| |  hab hier eine Hijackthis erstellt und leider blicke ich da nicht durch.
combofix  Zitat:
ComboFix 08-05-01.3 - Grzegorz 2008-05-04 17:11:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1295 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Grzegorz\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Grzegorz\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Dokumente und Einstellungen\Grzegorz\new.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((( Dateien erstellt von 2008-04-04 bis 2008-05-04 ))))))))))))))))))))))))))))))
.
2008-05-04 15:03 . 2008-05-04 15:05 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-04 15:03 . 2008-05-04 15:03 <DIR> d-------- C:\Dokumente und Einstellungen\Grzegorz\Anwendungsdaten\Malwarebytes
2008-05-04 15:03 . 2008-05-04 15:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-04 14:37 . 2008-05-04 14:37 <DIR> d-------- C:\Deckard
2008-05-04 14:12 . 2008-05-04 14:12 <DIR> d-------- C:\Programme\Trend Micro
2008-05-04 13:43 . 2008-05-04 13:45 5,470 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-04 13:42 . 2008-05-04 13:42 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-05-03 20:33 . 2008-04-14 07:29 2,147,840 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel
2008-05-03 20:33 . 2008-04-14 07:30 2,026,496 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel
2008-05-03 19:21 . 2008-05-03 19:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-03 19:21 . 2008-04-14 07:52 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-03 19:18 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002746_.tmp
2008-05-03 13:39 . 2008-05-03 13:39 <DIR> d-------- C:\PCWELT
2008-05-03 12:49 . 2008-05-03 14:49 <DIR> d-------- C:\Programme\Security Task Manager
2008-05-03 12:49 . 2008-05-03 14:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2008-05-03 10:13 . 2008-05-03 10:13 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-05-03 10:13 . 2008-05-03 11:16 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-05-03 10:12 . 2008-05-03 10:12 <DIR> d-------- C:\Programme\Lavasoft
2008-05-03 10:12 . 2008-05-03 10:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-05-03 10:04 . 2008-05-03 10:04 <DIR> d-------- C:\Programme\Avira
2008-05-03 10:04 . 2008-05-03 10:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-04-25 11:15 . 2008-04-25 11:15 <DIR> d-------- C:\Dokumente und Einstellungen\Grzegorz\Anwendungsdaten\vlc
2008-04-23 17:20 . 2008-04-23 17:20 <DIR> d-------- C:\Programme\VideoLAN
2008-04-23 17:17 . 2008-04-23 17:19 <DIR> d-------- C:\Dokumente und Einstellungen\Grzegorz\dwhelper
2008-04-23 17:16 . 2008-04-23 17:16 <DIR> d-------- C:\Dokumente und Einstellungen\Grzegorz\Anwendungsdaten\Talkback
2008-04-17 13:44 . 2008-04-17 13:44 <DIR> d-------- C:\WINDOWS\{34375EB6-01AC-4BF4-A605-97EFBEFC0ABF}
2008-04-17 13:44 . 2008-04-17 13:44 <DIR> d-------- C:\Programme\Arcor
2008-04-17 13:42 . 2008-04-17 13:42 3,660 --a------ C:\WINDOWS\aebwlan.cfg
2008-04-17 13:38 . 2006-03-15 10:35 17,664 -ra------ C:\WINDOWS\system32\drivers\AWISp50.sys
2008-04-17 13:33 . 2008-04-17 13:33 <DIR> d-------- C:\Programme\ZyXEL
2008-04-17 13:31 . 2006-06-02 10:23 402,944 --a------ C:\WINDOWS\system32\drivers\WlanUZXP.SYS
2008-04-14 07:53 . 2008-04-14 07:53 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 07:53 . 2008-04-14 07:53 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 07:52 . 2008-04-14 07:52 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2008-04-14 07:50 . 2008-04-14 07:50 24,064 -----c--- C:\WINDOWS\system32\dllcache\pidgen.dll
2008-04-14 07:33 . 2008-04-14 07:33 1,950 --------- C:\WINDOWS\system32\pid.inf
2008-04-12 18:53 . 2008-04-12 18:53 <DIR> d-------- C:\WESTWOOD
2008-04-12 18:52 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-12 18:51 . 2008-04-12 18:51 0 ---hs---- C:\WINDOWS\S7EBEF08B.tmp
2008-04-07 00:23 . 2008-04-07 00:23 <DIR> d-------- C:\Programme\Eidos Interactive
2008-04-06 21:11 . 2008-04-06 21:11 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 15:01 --------- d-----w C:\Dokumente und Einstellungen\Grzegorz\Anwendungsdaten\Skype
2008-05-04 11:45 67,168 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-04 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-03 18:18 --------- d-----w C:\Programme\MAGIX
2008-05-03 18:17 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2008-05-03 18:16 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-03 17:32 --------- d-----w C:\Programme\MSN Messenger
2008-05-03 08:54 --------- d-----w C:\Programme\Gemeinsame Dateien\LogiShrd
2008-05-03 08:44 --------- d-----w C:\Programme\Password Safe
