Trojaner-Board - TR/Vundo.Gen

hier isser ;)

ComboFix 08-04-03.2 - xxxxx 2008-04-03 19:45:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.192 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\xxxxx\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\xxxxx\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ssqQkIaX.dll
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-03 bis 2008-04-03 ))))))))))))))))))))))))))))))
.

2008-04-03 18:28 . 2008-04-03 18:28 <DIR> d-------- C:\Programme\CCleaner
2008-04-03 17:33 . 2008-04-03 17:34 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> d-------- C:\Dokumente und Einstellungen\xxxxx\Anwendungsdaten\Malwarebytes
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-03 15:20 . 2008-04-03 15:20 <DIR> d-------- C:\Programme\Trend Micro
2008-04-03 11:16 . 2008-04-03 11:15 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-03 11:14 . 2008-04-03 11:14 <DIR> d-------- C:\WINDOWS\Sun
2008-04-03 11:14 . 2008-04-03 11:29 <DIR> d-------- C:\Dokumente und Einstellungen\xxxxx\.housecall6.6
2008-04-03 11:14 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-03 11:13 . 2008-04-03 11:14 <DIR> d-------- C:\Programme\Java
2008-04-03 11:12 . 2008-04-03 11:12 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-03-15 16:18 . 2008-03-15 16:18 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-03-15 16:17 . 2008-03-15 16:17 32 --a------ C:\WINDOWS\autostart.INI
2008-03-13 00:21 . 2008-03-15 11:55 <DIR> d-------- C:\Programme\Google
2008-03-06 20:21 . 2008-03-06 20:21 <DIR> d-------- C:\Dokumente und Einstellungen\wolle\Anwendungsdaten\DivX

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 17:49 10,205,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-03 17:48 121,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-03 16:03 337,408 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-03 15:27 1,377,792 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-03 06:41 --------- d-----w C:\Dokumente und Einstellungen\wolle\Anwendungsdaten\SlimBrowser
2008-04-01 21:40 857,600 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-03-30 20:05 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-30 20:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2008-03-28 10:07 706,560 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-03-23 22:12 190,464 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-03-22 22:32 187,392 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-03-22 22:32 1,321,472 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-03-21 21:05 329,728 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-03-21 21:05 1,317,376 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-03-20 10:02 1,313,280 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-03-19 16:00 180,224 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-03-19 16:00 1,313,280 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-03-18 13:18 215,552 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-03-18 13:18 1,308,672 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-03-16 23:08 134,656 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-03-16 23:08 1,302,016 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-03-16 09:36 1,299,456 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-03-15 22:23 349,696 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-15 22:23 1,300,992 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-15 10:13 1,363,456 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-15 10:12 1,363,456 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-14 09:23 1,360,384 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-03-13 21:05 321,024 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-03-13 11:10 1,358,848 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-03-12 22:25 1,357,824 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-12 21:52 1,354,240 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-12 13:59 249,856 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-03-10 20:28 355,840 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-03-08 22:40 1,102,336 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-03-04 09:00 395,264 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-03-04 09:00 1,313,792 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-03-01 21:38 153,088 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-01 21:38 1,293,824 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-01 13:11 1,291,264 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-29 21:10 216,576 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-29 21:10 1,294,336 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-28 21:45 312,320 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-28 21:45 1,288,704 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-27 10:24 56,832 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-27 10:24 1,454,080 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-26 22:01 1,453,568 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-23 15:06 23,552 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-22 22:27 135,680 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-22 22:27 1,443,840 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-20 15:09 1,440,256 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-19 21:40 --------- d-----w C:\Programme\Gemeinsame Dateien\MGI Shared
2008-02-17 09:56 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-17 09:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-02-17 09:53 --------- d-----w C:\Programme\LiveUpdate
2008-02-17 09:53 --------- d-----w C:\Dokumente und Einstellungen\wolle\Anwendungsdaten\InstallShield
2008-02-16 20:01 --------- d-----w C:\Programme\Gemeinsame Dateien\Motorola Shared
2008-02-16 20:00 92,064 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmmdm.sys
2008-02-16 20:00 9,232 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmmdfl.sys
2008-02-16 20:00 79,328 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmserd.sys
2008-02-16 20:00 66,656 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmbus.sys
2008-02-16 20:00 6,208 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmcmnt.sys
2008-02-16 20:00 5,936 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmwhnt.sys
2008-02-16 20:00 4,048 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmcr.sys
2008-02-16 20:00 25,600 ----a-w C:\Dokumente und Einstellungen\xxxxx\usbsermptxp.sys
2008-02-16 20:00 22,768 ----a-w C:\Dokumente und Einstellungen\xxxxx\usbsermpt.sys
2008-02-15 22:47 305,664 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-15 22:47 1,409,536 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-14 08:17 1,406,464 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-10 20:35 225,280 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-10 15:29 24,192 ----a-w C:\WINDOWS\system32\drivers\usbsermptxp.sys
2008-02-10 14:51 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-02-10 10:56 --------- d-----w C:\Programme\MGI
2008-02-03 21:21 99,840 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-03 21:21 1,357,824 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-03 10:06 1,353,728 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-02 21:30 1,352,192 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-01 19:10 269,824 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-01 19:10 1,344,512 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_18.47.45.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-30 09:12:35 80,468 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-04-03 16:49:30 80,468 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2008-03-30 09:12:35 67,696 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-03 16:49:30 67,696 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 09:12:35 449,248 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-04-03 16:49:30 449,248 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2008-03-30 09:12:35 432,992 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-03 16:49:30 432,992 ----a-w C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3053117-DF56-4767-8212-B3C893ED1F57}]
C:\WINDOWS\system32\ssqQkIaX.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]
"IncrediMail"="D:\Programme\IncrediMail\bin\IncMail.exe" [2008-01-23 13:43 214456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
"ZoneAlarm Client"="D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-01 19:01 249896]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Programme\\IncrediMail\\bin\\IncMail.exe"=
"D:\\Programme\\IncrediMail\\bin\\ImApp.exe"=

