ComboFix 12-07-30.03 - ASUS 31.07.2012 17:38:05.2.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1045.18.3582.3005 [GMT 2:00] ausgeführt von:: D:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\users\ASUS\AppData\Roaming\Hopeu\uxuha.ady c:\windows\msvcr71.dll . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Adobe Licensing Console . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-28 bis 2012-07-31 )))))))))))))))))))))))))))))) . . 2012-07-31 15:44 . 2012-07-31 15:44 -------- d-----w- c:\users\ASUS\AppData\Local\temp 2012-07-31 15:44 . 2012-07-31 15:44 -------- d-----w- c:\users\Gigi\AppData\Local\temp 2012-07-31 15:44 . 2012-07-31 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-31 14:12 . 2012-07-31 14:12 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-07-31 14:07 . 2012-07-31 14:12 -------- d-----w- c:\programdata\HitmanPro 2012-07-31 11:42 . 2012-07-31 11:42 -------- d-----w- c:\users\ASUS\AppData\Roaming\hellomoto 2012-07-27 20:13 . 2012-07-27 20:13 -------- d-----w- c:\users\ASUS\IGC 2012-07-27 20:13 . 2012-07-27 20:13 -------- d-----w- c:\users\ASUS\AppData\Roaming\IGC 2012-07-27 19:56 . 2012-07-27 19:56 -------- d-----w- c:\users\ASUS\AppData\Roaming\Autodesk 2012-07-27 19:56 . 2012-07-27 19:56 -------- d-----w- c:\programdata\Autodesk 2012-07-20 16:30 . 2012-07-20 16:30 -------- d-----w- c:\program files\DIFX 2012-07-11 10:06 . 2010-11-16 07:54 67464 ----a-w- c:\windows\system32\ftcserco.dll 2012-07-11 10:06 . 2010-11-16 07:53 73096 ----a-w- c:\windows\system32\drivers\ftser2k.sys 2012-07-11 10:06 . 2010-11-16 07:53 52616 ----a-w- c:\windows\system32\ftserui2.dll 2012-07-11 10:01 . 2010-11-16 07:54 199048 ----a-w- c:\windows\system32\ftd2xx.dll 2012-07-11 10:01 . 2010-11-16 07:53 201096 ----a-w- c:\windows\system32\FTLang.dll 2012-07-11 10:01 . 2010-11-16 07:54 60552 ----a-w- c:\windows\system32\drivers\ftdibus.sys 2012-07-11 10:01 . 2010-11-16 07:54 105352 ----a-w- c:\windows\system32\ftbusui.dll 2012-07-05 15:49 . 2012-07-05 15:49 -------- d-----w- c:\users\Gigi\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-31 15:31 . 2009-08-28 00:13 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-07-30 15:42 . 2012-02-09 09:35 139448 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-07-30 15:42 . 2012-02-09 09:34 282472 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-07-30 15:42 . 2012-02-08 19:25 282472 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-07-28 12:14 . 2011-12-15 16:39 282472 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-07-26 20:28 . 2012-04-20 12:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-26 20:28 . 2011-09-20 18:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 16:21 . 2011-09-23 18:46 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-09-23 18:46 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-09-23 18:46 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-09-23 18:46 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-09-23 18:46 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-09-23 18:46 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2011-09-23 18:46 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-09-23 18:46 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-18 14:31 . 2012-06-18 14:31 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-18 14:31 . 2012-06-18 14:31 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-06-18 14:31 . 2012-06-18 14:31 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-05-15 15:22 . 2012-02-09 09:34 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- d:\programy\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HW_OPENEYE_OUC_PLAY ONLINE"="d:\programy\PLAY ONLINE\UpdateDog\ouc.exe" [2009-04-14 110592] "SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-16 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-16 92704] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568] "Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-04-17 1593344] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-08-27 47672] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "avast"="d:\programy\Avast\avastUI.exe" [2012-07-03 4273976] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "SmiEngine"="c:\users\ASUS\AppData\Local\Microsoft\Windows\1380\SmiEngine.exe" [2012-07-31 54784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll, UsjazjaZbilx.dll . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.asus.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomoca BitComet - d:\programy\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomoca BitComet - d:\programy\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomoca BitComet - d:\programy\BitComet\BitComet.exe/AddLink.htm LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ncondeyj.default\ FF - prefs.js: browser.startup.homepage - google.pl FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-31 17:44 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1575448187-4104905436-2209312805-1000\Software\SecuROM\License information*] "datasecu"=hex:aa,1e,99,cd,d6,5c,d6,7a,ce,ed,67,4a,b0,da,7b,93,d5,df,c6,e0,be, 78,d5,ef,4c,79,ba,75,b1,68,08,91,0e,3d,20,d1,e5,ef,c4,6b,77,4d,36,37,cd,fd,\ "rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2012-07-31 17:47:14 ComboFix-quarantined-files.txt 2012-07-31 15:47 . Vor Suchlauf: 55.033.630.720 bytes free Nach Suchlauf: 55.501.516.800 bajtów wolnych . - - End Of File - - A61C465F8874078AA91E5E3CCCDF81C8