| tnowacki | 08.05.2008 16:43 |
Hier der Log von ComboFix: Code:
ComboFix 08-05-07.1 - Admin 2008-05-08 17:19:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1165 [GMT 2:00]
ausgeführt von:: C:\Users\***\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Users\***\Desktop\EditorFKWP2.0.exe
C:\Users\***\Desktop\filemanagerclient.exe
C:\Users\***\Desktop\fkwp1.5.exe
C:\Users\***\Desktop\fkwp2.0.exe
C:\Users\***\Desktop\fwebd.exe
C:\Users\***\Desktop\FWebdEditor.exe
C:\Users\***\Desktop\Trojan.Win32.BlackBird.exe
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\FVProtect.exe
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mslagent\2_mslagent.dll
C:\Windows\mslagent\mslagent.exe
C:\Windows\mslagent\uninstall.exe
C:\Windows\mssecu.exe
C:\Windows\system32\bsva-egihsg52.exe
C:\Windows\system32\emesx.dll
C:\Windows\system32\qoMeFyxw.dll
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\uywkqxoq.ini
C:\Windows\system32\wvUmjHAs.dll
C:\Windows\system32\wvUOFwTN.dll
C:\Windows\System32\YxENVvut.ini
C:\Windows\System32\YxENVvut.ini2
C:\Windows\userconfig9x.dll
C:\Windows\Web\def.htm
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp
.
((((((((((((((((((((((( Dateien erstellt von 2008-04-08 bis 2008-05-08 ))))))))))))))))))))))))))))))
.
Keine neuen Dateien erstellt in diesem Zeitraum
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 15:06 --------- d-----w C:\Users\***\AppData\Roaming\OpenOffice.org2
2008-05-08 14:56 39,865 ----a-w C:\Users\***\pms2.zip
2008-05-08 14:49 --------- d-----w C:\Users\***\AppData\Roaming\WTablet
2008-05-08 14:31 --------- d-----w C:\Program Files\CCleaner
2008-05-08 14:23 2,751,368 ----a-w C:\Users\***\ccsetup206.exe
2008-05-07 14:17 725,212 ----a-w C:\Users\***\avenger.zip
2008-05-06 18:52 193,229 ----a-w C:\Users\***\PCAntispyware_Installer.exe
2008-05-06 18:03 --------- d-----w C:\ProgramData\nfwspjcq
2008-05-06 18:01 --------- d-----w C:\Users\***\AppData\Roaming\Free Download Manager
2008-05-06 17:29 --------- d-----w C:\Users\Admin\AppData\Roaming\MyPhoneExplorer
2008-05-06 17:29 --------- d-----w C:\Users\Admin\AppData\Roaming\AD ON Multimedia
2008-05-06 17:27 3,346,598 ----a-w C:\Users\***\MyPhoneExplorer_Setup_1.6.7.exe
2008-05-06 16:16 --------- d-----w C:\Users\***\AppData\Roaming\Malwarebytes
2008-05-06 16:13 --------- d-----w C:\Users\Admin\AppData\Roaming\Malwarebytes
2008-05-06 16:13 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-06 16:13 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 15:54 1,505,568 ----a-w C:\Users\***\mbam-setup.exe
2008-05-06 14:41 6,580 ----a-w C:\Windows\System32\tmp.reg
2008-05-06 13:45 1,389,662 ----a-w C:\Users\***\SmitfraudFix.exe
2008-05-06 13:11 --------- d-----w C:\Program Files\SmartDraw 2008
2008-05-04 18:28 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-04 10:31 --------- d-----w C:\Users\Admin\AppData\Roaming\WTablet
2008-05-02 19:20 --------- d-----w C:\Users\***\AppData\Roaming\DNA
2008-05-02 11:32 --------- d-----w C:\Program Files\Tablet
2008-05-02 11:30 --------- d-----w C:\ProgramData\AppData
2008-05-01 08:14 --------- d-----w C:\Program Files\Windows Mail
2008-05-01 07:58 --------- d-----w C:\Program Files\Alwil Software
2008-05-01 07:51 --------- d-----w C:\ProgramData\Avira
2008-04-30 18:12 --------- d-----w C:\ProgramData\hmzovatq
2008-04-30 15:09 --------- d-----w C:\Program Files\Free FLV Converter
2008-04-30 13:16 83,028 ----a-w C:\Users\***\AppData\Roaming\nvModes.dat
2008-04-28 06:03 82,944 ----a-w C:\Windows\System32\IEDFix.exe
2008-04-28 06:03 82,944 ----a-w C:\Windows\System32\404Fix.exe
2008-04-27 09:06 --------- d-----w C:\Program Files\Trymedia
2008-04-27 07:09 --------- d-----w C:\Users\***\AppData\Roaming\Software Informer
2008-04-26 19:39 --------- d-----w C:\Users\***\AppData\Roaming\BitTorrent
2008-04-26 19:05 --------- d-----w C:\Users\***\AppData\Roaming\GHISLER
2008-04-26 18:56 --------- d-----w C:\ProgramData\FreeDownloadManager.ORG
2008-04-26 08:55 --------- d-----w C:\Program Files\PowerISO
2008-04-25 13:29 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-04-24 06:10 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-04-15 08:56 --------- d-----w C:\Users\***\AppData\Roaming\SmartDraw