R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-03-15 16:18]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2006-02-28 14:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-01 19:32]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-03-21 16:42:08 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- D:\Programme\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 19:49:29
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-04-03 19:51:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-03 17:51:38
ComboFix2.txt 2008-04-03 16:48:43
5 Verzeichnis(se), 3,548,631,040 Bytes frei
6 Verzeichnis(se), 3,538,530,304 Bytes frei

ComboFix 08-04-03.2 - xxxx 2008-04-03 20:15:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.208 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\xxxxx\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-03 bis 2008-04-03 ))))))))))))))))))))))))))))))
.

2008-04-03 18:28 . 2008-04-03 18:28 <DIR> d-------- C:\Programme\CCleaner
2008-04-03 17:33 . 2008-04-03 17:34 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> d-------- C:\Dokumente und Einstellungen\xxxxx\Anwendungsdaten\Malwarebytes
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-03 15:20 . 2008-04-03 15:20 <DIR> d-------- C:\Programme\Trend Micro
2008-04-03 11:16 . 2008-04-03 11:15 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-03 11:14 . 2008-04-03 11:14 <DIR> d-------- C:\WINDOWS\Sun
2008-04-03 11:14 . 2008-04-03 11:29 <DIR> d-------- C:\Dokumente und Einstellungen\xxxxx\.housecall6.6
2008-04-03 11:14 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-03 11:13 . 2008-04-03 11:14 <DIR> d-------- C:\Programme\Java
2008-04-03 11:12 . 2008-04-03 11:12 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-03-15 16:18 . 2008-03-15 16:18 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-03-15 16:17 . 2008-03-15 16:17 32 --a------ C:\WINDOWS\autostart.INI
2008-03-13 00:21 . 2008-03-15 11:55 <DIR> d-------- C:\Programme\Google
2008-03-06 20:21 . 2008-03-06 20:21 <DIR> d-------- C:\Dokumente und Einstellungen\wolle\Anwendungsdaten\DivX

