfg.dll

22:28:33 | Registered: C:\WINDOWS\system32\inetcomm.dll

22:28:33 | DllInstalled: C:\WINDOWS\system32\inseng.dll

22:28:33 | Registered: C:\WINDOWS\system32\inseng.dll

22:28:33 | Registered: C:\WINDOWS\system32\laprxy.dll

22:28:33 | Registered: C:\WINDOWS\system32\lmrt.dll

22:28:34 | Registered: C:\WINDOWS\system32\mlang.dll

22:28:34 | Registered: C:\WINDOWS\system32\mmcndmgr.dll

22:28:34 | Registered: C:\WINDOWS\system32\mmcshext.dll

22:28:36 | Registered: C:\WINDOWS\system32\mscoree.dll

22:28:36 | DllInstalled: C:\WINDOWS\system32\mshtml.dll

22:28:37 | Registered: C:\WINDOWS\system32\mshtml.dll

22:28:37 | Registered: C:\WINDOWS\system32\mshtmled.dll

22:28:37 | Registered: C:\WINDOWS\system32\msieftp.dll

22:28:37 | Registered: C:\WINDOWS\system32\msoeacct.dll

22:28:37 | Registered: C:\WINDOWS\system32\msr2c.dll

22:28:38 | Registered: C:\WINDOWS\system32\msrating.dll

22:28:38 | DllInstalled: C:\WINDOWS\system32\mydocs.dll

22:28:38 | Registered: C:\WINDOWS\system32\mydocs.dll

22:28:38 | Registered: C:\WINDOWS\system32\mstime.dll

22:28:38 | Registered: C:\WINDOWS\system32\netcfgx.dll

22:28:38 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll

22:28:38 | Registered: C:\WINDOWS\system32\netplwiz.dll

22:28:38 | Registered: C:\WINDOWS\system32\netman.dll

22:28:38 | Registered: C:\WINDOWS\system32\netshell.dll

22:28:38 | Registered: C:\WINDOWS\system32\ntmsevt.dll

22:28:39 | Registered: C:\WINDOWS\system32\ntmsmgr.dll

22:28:39 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll

22:28:39 | Registered: C:\WINDOWS\system32\ntmssvc.dll

22:28:39 | DllInstalled: C:\WINDOWS\system32\occache.dll

22:28:39 | Registered: C:\WINDOWS\system32\occache.dll

22:28:39 | Registered: C:\WINDOWS\system32\ole32.dll

22:28:39 | Registered: C:\WINDOWS\system32\oleaut32.dll

22:28:39 | Registered: C:\WINDOWS\system32\oleacc.dll

22:28:39 | Registered: C:\WINDOWS\system32\olepro32.dll

22:28:39 | DllInstalled: C:\WINDOWS\system32\photowiz.dll

22:28:39 | Registered: C:\WINDOWS\system32\photowiz.dll

22:28:39 | Registered: C:\WINDOWS\system32\pngfilt.dll

22:28:39 | Registered: C:\WINDOWS\system32\remotepg.dll

22:28:39 | Registered: C:\WINDOWS\system32\rpcrt4.dll

22:28:39 | Registered: C:\WINDOWS\system32\rshx32.dll

22:28:39 | Registered: C:\WINDOWS\system32\sendmail.dll

22:28:40 | Registered: C:\WINDOWS\system32\slayerxp.dll

22:28:40 | DllInstalled: C:\WINDOWS\system32\shdocvw.dll

22:28:40 | Registered: C:\WINDOWS\system32\shdocvw.dll

22:28:40 | Registered: C:\WINDOWS\system32\shell32.dll

22:29:12 | DllInstalled: C:\WINDOWS\system32\shell32.dll

22:29:12 | Registered: C:\WINDOWS\system32\shmedia.dll

22:29:12 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll

22:29:12 | Registered: C:\WINDOWS\system32\shimgvw.dll

22:29:12 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll

22:29:13 | Registered: C:\WINDOWS\system32\shsvcs.dll

22:29:13 | Registered: C:\WINDOWS\system32\srclient.dll

22:29:13 | Unregistered: C:\WINDOWS\system32\stobject.dll

22:29:13 | Registered: C:\WINDOWS\system32\stobject.dll

22:29:14 | DllInstalled: C:\WINDOWS\system32\themeui.dll

22:29:14 | Registered: C:\WINDOWS\system32\themeui.dll

22:29:14 | Registered: C:\WINDOWS\system32\twext.dll

22:29:14 | DllInstalled: C:\WINDOWS\system32\urlmon.dll

22:29:14 | Registered: C:\WINDOWS\system32\urlmon.dll

22:29:15 | Registered: C:\WINDOWS\system32\userenv.dll

22:29:15 | DllInstalled: C:\WINDOWS\system32\webcheck.dll

22:29:15 | Registered: C:\WINDOWS\system32\webcheck.dll

22:29:15 | Registered: C:\WINDOWS\system32\webvw.dll

22:29:15 | Registered: C:\WINDOWS\system32\winhttp.dll

22:29:15 | DllInstalled: C:\WINDOWS\system32\wininet.dll

22:29:15 | Registered: C:\WINDOWS\system32\zipfldr.dll

22:29:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdadc.dll

22:29:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaenum.dll