2008-04-13 12:19 --------- d-----w C:\Users\***\AppData\Roaming\FileZilla
2008-04-13 08:33 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-04-09 15:05 --------- d-----w C:\Program Files\Free Windows Registry Cleaner
2008-04-08 18:14 --------- d-----w C:\Program Files\RegCleaner
2008-04-08 17:16 --------- d-----w C:\Program Files\Common Files\L&H
2008-04-08 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-08 17:11 --------- d-----w C:\Program Files\Microsoft Reader
2008-04-07 13:39 --------- d-----w C:\Users\***\AppData\Roaming\DynaGeo
2008-04-06 09:48 --------- d-----w C:\Program Files\MyPlayCity.com
2008-04-06 09:26 --------- d-----w C:\ProgramData\BOONTY
2008-04-06 09:26 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
2008-04-06 09:18 --------- d-----w C:\Program Files\ArtMoney
2008-04-05 20:38 --------- d-----w C:\Program Files\Infogrames
2008-04-05 18:47 --------- d-----w C:\Program Files\A.F.7 Merge your files 1.3
2008-03-29 19:13 --------- d-----w C:\Users\***\AppData\Roaming\FrostWire
2008-03-29 18:21 --------- d-----w C:\ProgramData\WinZip
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-27 17:46 --------- d-----w C:\Program Files\Gothic III
2008-03-26 16:23 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-03-25 17:44 --------- d-----w C:\Program Files\AVIConverter
2008-03-19 15:41 --------- d-----w C:\Users\***\AppData\Roaming\gtk-2.0
2008-03-17 14:38 --------- d-----w C:\Program Files\Maschinenschreiben Deluxe
2008-03-17 11:31 --------- d-----w C:\Program Files\iTunes
2008-03-17 11:17 --------- d-----w C:\Program Files\Vista OS X
2008-03-17 10:58 --------- d-----w C:\Program Files\CodeGazer
2008-03-16 11:37 --------- d-----w C:\Program Files\Risk
2008-03-16 11:07 --------- d-----w C:\Users\***\AppData\Roaming\Azureus
2008-03-16 10:56 --------- d-----w C:\Program Files\Java
2008-03-16 10:40 --------- d-----w C:\ProgramData\eMule
2008-03-16 08:22 --------- d-----w C:\Program Files\DNA
2008-03-15 19:24 --------- d-----w C:\Program Files\AskSBar
2008-03-15 19:21 --------- d-----w C:\Users\***\AppData\Roaming\LimeWire
2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-03-11 12:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 12:45 --------- d-----w C:\ProgramData\Symantec
2008-03-10 17:14 --------- d-----w C:\Program Files\EA GAMES
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 18:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 14:29 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-14 14:29 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-14 14:29 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-14 14:29 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-14 14:29 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-14 14:29 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-14 14:29 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-14 14:29 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-14 14:29 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-14 14:29 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-14 14:29 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-14 14:29 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-14 14:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 14:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 14:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-01 13:15 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-01 13:15 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-01 13:15 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6237B16D-70F2-4D04-ADD7-6ADAF1FE9617}]
C:\Windows\system32\tuvVNExY.