| |  ikowin32.exe problem
 teil2: .......................... Zitat:
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 23:10
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\***\LOKALE~1\Temp\KXD143.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vdrv9000]
"ImagePath"="system32\DRIVERS\vdrv9000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-484763869-1177238915-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-484763869-1177238915-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,6e,bc,6e,0f,89,38,54,03,3c,ee,0f,46,4b,d9,ae,84,ea,5e,ea,e0,3c,1a,
f6,d8,f3,e6,8a,41,0a,41,c4,55,80,d4,ef,94,d5,27,87,39,03,e3,6e,3b,77,31,c1,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-484763869-1177238915-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:66,a1,8b,17,3d,d3,96,9b,6a,5f,82,3a,d4,94,dd,e6,fa,c4,75,d3,03,
16,f1,55,c3,01,75,08,49,29,6c,2e,98,77,0e,f3,8e,91,ff,5d,97,be,03,41,6a,dd,\
"rkeysecu"=hex:0a,73,de,58,a9,ac,33,9c,57,72,a8,24,49,3c,ad,32
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"70403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="DC4FD6863692956633E0551CDE8C289B0DA35E38C56B775CCDAF6E31980FB050758DB48912030460D2B62ABF89C4E00FFB99ECAA5D16F9DC1A39 F3E8A2DB22BD88540FDFAC1772A3402437C8E0DF4411921F2F52D8FE7740395E73C9DB0B0EDB2F7CFA5F9F9D8EC3609848F05A95C7E4245FC8692F694B9B8920852FD807D12F747F2624B9 CC5CD80D2BBEB22404B0537526EDEB06FA20885D28D5B6DE201F45D9FED10EFD3B317E921210CF1B2D9C2AC1E66C9C3C3E7726FCBE23C1E4897D2AD03ED1BE226738D332AC45CBD474FA3A 37381FFEE0A1A615A2D4BFF71B59C4F043A60D1E9030FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2 F6E667A9C6AECB7A5D14075D575E7D6A3B9808C038D530D6EB3452F955537E6711AC7F030C5AF7675652D7210FA8BEFA8DF064A18794371EB5B041E6A96F3417BD762803E75A5F3747A5A8 A23BF634ECEC3566C377E28A1FAD94E9BD3305AE6250608919BE2891F76564543A2969FD1E58F41BDAD77263AF8B8EFECB2D873517054D13173C66CF0BB1B0946115EC7425302F2622169B 56B9301BA834D25DB212DFD897248E27FC64EE6183DEBEE3942A97178AAAA12E973CBE6BF4E868623648A550CEB868F3200CA381A255E8A100EA7716B3D6EF6B02C824E2D7B4B1637240E1 B455238148E71F9BCED636DB70FAB77B456E5FF88A13058A9AA73378A53F94623BA8849213224CE43D6847628B6F781375EBCF3AB3EB2D64DF9D560BDF95F538CDADD2DB39C4D8D3708225 CD26682374A941083385D38D663159E13BBC96A6B98A2AD99E93E49D00C5B7BC6FE49748961A68BAEA92B3090AC55C6EDDDA827E03C14B33236DBF06C24BF9D021DE5307B4B13EF066E09A 950C830DE9CDCC42E86F799ED4B207B513BBC1247A3E231393D011050735E9B83FED093614E69BE0E4A36C99039C13CAD7CF21EF23253373BA2E8AE02A679BE422F3A506028CBF8C068386 1256B33B257DA3148088B901365654265DE090599971A85E8F9B232B17723BE9C3BD4E9B1340A479D8BE64F840DA111E65824AF773F359EBC820153E79E5386BCEFA46C202700162E12C11 F599CA72644B393141B503953A8B9D50D14EB0AB16B5A37BB58872AA16E60CAF4AEFC04E1BC585E574C40E34EA977AC5AF53350E26E021D06DDBBDDA1019EB31BA9469BB19EB3C0D42AC95 CC508DEE6A18EB6A168E9AB22C535ADF0C7C0DAF90FE7B0797EB3D84CE5199313D7575883A3D1F5DC4731368774A82F77CC0BA8EC745BDED825199D9D83CDD8AA615382730C5182BDB2EDC A8A324783BAFF0FE12D52F98875F3D478B5A8F6FE06E21A5FED04D250861CC71AD21AA04716E59991941D06DD1D5D7EF3E894F6806BD3DEF1A9FE239BB9E912984E6"