22:29:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaer.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaipp.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaora.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaosp.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaps.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdasc.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdasql.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdatt.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaurl.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msxactps.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\oledb32.dll

22:29:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\oledb32r.dll

22:29:17 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\sqloledb.dll

22:29:17 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\sqlxmlx.dll

Reboote jetzt, ..mal sehen was passiert.

Das neue CF logfile:

Code:

ComboFix 10-07-31.04 - DUMMY 02.08.2010   2:10.4.1 - FAT32x86

ausgeführt von:: c:\dokumente und einstellungen\DUMMY\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\DUMMY\desktop\cfscript.txt

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\system32\msvcsv60.dll
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-02 bis 2010-08-02  ))))))))))))))))))))))))))))))

.
 

2010-08-01 22:14 . 2010-08-01 22:14        --------        d-----w-        c:\windows\system32\CatRoot2

2010-07-29 14:42 . 2010-07-29 14:42        --------        d-----w-        c:\programme\AVM_update

2010-07-28 20:18 . 2010-07-28 20:18        --------        d-----w-        C:\_OTL

2010-07-28 01:23 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-28 01:23 . 2010-07-28 01:23        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-07-28 01:23 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-07-27 18:00 . 2010-07-27 18:00        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-07-27 05:11 . 2010-07-27 05:11        --------        d-----w-        C:\rsit

2010-07-27 05:11 . 2010-07-27 05:11        --------        d-----w-        c:\programme\trend micro

2010-07-22 05:28 . 2010-07-22 05:28        24032        ----a-w-        c:\dokumente und einstellungen\Administrator.SCHROTTBOX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-07-22 05:03 . 2001-08-18 10:00        19456        ----a-w-        c:\windows\system32\simptcp.dll

2010-07-22 04:27 . 2010-07-22 04:27        --------        d-----w-        c:\programme\avmwlanstick

2010-07-21 21:04 . 2010-07-21 21:04        --------        d-----w-        c:\dokumente und einstellungen\Administrator.SCHROTTBOX\Lokale Einstellungen\Anwendungsdaten\Mozilla

2010-07-21 04:54 . 2010-07-21 04:54        415124        ----a-w-        c:\windows\system32\prfh0407.dat

2010-07-21 04:54 . 2010-07-21 04:54        74988        ----a-w-        c:\windows\system32\prfc0407.dat

2010-07-21 02:59 . 2010-07-21 03:00        --------        d-----r-        c:\dokumente und einstellungen\DUMMY2\Eigene Dateien

2010-07-21 01:26 . 2010-07-21 01:26        142        ----a-w-        c:\dokumente und einstellungen\SparkleXP\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

2010-07-21 01:26 . 2010-07-21 01:26        --------        d-----w-        c:\dokumente und einstellungen\SparkleXP\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory

2010-07-21 01:10 . 2004-08-03 23:57        221184        ----a-w-        c:\windows\system32\wmpns.dll

2010-07-21 01:09 . 2010-07-21 01:10        --------        d-----r-        c:\dokumente und einstellungen\SparkleXP\Eigene Dateien

2010-07-11 16:23 . 2010-07-11 16:23        --------        d-----w-        C:\MAPDATA

2010-07-11 16:19 . 2010-07-11 16:19        40960        ----a-r-        c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Microsoft\Installer\{5E08B15D-7C97-4FC9-8500-BD7EDA18C66A}\NewShortcut3_5E08B15D7C974FC98500BD7EDA18C66A.exe