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-15 21:24 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-15 21:24 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 04:02 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 11:29 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-15 12:48 1006264]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 20:07 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 17:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 20:09 493688]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 18:27 530552]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 14:50 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 15:50 3772416 C:\Windows\RtHDVCpl.exe]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 18:11 577536]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 16:42 554640]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"Acrobat Assistant 8.0"="H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [ ]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-06 18:56 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-06 18:56 8493600]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-06 18:56 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="E:\Adobe\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"jUEaiEOHPm"= C:\ProgramData\hmzovatq\xkpapszm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{42EE9134-CB88-4003-B1E6-237774E43D0D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{2C35729F-B9CB-4B0C-999E-3DEA763D9F61}C:\\program files\\team17\\worms 3d\\bin\\worms3d.exe"= UDP:C:\program files\team17\worms 3d\bin\worms3d.exe:worms3d
"UDP Query User{3D20A34F-9184-4CE9-99D6-AB7BDCE2A952}C:\\program files\\team17\\worms 3d\\bin\\worms3d.exe"= TCP:C:\program files\team17\worms 3d\bin\worms3d.exe:worms3d
"{E064E23E-953E-4FC2-9D0B-8AF0E1F49C4D}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{73EB12D5-8924-47AF-8EE9-A9098A69A5AC}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{CC9F9FC9-4146-4F0A-B49D-208A397466F2}C:\\scol\\usmwin.exe"= UDP:C:\scol\usmwin.exe:UsmWin
"UDP Query User{9CD095D7-AF99-45B9-801E-5FEB091F2701}C:\\scol\\usmwin.exe"= TCP:C:\scol\usmwin.exe:UsmWin
"TCP Query User{545140D6-49B1-4C7C-9E6D-3D7D7468C8D8}C:\\program files\\ascaron entertainment\\sacred\\sacred.exe"= UDP:C:\program files\ascaron entertainment\sacred\sacred.exe:Sacred
"UDP Query User{144FCD72-6DD6-4BF5-A5CD-C8B9D302E866}C:\\program files\\ascaron entertainment\\sacred\\sacred.exe"= TCP:C:\program files\ascaron entertainment\sacred\sacred.exe:Sacred
"TCP Query User{2A9125B3-84A8-479A-BD82-ED3A5F005710}E:\\testdrive unlimited\\testdriveunlimited.exe"= UDP:E:\testdrive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{2D6BBF45-719D-4525-8AF9-BC0AE3FC8611}E:\\testdrive unlimited\\testdriveunlimited.exe"= TCP:E:\testdrive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{4AF7F1CC-1365-479A-95B9-81B56FBCF353}E:\\vgigant\\vgigant.exe"= UDP:E:\vgigant\vgigant.exe:MFC-Anwendung default
"UDP Query User{9675689C-1230-4A6B-A272-9A2485B202C1}E:\\vgigant\\vgigant.exe"= TCP:E:\vgigant\vgigant.exe:MFC-Anwendung default
"{7728616D-19DA-4C28-8DF9-34C32C2EE5A2}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{74228402-2C31-41F1-BAAD-B3997CEC5CD3}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{FF33614A-DEB3-4589-9F35-20522EB5D3EF}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{E895D9C2-1785-430A-B2D4-508B9D25EAD0}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8FCB0657-64DC-485A-AECD-F6F6DE6575B2}"= UDP:3703:Adobe Version Cue CS3 Server
"{F019B9DE-88EF-4F56-8D5D-4CC40F53C293}"= UDP:3704:Adobe Version Cue CS3 Server
"{952B5BE3-7A6F-44CD-A749-0867AC6F6533}"= UDP:50900:Adobe Version Cue CS3 Server
"{DF247C40-0A4E-4827-8E1C-858792C08A62}"= UDP:50901:Adobe Version Cue CS3 Server
"{BCD39D22-AD93-4B4F-83BC-D70287B6836A}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{59B3DE7E-888A-413D-AD52-135A85B9DDBE}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E74A2C0F-626C-4B1F-B7DA-520DEB670C1A}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{97211BB8-0349-4E4A-BCA2-74A6F22D05F4}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{FD02D60B-93B1-450E-93FC-A17CAB211202}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{1D9FD9B3-FB72-4B50-9CA4-3DCF6737754C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{AE9EE46E-86FC-40C0-B694-F288BF4A44EE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E48CA54E-FAAA-45C3-8104-54E13980EC72}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BCE3AE7D-B148-4A15-AB0A-69129EB7529B}"= UDP:H:\ITUNES\iTunes.exe:iTunes
"{19975A38-2231-460E-B691-66DCF091A0B7}"= TCP:H:\ITUNES\iTunes.exe:iTunes
"TCP Query User{25832DDA-52DD-43F3-BD70-175789D9B1BC}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{30F6EE18-35FF-4CC1-83E3-C3DF70971670}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{9651BD12-553B-4AEF-8153-0AAE9B1927CB}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:eMule