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 18:17 10,233,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-03 18:04 121,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-03 16:03 337,408 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-03 15:27 1,377,792 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-03 06:41 --------- d-----w C:\Dokumente und Einstellungen\xxxxx\Anwendungsdaten\SlimBrowser
2008-04-01 21:40 857,600 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-03-30 20:05 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-30 20:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2008-03-28 10:07 706,560 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-03-23 22:12 190,464 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-03-22 22:32 187,392 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-03-22 22:32 1,321,472 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-03-21 21:05 329,728 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-03-21 21:05 1,317,376 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-03-20 10:02 1,313,280 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-03-19 16:00 180,224 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-03-19 16:00 1,313,280 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-03-18 13:18 215,552 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-03-18 13:18 1,308,672 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-03-16 23:08 134,656 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-03-16 23:08 1,302,016 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-03-16 09:36 1,299,456 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-03-15 22:23 349,696 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-15 22:23 1,300,992 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-15 10:13 1,363,456 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-15 10:12 1,363,456 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-14 09:23 1,360,384 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-03-13 21:05 321,024 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-03-13 11:10 1,358,848 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-03-12 22:25 1,357,824 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-12 21:52 1,354,240 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-12 13:59 249,856 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-03-10 20:28 355,840 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-03-08 22:40 1,102,336 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-03-04 09:00 395,264 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-03-04 09:00 1,313,792 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-03-01 21:38 153,088 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-01 21:38 1,293,824 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-01 13:11 1,291,264 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-29 21:10 216,576 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-29 21:10 1,294,336 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-28 21:45 312,320 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-28 21:45 1,288,704 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-27 10:24 56,832 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-27 10:24 1,454,080 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-26 22:01 1,453,568 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-23 15:06 23,552 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-22 22:27 135,680 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-22 22:27 1,443,840 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 15:09 1,440,256 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-19 21:40 --------- d-----w C:\Programme\Gemeinsame Dateien\MGI Shared
2008-02-17 09:56 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-17 09:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-02-17 09:53 --------- d-----w C:\Programme\LiveUpdate
2008-02-17 09:53 --------- d-----w C:\Dokumente und Einstellungen\wolle\Anwendungsdaten\InstallShield
2008-02-16 20:01 --------- d-----w C:\Programme\Gemeinsame Dateien\Motorola Shared
2008-02-16 20:00 92,064 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmmdm.sys
2008-02-16 20:00 9,232 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmmdfl.sys
2008-02-16 20:00 79,328 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmserd.sys
2008-02-16 20:00 66,656 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmbus.sys
2008-02-16 20:00 6,208 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmcmnt.sys
2008-02-16 20:00 5,936 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmwhnt.sys
2008-02-16 20:00 4,048 ----a-w C:\Dokumente und Einstellungen\xxxxx\mqdmcr.sys
2008-02-16 20:00 25,600 ----a-w C:\Dokumente und Einstellungen\xxxxx\usbsermptxp.sys
2008-02-16 20:00 22,768 ----a-w C:\Dokumente und Einstellungen\xxxxx\usbsermpt.sys
2008-02-15 22:47 305,664 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-15 22:47 1,409,536 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-14 08:17 1,406,464 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-10 20:35 225,280 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-10 15:29 24,192 ----a-w C:\WINDOWS\system32\drivers\usbsermptxp.sys
2008-02-10 14:51 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-02-10 10:56 --------- d-----w C:\Programme\MGI
2008-02-03 21:21 99,840 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-03 21:21 1,357,824 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-03 10:06 1,353,728 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-02 21:30 1,352,192 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_18.47.45.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-30 09:12:35 80,468 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-04-03 16:49:30 80,468 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2008-03-30 09:12:35 67,696 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-03 16:49:30 67,696 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 09:12:35 449,248 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-04-03 16:49:30 449,248 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2008-03-30 09:12:35 432,992 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-03 16:49:30 432,992 ----a-w C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3053117-DF56-4767-8212-B3C893ED1F57}]
C:\WINDOWS\system32\ssqQkIaX.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]
"IncrediMail"="D:\Programme\IncrediMail\bin\IncMail.exe" [2008-01-23 13:43 214456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
"ZoneAlarm Client"="D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-01 19:01 249896]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Programme\\IncrediMail\\bin\\IncMail.exe"=
"D:\\Programme\\IncrediMail\\bin\\ImApp.exe"=

R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-03-15 16:18]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2006-02-28 14:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-01 19:32]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-03-21 16:42:08 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- D:\Programme\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 20:17:39
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-03 20:18:36
ComboFix-quarantined-files.txt 2008-04-03 18:18:32
ComboFix2.txt 2008-04-03 17:51:46
ComboFix3.txt 2008-04-03 16:48:43
6 Verzeichnis(se), 3,534,241,792 Bytes frei
7 Verzeichnis(se), 3,525,586,944 Bytes frei

*uff* so langsam raucht mir der Kopf :P

hm...mach ich irgendwas falsch? Also bin eigentlich nach der Anleitung, nur das mit der "1" eingeben hab ich nicht gemacht, wüßte nicht wo :confused: geht alles gleich automatisch weiter....