2008-05-03 08:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-03 08:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
2008-05-03 07:59 --------- d-----w C:\Dokumente und Einstellungen\Grzegorz\Anwendungsdaten\Lavasoft
2008-05-02 15:10 --------- d-----w C:\Programme\PokerStars
2008-04-27 05:41 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-04-26 20:47 --------- d-----w C:\Dokumente und Einstellungen\Grzegorz\Anwendungsdaten\temp
2008-04-14 06:06 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 05:55 333,312 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 05:52 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-14 05:51 762,368 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
2008-04-14 05:51 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 05:51 731,648 ----a-w C:\WINDOWS\system32\ntdll.dll
2008-04-14 05:51 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 05:51 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 05:51 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 05:51 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 05:32 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 05:32 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 05:32 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 05:32 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 05:32 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 05:30 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:29 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:29 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:28 800,384 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:28 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 05:28 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 05:28 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 05:27 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:27 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 05:26 81,408 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:26 51,712 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:26 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 05:26 2,973,696 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 05:25 689,664 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:25 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:25 52,992 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:24 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:24 202,752 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 05:24 10,752 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:23 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:22 68,096 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 05:22 57,728 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:22 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 05:22 53,760 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 05:22 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 05:22 273,920 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:21 701,952 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 05:21 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 05:21 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 05:20 9,216 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 05:20 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 05:20 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 05:19 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:19 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 05:19 188,800 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
.
------- Sigcheck -------
2007-01-04 16:02 670720 04a670155a6d86dfbf562f45544e1908 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-02-19 17:22 671232 e2cb4d46ff3638bff234ae4253bc6430 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 14:44 671232 af95c8d19c4391550dbb9fb78d078fa2 C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 16:39 671232 8ffb79a006666912364801ae679e618e C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 14:56 671232 d6140d5095e62bd609df3201c7b854ac C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2004-08-04 00:57 696320 26fed16a078a428d7e1445c76ca1408c C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2008-04-14 07:52 706048 189cabf5597c5f2990608b5a4a1b7d95 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-08-22 15:13 664576 8d3cca79f45918f6164b5be5a3364b19 C:\WINDOWS\SoftwareDistribution\Download\1d08e70811beda15f8618af8f3e662ac\sp2gdr\wininet.dll
2007-08-22 14:56 671232 d6140d5095e62bd609df3201c7b854ac C:\WINDOWS\SoftwareDistribution\Download\1d08e70811beda15f8618af8f3e662ac\sp2qfe\wininet.dll
2007-12-07 03:06 665088 84e9262ed72810cff255befd188d4038 C:\WINDOWS\SoftwareDistribution\Download\5196d7f46900f46bf7afb26dbdeff466\sp2gdr\wininet.dll