2010-07-11 16:19 . 2010-07-11 16:19        40960        ----a-r-        c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Microsoft\Installer\{5E08B15D-7C97-4FC9-8500-BD7EDA18C66A}\NewShortcut1_5E08B15D7C974FC98500BD7EDA18C66A.exe

2010-07-11 16:19 . 2010-07-11 16:19        40960        ----a-r-        c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Microsoft\Installer\{5E08B15D-7C97-4FC9-8500-BD7EDA18C66A}\ARPPRODUCTICON.exe
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-01 23:37 . 2008-01-30 06:34        1897        --sha-w-        c:\windows\system32\mmf.sys

2010-07-22 00:26 . 2001-10-19 19:30        415124        ----a-w-        c:\windows\system32\perfh007.dat

2010-07-22 00:26 . 2001-10-19 19:30        74988        ----a-w-        c:\windows\system32\perfc007.dat

2010-07-21 07:02 . 2007-07-22 20:45        24032        ----a-w-        c:\dokumente und einstellungen\DUMMY\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-07-19 04:31 . 2008-06-22 05:04        32        ----a-w-        c:\windows\msocreg32.dat

2010-07-02 20:46 . 2010-07-02 20:46        --------        d-----w-        c:\programme\Geogrid

2010-07-02 19:32 . 2010-07-02 19:32        --------        d-----w-        c:\programme\Dornier GmbH

2010-06-24 04:08 . 2010-06-24 04:08        --------        d-----w-        c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Tracker Software

2010-06-21 10:15 . 2007-11-15 05:56        724992        ----a-w-        c:\windows\iun6002.exe

2010-06-09 22:00 . 2010-06-09 22:00        4379984        ----a-w-        c:\windows\system32\D3DX9_40.dll

2010-05-11 21:08 . 2008-01-30 06:33        16384        ----a-w-        c:\windows\Runservice.exe

2010-05-11 21:08 . 2008-01-30 06:33        48640        ----a-w-        c:\windows\mmfs.dll

2008-08-14 00:38 . 2008-08-14 00:14        88        --sh--r-        c:\windows\system32\80CA324E5B.sys

.
 

------- Sigcheck -------
 

Kryptografiedienst Fehler !!

.

(((((((((((((((((((((((((((((   SnapShot@2010-07-29_14.29.28   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-29 14:43 . 2006-12-28 00:02        97360              c:\windows\system32\ReinstallBackups\0004\DriverFiles\Fwusb1b.bin

- 2007-12-05 19:38 . 2006-12-28 00:02        74240              c:\windows\system32\fwlanci.dll

+ 2007-12-05 19:38 . 2006-12-27 23:02        74240              c:\windows\system32\fwlanci.dll

+ 2007-12-05 19:38 . 2006-12-27 23:02        97360              c:\windows\system32\drivers\Fwusb1b.bin

- 2007-12-05 19:38 . 2006-12-28 00:02        97360              c:\windows\system32\drivers\Fwusb1b.bin

+ 2006-12-27 23:02 . 2006-12-27 23:02        68096              c:\windows\system32\avmadd32.dll

- 2006-12-28 00:02 . 2006-12-28 00:02        68096              c:\windows\system32\avmadd32.dll

- 2007-12-05 19:39 . 2006-12-28 00:02        4352              c:\windows\system32\drivers\avmeject.sys

+ 2007-12-05 19:39 . 2006-12-27 23:02        4352              c:\windows\system32\drivers\avmeject.sys

+ 2010-07-29 14:43 . 2006-12-28 00:02        265088              c:\windows\system32\ReinstallBackups\0004\DriverFiles\fwlanusb.sys

- 2007-12-05 19:38 . 2006-12-28 00:02        265088              c:\windows\system32\drivers\fwlanusb.sys

+ 2007-12-05 19:38 . 2006-12-27 23:02        265088              c:\windows\system32\drivers\fwlanusb.sys

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]

"C-Media Mixer"="Mixer.exe" [2001-11-15 1216512]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2006-12-27 1454080]

"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]

"avgnt"="d:\programme2\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" [2007-12-04 1626112]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-682003330-764733703-854245398-1005\Scripts\Logoff\0\0]

"Script"=scriptoff.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-682003330-764733703-854245398-1005\Scripts\Logon\0\0]

"Script"=scripton.exe
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\WINDOWS\\System32\\dplaysvr.exe"=

