16.03.2008, 12:01
|
#3 |
| |  Ständige Popups von Internetwerbung und unseriösen Spywares Schutz
Erstmal Danke das du mir hilfst !!
So ich hoff mal ich habs richtig gemacht hier ist Log: Zitat:
ComboFix 08-03-14.4 - ***** 2008-03-16 11:47:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1477 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\*****\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((( Dateien erstellt von 2008-02-16 bis 2008-03-16 ))))))))))))))))))))))))))))))
.
2008-03-15 23:42 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-15 23:41 . 2008-03-15 23:42 <DIR> d-------- C:\Programme\Java
2008-03-15 23:41 . 2008-03-15 23:41 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-03-15 08:42 . 2008-03-15 08:42 <DIR> d-------- C:\Programme\Lavasoft
2008-03-15 08:42 . 2008-03-15 08:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-03-15 08:28 . 2008-03-15 08:28 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten
2008-03-15 08:22 . 2008-03-15 17:34 <DIR> d-------- C:\Programme\Spyware Doctor
2008-03-15 08:22 . 2008-03-15 08:22 <DIR> d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PC Tools
2008-03-15 08:22 . 2008-03-15 22:10 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-03-15 08:22 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-15 08:22 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-15 08:22 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-15 08:22 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-14 23:19 . 2008-03-14 23:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-03-14 23:18 . 2008-03-14 23:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-14 22:55 . 2008-03-14 22:55 <DIR> d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SoftInform
2008-03-14 22:53 . 2008-03-14 22:53 <DIR> d-------- C:\Programme\SoftInform
2008-03-14 22:53 . 2008-03-14 23:00 <DIR> d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\AdsCleaner
2008-03-14 21:51 . 2008-03-14 21:51 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-03-13 00:02 . 2008-03-13 00:02 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-03-13 00:02 . 2008-03-13 07:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-03-12 20:46 . 2008-03-12 20:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-12 20:46 . 2008-03-12 20:46 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-12 18:07 . 2008-03-12 20:49 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-10 21:01 . 2008-03-10 21:01 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-10 21:01 . 2008-03-10 21:01 18,944 --a------ C:\WINDOWS\system32\wk32.dll
2008-03-10 21:01 . 2008-03-10 21:01 3,584 --a------ C:\WINDOWS\system32\ic32.dll
2008-03-09 22:50 . 2008-03-09 22:50 <DIR> d-------- C:\Programme\ICQ6
2008-03-01 18:15 . 2008-03-01 18:15 <DIR> d-------- C:\Programme\Veoh Networks
2008-03-01 09:22 . 2008-03-01 09:22 <DIR> d-------- C:\Programme\AVPersonal
2008-02-26 23:28 . 2008-02-26 23:29 <DIR> d-------- C:\E2PLUS
2008-02-26 23:28 . 1996-03-08 23:15 39,768 --a------ C:\WINDOWS\E2SETUP.EXE
2008-02-26 23:28 . 2008-02-26 23:30 326 --a------ C:\WINDOWS\E2PLUS.INI
2008-02-26 21:32 . 2008-02-26 21:32 <DIR> d-------- C:\Dokumente und Einstellungen\******\WINDOWS
2008-02-26 21:32 . 1996-03-08 23:15 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2008-02-26 21:32 . 1996-03-08 23:15 14,639 --a------ C:\WINDOWS\E2DEINST.EXE
2008-02-26 21:32 . 1996-03-08 23:15 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2008-02-26 21:32 . 2008-02-26 23:29 49 --a------ C:\WINDOWS\TEACH_ME.INI
2008-02-25 19:32 . 2008-02-11 02:05 5,004,062 --a------ C:\WINDOWS\Alica Keys - No one.mp3
2008-02-25 19:32 . 2008-02-09 16:36 1,087,470 --a------ C:\WINDOWS\server.0xe
2008-02-23 17:10 . 2008-02-23 17:11 <DIR> d-------- C:\Programme\Windows Live
2008-02-23 17:10 . 2008-02-23 17:11 <DIR> d--hsc--- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-02-23 17:10 . 2008-02-23 17:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-02-21 22:49 . 2008-02-21 22:50 <DIR> d-------- C:\Dokumente und Einstellungen\****\Anwendungsdaten\foobar2000
2008-02-21 13:52 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-02-21 13:52 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 13:52 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 13:51 . 2008-02-21 13:52 <DIR> d-------- C:\Programme\Winamp
2008-02-21 13:51 . 2008-02-21 13:53 <DIR> d-------- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Winamp
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 09:52 --------- d-----w C:\Dokumente und Einstellungen\*****\Anwendungsdaten\teamspeak2
2008-03-15 20:32 --------- d-----w C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ICQ
2008-03-15 09:43 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-03-10 05:06 --------- d-----w C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Hamachi
2008-03-01 17:16 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-14 12:00 --------- d-----w C:\Programme\F-Secure Internet Security
2008-01-23 21:28 --------- d-----w C:\Programme\DivX
2008-01-22 19:48 --------- d-----w C:\Programme\Activision
2007-11-22 13:23 22,328 ----a-w C:\Dokumente und Einstellungen\******\Anwendungsdaten\PnkBstrK.sys
.