2007-12-07 02:46 671744 273f4b37b80c8d398713a88b788fe59b C:\WINDOWS\SoftwareDistribution\Download\5196d7f46900f46bf7afb26dbdeff466\sp2qfe\wininet.dll
2008-02-16 10:59 665088 34b6ee86f286b2595539e1617962256d C:\WINDOWS\SoftwareDistribution\Download\8081082493a4c421941d373e4716ca4d\sp2gdr\wininet.dll
2008-02-16 11:30 671744 6c49192217df0509bc6a576535545529 C:\WINDOWS\SoftwareDistribution\Download\8081082493a4c421941d373e4716ca4d\sp2qfe\wininet.dll
2007-10-11 08:12 665088 dc532b5bd08e02df13c9f166d0f4f73b C:\WINDOWS\SoftwareDistribution\Download\86ac1600338091b137527e1fb0e9bc9f\sp2gdr\wininet.dll
2007-10-11 07:58 671744 6be2cddc28610d9e73e54678a131b253 C:\WINDOWS\SoftwareDistribution\Download\86ac1600338091b137527e1fb0e9bc9f\sp2qfe\wininet.dll
2008-04-14 07:52 706048 189cabf5597c5f2990608b5a4a1b7d95 C:\WINDOWS\system32\wininet.dll
2008-04-14 07:52 979456 bb8e0ae6833a774f4792cb8892ca92e6 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:57 977920 255895ec24d86fe41116c82b3a63b99b C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 07:52 979456 bb8e0ae6833a774f4792cb8892ca92e6 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f C:\WINDOWS\SoftwareDistribution\Download\e94b50580b3d9c69a3c27b7653239432\sp2gdr\explorer.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-09 14:13 68856]
"Gadu-Gadu"="C:\Programme\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-05-28 15:52 23458344]
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 18:02 1880064]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"InCD"="C:\Programme\Ahead\InCD\InCD.exe" [2004-09-07 15:25 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TrayServer"="C:\Programme\MAGIX\Video_deluxe_2007_2008_e-version\TrayServer.exe" [ ]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 07:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 11:50 8425472]
"nwiz"="nwiz.exe" [2007-03-22 11:50 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 11:50 81920]
"LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 02:12 488984]
"LogitechQuickCamRibbon"="C:\Programme\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 02:13 774168]
"mxomssmenu"="C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360]
C:\Dokumente und Einstellungen\Grzegorz\Startmen\Programme\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]
C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Arcor Wlan-Monitor 1.0.lnk - C:\Programme\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe [2007-12-03 11:55:08 5050368]
ZyXEL G-220 v2 Wireless Adapter Utility-Programm.lnk - C:\Programme\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility-Programm\ZyXEL G-220 v2.exe [2008-04-17 13:33:11 10919936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Gadu-Gadu\\gg.exe"=
"E:\\Programme\\BearShare\\BearShare.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE"=
"E:\\Programme\\mIRC\\mirc.exe"=
"E:\\Programme\\Metin2_PL\\metin2.bin"=
"E:\\Programme\\Metin2_Germany\\metin2.bin"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"E:\\Programme\\Anno 1701\\Anno1701.exe"=
"E:\\Programme\\Anno 1701\\Anno1701AddOn.exe"=
"E:\\Programme\\Virgin Interactive\\Original War\\OwarFull.DLL"=
"C:\\Programme\\ZyXEL\\ZyXEL G-220 v2 Wireless Adapter Utility-Programm\\ZyXEL G-220 v2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AWISp50.sys [2006-03-15 10:35]
R2 drhard;drhard;C:\WINDOWS\system32\drivers\drhard.sys [2005-12-01 11:49]
R2 Maxtor Sync Service;Maxtor Service;C:\Programme\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\ZDCNDIS5.sys [2006-06-02 10:23]
R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-06-02 10:23]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\5.tmp []
S3 cel90xbe;cel90xbe;C:\DOKUME~1\Grzegorz\LOKALE~1\Temp\cel90xbe.sys []
*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-05-02 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programme\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 17:13:18
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?p?s????p?????6~??6~9B????8~J?8~@9f???????????????????8~p???4?6~D?????????????????8~??????????????8~??????6~????????Z?6~????*?6~????@9f?T9f??????????? ????????????????b?????????????????????p???W?9~0?6~????*?6~??6~??????8~D???????p????,@?4???????E]7~?????????,@
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\5.tmp"
.
Zeit der Fertigstellung: 2008-05-04 17:15:24
ComboFix-quarantined-files.txt 2008-05-04 15:15:13
13 Verzeichnis(se), 3,912,790,016 Bytes frei
17 Verzeichnis(se), 3,950,051,328 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
289 --- E O F --- 2008-05-04 13:00:16
|
|
03.05.2008, 14:22
Linear-Darstellung