"UDP Query User{E7FD6214-2CE9-436C-9DCF-CA9E28B8E756}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:eMule
"TCP Query User{D33C38F8-E4A4-4062-B765-0D8D90A2C2E2}E:\\azureus\\azureus.exe"= UDP:E:\azureus\azureus.exe:Azureus
"UDP Query User{E60032C4-687B-4DC9-B1EA-B7AB16C89F89}E:\\azureus\\azureus.exe"= TCP:E:\azureus\azureus.exe:Azureus
"{0918C51F-4C50-422B-8623-B1CD641B1112}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{74066FAD-AE15-4D8B-A039-31AFCDD30FB2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{18BB9978-FF06-407D-A365-E61C299F489E}"= UDP:H:\BitTorrent\bittorrent.exe:BitTorrent
"{D94F5E3D-4418-4964-8827-AF238A3A9A3E}"= TCP:H:\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{84A7B4DA-59C0-4113-8B4C-DF072C677498}C:\\phpdev5\\apache2\\bin\\apache.exe"= UDP:C:\phpdev5\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{B4C9F87F-9BD7-46CC-BD8A-8781F4569AE8}C:\\phpdev5\\apache2\\bin\\apache.exe"= TCP:C:\phpdev5\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{2B178FEC-F2BA-4181-A2C3-4300FA9E3A52}C:\\phpdev5\\mysql\\bin\\mysqld-nt.exe"= UDP:C:\phpdev5\mysql\bin\mysqld-nt.exe:mysqld-nt
"UDP Query User{DB89CC75-BD3A-4FB2-9245-02CF3B47AF39}C:\\phpdev5\\mysql\\bin\\mysqld-nt.exe"= TCP:C:\phpdev5\mysql\bin\mysqld-nt.exe:mysqld-nt
"{5A7380FD-07D8-4816-86AD-2980C80DCC03}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E9B14BDE-BAD4-4349-93DC-04C5C2CFFDC2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{0A23A62B-2AFC-4DB8-BA99-3AC4981D82A1}C:\\users\\***\\xampp\\mysql\\bin\\mysqld.exe"= UDP:C:\users\***\xampp\mysql\bin\mysqld.exe:mysqld.exe
"UDP Query User{1BFBC6AD-4523-4729-8994-6B3418DE7607}C:\\users\\***\\xampp\\mysql\\bin\\mysqld.exe"= TCP:C:\users\***\xampp\mysql\bin\mysqld.exe:mysqld.exe
"TCP Query User{84AA94BC-3B20-4446-B2EB-EFA3C3293946}C:\\users\\***\\xampp\\apache\\bin\\apache.exe"= UDP:C:\users\***\xampp\apache\bin\apache.exe:apache.exe
"UDP Query User{AF597100-DEA4-42AD-BE04-01FB09E7FA25}C:\\users\\***\\xampp\\apache\\bin\\apache.exe"= TCP:C:\users\***\xampp\apache\bin\apache.exe:apache.exe
"TCP Query User{D9629B20-3AB8-45DB-BE7C-38436E6525CA}E:\\program files\\global star software\\airport tycoon 3\\at3.exe"= UDP:E:\program files\global star software\airport tycoon 3\at3.exe:at3
"UDP Query User{6514A8F1-7520-446B-89D3-E6185CAEC77F}E:\\program files\\global star software\\airport tycoon 3\\at3.exe"= TCP:E:\program files\global star software\airport tycoon 3\at3.exe:at3
"TCP Query User{024C16F0-5DB0-4CFE-9809-BAF9FACD6B82}E:\\program files\\airport tycoon 3\\at3.exe"= UDP:E:\program files\airport tycoon 3\at3.exe:at3
"UDP Query User{2DA6C647-6016-4EFC-AF4B-FA0D0E255335}E:\\program files\\airport tycoon 3\\at3.exe"= TCP:E:\program files\airport tycoon 3\at3.exe:at3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 uigxrdr;uigxrdr;C:\Windows\system32\DRIVERS\uigxrdr.sys [2008-02-05 11:26]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 23:40]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
S2 dev5_ap1;dev5_ap1;"C:\phpdev5\apache\Apache.exe" --ntservice []
S2 dev5_ap2;dev5_ap2;"C:\phpdev5\apache2\bin\Apache.exe" -k runservice []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-04-06 11:26]
S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 17:32]
S3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
S3 wampapache;wampapache;"H:\wamp\apache2\bin\Apache.exe" -k runservice []
S3 wampmysqld;wampmysqld;H:\wamp\mysql\bin\mysqld-nt.exe []
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 19:50]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-02-14 19:41]
.
Inhalt des "geplante Tasks" Ordners
"2008-05-08 14:49:51 C:\Windows\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://***.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
"2008-05-08 15:20:20 C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://***.gmer.net
Rootkit scan 2008-05-08 17:22:53
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-08 17:24:47
ComboFix-quarantined-files.txt 2008-05-08 15:24:04
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
306 --- E O F --- 2008-05-07 13:12:52
|