------- Sigcheck -------
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2003-04-02 13:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-11-08 22:01 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-11-08 22:01 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0140DF95-9128-4053-AE72-F43F0CFCA062}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:57 15360]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"AnyDVD"="C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 04:34 1649600]
"msnmsgr"="C:\Programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ICQ"="F:\Programme\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10 56928]
"LanguageShortcut"="C:\Programme\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"CloneDVDElbyDelay"="C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"F-Secure Manager"="C:\Programme\F-Secure Internet Security\Common\FSM32.exe" [2007-05-28 10:19 183208]
"F-Secure TNB"="C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-28 10:18 740208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-04-02 13:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"VC9Player"="C:\Programme\Virtual CD v9\System\VC9Play.exe" [2007-05-15 13:30 202312]
"mmtask"="C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 12:26 53248]
"AtiPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-10-07 22:10 286720]
"amd_dc_opt"="C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"Mirabilis ICQ"="F:\Programme\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Spiele\\Binaries\\UT3.exe"=
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\SolidStateNetworks\\SolidStateION\\solidnm.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:* isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*isabled:SolidNetworkManager
"21369:TCP"= 21369:TCP:SolidNetworkManager
"21369:UDP"= 21369:UDP:SolidNetworkManager
"50693:TCP"= 50693:TCP:SolidNetworkManager
"50693:UDP"= 50693:UDP:SolidNetworkManager
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-08-30 13:06]
R1 atitray;atitray;C:\Programme\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
R1 F-Secure HIPS;F-Secure HIPS;C:\Programme\F-Secure Internet Security\HIPS\fshs.sys [2008-02-13 14:27]
R1 SSHDRV62;SSHDRV62;C:\WINDOWS\system32\drivers\SSHDRV62.sys [2007-09-02 20:25]
R1 vdrv9000;vdrv9000;C:\WINDOWS\system32\DRIVERS\vdrv9000.sys [2007-01-23 10:48]
R2 VC9SecS;Virtual CD v9 Management Service;C:\Programme\Virtual CD v9\System\VC9SecS.exe [2007-05-15 13:30]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-28 10:15]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-26 23:21]
S3 dump_wmimmc;dump_wmimmc;F:\Spiele\bin\GameGuard\dump_wmimmc.sys []
S3 HH9Help.sys;HH9Help.sys;C:\WINDOWS\system32\drivers\HH9Help.sys [2006-09-20 11:42]
S3 msloop;Microsoft Loopbackadaptertreiber;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 12:53]
S3 scramby_out;Scramby Output;C:\WINDOWS\system32\drivers\scramby_out.sys [2007-08-08 09:31]
S3 XDva059;XDva059;C:\WINDOWS\system32\XDva059.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-28 10:15]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-28 10:15]
S4 fsbl;F-Secure BlackLight Engine Driver;C:\Programme\F-Secure Internet Security\Anti-Virus\fsbldrv.sys []
*Newly Created Service* - FSBL
.
Inhalt des "geplante Tasks" Ordners
"2008-03-07 16:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-16 00:00:22 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 11:49:36
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-16 11:49:53
ComboFix-quarantined-files.txt 2008-03-16 10:49:52
ComboFix2.txt 2008-03-16 10:44:37
.
2007-11-14 13:13:14 --- E O F ---
| 
|
Hybrid-Darstellung
