Drottning | 20.03.2008 20:09 | Hallo,
ich glaube, ich hab's geschafft! :aplaus: Zitat:
ComboFix 08-03-18.1 - xxx 2008-03-20 19:35:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1243 [GMT 1:00]
ausgeführt von:: C:\Users\xxx\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\xxx\AppData\Local\blerfpcv.dat
C:\Users\xxx\AppData\Local\blerfpcv.exe
C:\Users\xxx\AppData\Local\blerfpcv_nav.dat
C:\Users\xxx\AppData\Local\blerfpcv_navps.dat
C:\Windows\system32\nvs2.inf
.
((((((((((((((((((((((( Dateien erstellt von 2008-02-20 bis 2008-03-20 ))))))))))))))))))))))))))))))
.
Keine neuen Dateien erstellt in diesem Zeitraum
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 18:53 1,835,008 --sha-w C:\Users\xxx\ntuser.dat
2008-03-20 18:53 1,835,008 --sha-w C:\Users\xxx\ntuser.dat
2008-03-20 18:34 --------- d-----w C:\Users\xxx\AppData\Roaming\Skype
2008-03-20 18:31 --------- d-----w C:\Users\xxx\AppData\Roaming\skypePM
2008-03-20 18:30 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-03-20 18:30 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-03-20 12:08 --------- d-----w C:\Program Files\Navilog1
2008-03-20 12:05 --------- d-----w C:\Users\xxx\AppData\Roaming\OpenOffice.org2
2008-03-16 18:38 --------- d-----w C:\Program Files\Windows Mail
2008-03-16 13:50 2,699,264 ----a-w C:\Windows\Internet Logs\xDB9376.tmp
2008-03-09 15:27 --------- d-----w C:\Users\xxx\AppData\Roaming\Ahead
2008-03-09 15:26 --------- d-----w C:\ProgramData\LightScribe
2008-02-27 07:46 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-27 07:46 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-27 07:43 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-27 07:43 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-27 07:43 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-27 07:43 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-27 07:43 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-27 07:39 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-27 07:39 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-27 07:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-27 07:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-18 11:35 --------- d-----w C:\Users\xxx\AppData\Roaming\Adobe
2008-02-10 19:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-10 19:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-10 11:09 --------- d-----w C:\ProgramData\ACD Systems
2008-02-10 11:09 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-02-10 11:09 --------- d-----w C:\Program Files\ACD Systems
2008-02-10 10:55 --------- d-----w C:\Program Files\QuickTime
2008-01-29 04:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-29 04:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-29 04:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-29 04:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-29 04:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-29 00:30 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-22 11:24 --------- d-----w C:\Program Files\Common Files\AVM
2008-01-22 11:24 --------- d-----w C:\Program Files\1&1
2008-01-22 11:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 19:56 --------- d-----w C:\ProgramData\P4G
2008-01-21 19:37 --------- d-s---w C:\Users\xxx\AppData\Roaming\Microsoft
2008-01-20 16:58 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig(101).xml
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-17 12:21 1,919,488 ----a-w C:\Windows\Internet Logs\xDB67E1.tmp
2007-12-17 12:21 1,389,056 ----a-w C:\Windows\Internet Logs\xDB6BF9.tmp
2007-11-30 20:55 13 ----a-w C:\Users\xxx\AppData\Roaming\sys386lk.dat
2007-11-20 18:23 174 --sha-w C:\Program Files\desktop.ini
2007-11-19 14:08 32 ----a-w C:\ProgramData\ezsid.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 20:35 90112]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"Device Detector"="DevDetect.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 19:50 149040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-12 14:52 1006264]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 20:12 161328]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 19:42 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 18:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 14:32 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 16:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 14:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-12 23:06 106496]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-10-12 15:29 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-10-12 15:29 33136]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 18:10 778240]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-19 19:45 249896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-19 20:38 77824]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17 959976]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2951236383-3118804464-3598855262-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{33B33955-D1E5-4923-B474-6CC43044E1DF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4AC9C47D-F5B8-4046-B6A6-1540202550AF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{1D212947-8158-4577-94B0-EB56FC527707}"= UDP:C:\Program Files\1&1\IGDCTRL.EXE:FRITZ!Box starter - igdctrl.exe
"{314A9E99-4C2C-4740-BDF3-3DBCB04DB16B}"= TCP:C:\Program Files\1&1\IGDCTRL.EXE:FRITZ!Box starter - igdctrl.exe
"{9922CE03-1052-4B07-86A1-EA2FC14FBBC0}"= UDP:C:\Program Files\1&1\FBoxUpd.exe:FRITZ!Box starter - fboxupd.exe
"{1F28C0D5-1C22-4054-9858-3BBBBDB28E5F}"= TCP:C:\Program Files\1&1\FBoxUpd.exe:FRITZ!Box starter - fboxupd.exe
"{600ED9A4-469F-4548-91ED-7841FB291484}"= UDP:C:\Program Files\1&1\WebwaIgd.exe:FRITZ!Box starter - webwaigd.exe
"{11130411-03CE-4CBA-83A7-3FA7D058EAE7}"= TCP:C:\Program Files\1&1\WebwaIgd.exe:FRITZ!Box starter - webwaigd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 IGDCTRL;AVM IGD CTRL Service;"C:\Program Files\1&1\IGDCTRL.EXE" [2007-10-25 17:09]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 15:00]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 02:04]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 16:09]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 02:18]
S3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2005-04-18 16:15]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ecf65d0-969a-11dc-8e3e-001d60bfe362}]
\shell\AutoRun\command - G:\preinst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Inhalt des "geplante Tasks" Ordners
"2008-03-20 18:55:31 C:\Windows\Tasks\User_Feed_Synchronization-{84F9E9F6-DD46-4A33-A39E-72EA7D2D6B61}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 19:54:56
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-20 19:55:41
ComboFix-quarantined-files.txt 2008-03-20 18:55:37
.
2008-03-16 18:28:55 --- E O F ---
| |