"OODEFRAG10.00.00.01WORKSTATION"="6250DC14F3AFEF9203E9839E70D966F248D5C3B107106C905F3B989CB8ACE8523F37A475305676D8420B399DCBEC888215CFA4506E0EE605F2C6 52BEA4ACF592B0323B41992D4D8E193F29925E9BA0581C7EC1A278E9FA1FC9F36D704AC944C59C2C81FAC80799619AEA47C07C81F8B33D5FC5CCD7A8B64EB0F7E855DB9147315F346B670C 1DD603CF959C2E3220B157CD92EDB7F43200886A2C55D53DF7C898C77D7D12E28750AA336B43273D5B3C8C16DD8A0E6C568C452D8FDB2186D2E5C4985DD5490548AA93383CEE39107C5F1D D4AA02C10CC4E88223C23428845CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D2 13B555A6171C11EC38DE3DA9C6AECB7A5D14078F2900C725E2089B3ED1A5302106C5B5A3818A82C681C2436BE21D77B804BB45EAEF07000AB9F5735F3C1CC89AB425127368AE5CCDD41853 188CAACA8348C8C8ACC80060EF1A27E87752E2F637D0439DEFA352CCE09CBD69D4AB7BEB169511981417E1ABB20BA1868AA7DC36A76225EA801863A4298254400C16AB282ED6F338B5C414 46455AA2B7EE55DFA233B684EEE130C55ADFF5B27881A5CB6D1BBB8110743AF3382C96974FD278B57FB3DF4C05A659CF8BD529E0154ABBDFD1423604EC0E6AD22E8115A503B3319CB19633 9D6C31044CF46C119C7DCFB7DE8B9AFE727E11C674FAF16D246AE52347C2DF48CD453CA77BF99D68587C5183B67831117DD9DEC69412BE7C9D0512F8DBE1A4FDE39853BC0EA1732FB742DE 87C59626AA86F6AEE75D0D3CE15232B2DE72608FF41DCE57412E968CA316615F32600BAECF25328CA8F128558137B999041BB4DE91EAB77EB6F3A79C5081538C774F1D9146A14C568CE545 86037043E71FD677E3FCF0054F237049EAFBB970F24D4DB8AC9A7D6ABE1BC2E761D45CDC97E61C678725074D288FA51052B535F9F5AF0CEDED1B6A134CE106B90A2409F77399556641BBB9 8AB98A8AB7C3D09C934A9A2E705BDBCCB3D96DA0083C68BB699BF6DE7AA034CB9B87258BA0C0E2CE437A14CC180DB2C19D175476C2C2D6E9EA03C30C4DC7492F426CF4064B61455CF5E31F F2E0AF3C9783062C6200006C401AF1C923AC6DF68E2693944DE0D0968A79B8C9A0EB03574E7FFD11AF7769E91DF785D3DD8B5A7F4550FD9FA9A94E39D4837DA04B7B5A269F8CA8A3A00707 D3166AAA3469FD6F6763AF01B9D497AC5366A90E36D9771F11F40C8607E92E78F0F03A28BD69BF1CF7AD1745877DBA544EA1661622A76DCDC16BC068623414EC4DA91594CAF2AC683D9D3D C633C84CBFD99B9B987F070B76A8575576E19C002ABBF08DDA378FC86E895F3BD6EACB26FDE69F8B6A6BB9A63D793ED42AB4B45F0ACDA8173BE3BE385BF252109BDE"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1504)
e:\programme\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\progra~1\JAMSOF~1\TREESI~1\FSizeCol.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
e:\programme\Illustrate\dBpowerAMP\dBShell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\nvsvc32.exe
e:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\programme\Razer\Lycosa\razertra.exe
c:\programme\Windows Live\Contacts\wlcomm.exe
c:\programme\Razer\Diamondback 3G\razertra.exe
e:\programme\Virtual CD v9\System\vc9tray.exe
c:\programme\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-09-02 23:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-09-02 21:16
Vor Suchlauf: 3'224'694'784 Bytes frei
Nach Suchlauf: 3'267'637'248 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /nodebug /NoExecute=OptIn /usepmtimer
319 --- E O F --- 2009-08-02 01:46
|
|
02.09.2009, 22:21
Baum-Darstellung