matzmann | 29.12.2011 16:29 | Die Installation der Wiederherstellungskonsole bricht ab. Meldung "Bootpartition konnte nicht enummeriert werden"
Combofix Logfile: Code:
ComboFix 11-12-25.03 - Administrator 29.12.2011 16:15:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1919.1128 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-29 ))))))))))))))))))))))))))))))
.
.
2011-12-28 21:37 . 2011-12-28 21:37 114688 ----a-w- c:\windows\system32\chg.exe
2011-12-28 21:25 . 2011-12-28 21:25 -------- d-----w- C:\_OTL
2011-12-26 17:17 . 2011-12-26 17:22 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-12-26 17:17 . 2011-12-26 17:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-12-26 17:06 . 2011-12-26 17:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-12-26 17:06 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-26 12:50 . 2011-12-26 12:50 -------- d-----w- c:\programme\ESET
2011-12-26 12:05 . 2011-12-26 12:05 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Druckumgebung
2011-12-26 11:35 . 2011-12-26 11:35 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-12-26 11:14 . 2011-12-26 11:14 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TestApp
2011-12-25 22:46 . 2011-12-26 11:57 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PC Tools
2011-12-25 22:04 . 2011-12-25 22:04 94896 ----a-w- c:\windows\system32\drivers\99128409.sys
2011-12-25 21:52 . 2011-12-25 21:52 94896 ----a-w- c:\windows\system32\drivers\78121793.sys
2011-12-25 21:41 . 2011-12-25 21:41 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-25 21:21 . 2011-12-25 21:21 94896 ----a-w- c:\windows\system32\drivers\11120164.sys
2011-12-25 20:06 . 2011-12-25 20:06 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-12-25 20:05 . 2011-12-25 20:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-25 19:52 . 2011-12-26 10:46 -------- d-----w- c:\windows\system32\NtmsData
2011-12-25 19:20 . 2011-12-25 19:22 -------- dc-h--w- c:\windows\ie8
2011-12-25 18:56 . 2011-12-25 18:56 -------- d-----w- c:\programme\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 21:02 . 2011-06-10 15:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2004-08-04 08:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-04 08:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-04 08:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2010-07-23 13:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-07-27 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-11-18 16:21 . 2007-11-18 16:21 2293848 ----a-w- c:\programme\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-26_12.24.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-26 12:17 . 2011-12-26 12:17 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
+ 2011-12-28 21:37 . 2011-12-28 21:37 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 76354 c:\windows\system32\perfc009.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 76354 c:\windows\system32\perfc009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 477896 c:\windows\system32\perfh007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 477896 c:\windows\system32\perfh007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\programme\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"HP Software Update"="c:\programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Cpqset"="c:\programme\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]
"TVBroadcast"="c:\programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\programme\InterVideo\DVD Check\DVDCheck.exe [2007-11-10 192512]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\\Programme\\FRITZ!fax\\FriFax32.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [07.02.2007 10:22 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09.10.2006 12:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29.03.2007 15:54 13696]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [07.02.2007 10:23 5808]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [28.08.2008 16:05 108768]
R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [29.03.2007 16:50 221184]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [26.12.2011 18:07 366152]
R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [27.07.2007 00:58 540448]
R2 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [25.11.2007 14:02 1681408]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19.09.2006 17:58 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [10.03.2011 17:24 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.12.2011 18:06 22216]
S2 gupdate1ca09ec5bbd2fdc;Google Update Service (gupdate1ca09ec5bbd2fdc);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [23.07.2007 15:07 1223008]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.11.2008 17:09 47360]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [10.11.2007 19:33 24704]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56806176
*NewlyCreated* - 97462309
*Deregistered* - 56806176
*Deregistered* - 97462309
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Translate this web page with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: onlinetvrecorder.com\www
Trusted Zone: tuev-nord.de\webmail
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-McDonald's Fairies - c:\programme\McDonaldsFairies\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-29 16:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programme\Hewlett-Packard\Default Settings\cpqset.exe? ??????????T??????????????|?M?|?????M?|&?@
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3055690752-176306364-2229275396-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"70403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\APSHook.dll
c:\windows\system32\Ati2evxx.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programme\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programme\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\programme\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\programme\Hewlett-Packard\IAM\Bin\ittal.dll
c:\programme\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\programme\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\AuthWiz.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\APSHook.dll
c:\windows\SbHpNp.dll
.
Zeit der Fertigstellung: 2011-12-29 16:24:47
ComboFix-quarantined-files.txt 2011-12-29 15:24
ComboFix2.txt 2011-12-26 12:30
.
Vor Suchlauf: 30 Verzeichnis(se), 29.288.861.696 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 29.257.924.608 Bytes frei
.
- - End Of File - - 7CF0B1D86E8C55DE62DFC105C25732C8 --- --- ---
Quarantained files Code:
2011-12-26 12:40:03 . 2011-12-26 18:51:05 19,456 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2011-12-26 12:29:57 . 2011-12-26 12:29:57 816 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Windows CE Services.reg.dat
2011-12-26 12:29:57 . 2011-12-26 12:29:57 532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Microsoft Interactive Training.reg.dat
2011-12-26 12:29:57 . 2011-12-26 12:29:57 684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-FRITZ!fax.reg.dat
2011-12-26 12:29:57 . 2011-12-26 12:29:57 692 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-FRITZ!DSL.reg.dat
2011-12-26 12:29:51 . 2011-12-26 12:29:51 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-ccc-core-static.reg.dat
2011-12-26 12:29:49 . 2011-12-26 12:29:49 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2011-12-26 12:29:49 . 2011-12-26 12:29:49 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2011-12-26 12:23:57 . 2004-04-30 14:01:00 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2011-12-26 12:12:55 . 2011-12-29 15:20:21 9,528 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-26 12:06:02 . 2011-12-29 15:14:04 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-02-04 14:12:36 . 2009-02-04 14:12:36 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C.tmp.vir
2009-01-30 19:35:54 . 2009-01-30 19:35:54 133,632 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET82.tmp.vir
2009-01-30 19:34:02 . 2009-01-30 19:34:02 254,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET72.tmp.vir
2009-01-30 19:34:02 . 2009-01-30 19:34:02 166,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET74.tmp.vir
2009-01-30 19:33:48 . 2009-01-30 19:33:48 212,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D.tmp.vir
2008-12-11 16:56:47 . 1996-11-06 11:05:10 302,592 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\unin0407.exe.vir
1998-11-17 06:44:44 . 1998-11-17 11:44:44 328,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\IsUn0407.exe.vir |