"d:\\Programme2\\Sshock2\\SHOCK2.icd"=

"d:\\Programme2\\WEB.DE\\WEB.DE MultiMessenger\\MESSENGR.EXE"=

"d:\\Programme2\\Ubisoft\\Faces of War\\facesofwar.exe"=

"d:\\Programme2\\505games\\1C\\Men of War\\mow.exe"=

"d:\\Programme2\\ICQ6.5\\ICQ.exe"=

"d:\\Programme2\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=

"d:\\Programme2\\Steam\\SteamApps\\common\\red orchestra\\System\\ROEd.exe"=

"d:\\Programme2\\Azureus\\Azureus.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=

"d:\\Programme2\\IDA\\idag.exe"=

"d:\\Programme2\\IDA\\idag64.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"64268:TCP"= 64268:TCP:*:Disabled:upload

"61794:TCP"= 61794:TCP:Azureus  TCP

"61795:UDP"= 61795:UDP:Azureus UDP

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)
 

R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-05-11 16384]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-27 4352]

R3 es1969;ESS 1969-Audiotreiber (WDM);c:\windows\system32\drivers\es1969.sys [2001-08-17 72192]

R3 solo;TerraTec 128iPCI (WDM);c:\windows\system32\drivers\solo.sys [2000-07-10 73873]

R4 Aha1hiinrw;Aha1hiinrw;c:\windows\system32\drivers\modem.sys [2004-08-03 30336]

S1 Asapi;Asapi; [x]

S1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-02-21 3026]

S1 SSHDRV60;SSHDRV60;c:\windows\system32\drivers\SSHDRV60.sys [2008-07-24 36864]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\programme2\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 drhard;drhard; [x]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-12-27 265088]
 

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = fritz.box;***.***.***.*

FF - ProfilePath - c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Mozilla\Firefox\Profiles\glzgontx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Mozilla\Firefox\Profiles\glzgontx.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll

FF - component: c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Mozilla\Firefox\Profiles\glzgontx.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll

FF - component: c:\dokumente und einstellungen\DUMMY\Anwendungsdaten\Mozilla\Firefox\Profiles\glzgontx.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll

FF - component: d:\programme2\Mozilla Firefox\components\xpinstal.dll

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-08-02 02:14

Windows 5.1.2600 Service Pack 2 FAT NTAPI
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]

"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,

   25

"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,

   c3

"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,

   8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
 

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\A62C3DF982434ABDAD414E772CEE62E6]

"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,

   61,6c,bf,37,a7,d1,d7,c0,b2

"2"=hex:af,48,68,fb,0f,c8,42,37

"3"=hex:81,20,8f,ab,28,6a,52,9c

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,

   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20

"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,

   cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\

"8"=hex:4e,76,82,b0,55,a5,5f,45,e3,46,37,7a,f1,bf,6e,0b,57,13,88,21,a0,92,65,

   72,b9,9a,f2,3e,d9,45,85,51,e9,3a,c1,2c,27,5f,d1,9d,d2,e0,32,f2,fb,b8,18,f2,\

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:b6,dd,00,4d,9d,38,11,d1

"10"=hex:81,20,8f,ab,28,6a,52,9c

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:81,20,8f,ab,28,6a,52,9c

"13"=hex:81,20,8f,ab,28,6a,52,9c

"14"=hex:81,20,8f,ab,28,6a,52,9c

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:81,20,8f,ab,28,6a,52,9c

"22"=hex:81,20,8f,ab,28,6a,52,9c

.

Zeit der Fertigstellung: 2010-08-02  02:17:06

ComboFix-quarantined-files.txt  2010-08-02 00:17

ComboFix2.txt  2010-08-01 23:46

ComboFix3.txt  2010-08-01 23:23

ComboFix4.txt  2010-07-29 14:35

C:\DeQuarantine.txt
 

Vor Suchlauf: 272.900.096 Bytes frei

Nach Suchlauf: 257.343.488 Bytes frei
 

- - End Of File - - B21F33DCD9B7EA4F56E990C53981D881

und Dequarantine.txt

Code:

c:\qoobox\quarantine\c\windows\system32\msvcsv60.dll.vir -> c:\windows\system32\msvcsv60.dll ( 32 bytes )

Ich frage mich immer noch, wer oder was "S-1-5-21-682003330-764733703-854245398-1005" ist. :snyper: