hyperios | 19.08.2010 18:10 | Hi Arne, hier das Log: Code:
ComboFix 10-08-18.04 - MeinPC 19.08.2010 18:47:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2046.1412 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\MeinPC\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\jestertb.dll
d:\windows\system32\_000013_.tmp.dll
d:\windows\system32\svchost.exe.exe
Infizierte Kopie von d:\windows\system32\midimap.dll wurde gefunden und desinfiziert
Kopie von - d:\windows\VistaMizer\old\midimap.dll wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-19 bis 2010-08-19 ))))))))))))))))))))))))))))))
.
2010-08-19 09:42 . 2010-08-19 09:42 -------- d-----w- D:\_OTL
2010-08-18 17:39 . 2010-04-29 13:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 17:39 . 2010-08-18 17:39 -------- d-----w- d:\programme\Malwarebytes' Anti-Malware
2010-08-18 17:39 . 2010-04-29 13:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-08-13 20:23 . 2010-08-13 20:23 47364 ----a-w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-10 20:01 . 2010-08-10 20:01 -------- d-----w- d:\programme\Gemeinsame Dateien\fwc
2010-08-05 22:00 . 2010-08-05 22:00 -------- d-----w- d:\programme\iPod
2010-08-03 11:47 . 2010-08-03 11:47 -------- d-----w- d:\programme\Vista Anti-Lag
2010-07-31 16:03 . 2007-03-20 13:49 2781184 ----a-w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-07-28 10:29 . 2010-07-28 10:30 1555456 ----a-w- d:\windows\explorer.exe
2010-07-24 08:41 . 2010-06-14 14:31 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 16:41 . 2009-10-23 15:02 -------- d-----w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\Skype
2010-08-19 16:37 . 2009-06-06 13:06 -------- d-----w- d:\programme\CCleaner
2010-08-19 14:09 . 2009-10-23 15:03 -------- d-----w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\skypePM
2010-08-19 12:35 . 2010-06-23 20:22 -------- d-----w- d:\programme\League of Legends
2010-08-18 16:58 . 2009-09-23 13:34 -------- d-----w- d:\programme\Steam
2010-08-15 11:53 . 2009-08-05 21:07 -------- d-----w- d:\programme\Mozilla Thunderbird
2010-08-12 13:14 . 2009-06-22 18:55 -------- d-----w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\teamspeak2
2010-08-09 13:44 . 2009-06-21 18:03 -------- d-----w- d:\programme\Gemeinsame Dateien\Blizzard Entertainment
2010-08-05 22:01 . 2010-07-01 09:25 -------- d-----w- d:\programme\iTunes
2010-08-05 22:00 . 2009-09-09 19:40 -------- d-----w- d:\programme\Gemeinsame Dateien\Apple
2010-07-28 16:13 . 2009-08-11 18:26 -------- d-----w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\TeamViewer
2010-07-28 16:07 . 2009-08-11 18:26 -------- d-----w- d:\programme\TeamViewer
2010-07-27 11:09 . 2009-10-17 17:50 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2010-07-24 17:13 . 2010-07-05 02:09 -------- d-----w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\vlc
2010-07-07 17:25 . 2009-05-01 11:38 22360 ----a-w- d:\dokumente und einstellungen\MeinPC\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-07-07 13:53 . 2009-05-01 11:40 -------- d--h--w- d:\programme\InstallShield Installation Information
2010-07-07 13:53 . 2009-06-28 19:47 993 ----a-w- d:\windows\eReg.dat
2010-07-07 13:48 . 2010-07-07 13:48 -------- d-----w- d:\programme\EA Games
2010-07-07 12:26 . 2010-07-07 12:25 -------- d-----w- d:\programme\NVIDIA Corporation
2010-07-07 12:25 . 2010-07-07 12:25 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-07-07 12:25 . 2010-07-07 12:25 217180 ----a-w- d:\windows\system32\nvdrsdb0.bin
2010-07-07 12:25 . 2010-07-07 12:25 1 ----a-w- d:\windows\system32\nvdrssel.bin
2010-07-07 12:25 . 2010-07-07 12:25 217180 ----a-w- d:\windows\system32\nvdrsdb1.bin
2010-07-06 21:34 . 2010-07-05 12:49 -------- d-----w- d:\programme\Warcraft III
2010-07-05 21:41 . 2010-07-05 21:41 -------- d-sh--w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\SecuROM
2010-07-05 16:03 . 2010-07-05 12:51 22154 ----a-w- d:\windows\War3Unin.dat
2010-07-05 16:01 . 2010-07-05 16:01 -------- d-----w- d:\programme\LogMeIn Hamachi
2010-07-05 13:46 . 2009-07-12 18:29 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Media Center Programs
2010-07-05 12:51 . 2010-07-05 12:51 2829 ----a-w- d:\windows\War3Unin.pif
2010-07-05 12:50 . 2010-07-05 12:50 126976 ----a-w- d:\windows\War3Unin.exe
2010-07-05 12:44 . 2010-07-05 12:44 -------- d-----w- d:\programme\Smart Projects
2010-07-05 02:08 . 2010-07-05 02:08 -------- d-----w- d:\programme\VideoLAN
2010-07-05 01:00 . 2010-07-01 18:12 -------- d-----w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\uTorrent
2010-07-05 00:21 . 2004-08-04 12:00 81246 ----a-w- d:\windows\system32\perfc007.dat
2010-07-05 00:21 . 2004-08-04 12:00 452648 ----a-w- d:\windows\system32\perfh007.dat
2010-07-04 23:50 . 2010-07-04 23:50 -------- d-----w- d:\programme\Microsoft Games for Windows - LIVE
2010-07-04 20:53 . 2010-07-01 18:22 -------- d-----w- d:\programme\Movies
2010-07-01 18:18 . 2010-07-01 18:18 40445 ----a-w- d:\programme\uninstall.exe
2010-07-01 18:18 . 2010-07-01 18:18 -------- d-----w- d:\programme\HELP
2010-07-01 18:12 . 2010-07-01 18:12 -------- d-----w- d:\programme\uTorrent
2010-07-01 09:26 . 2010-07-01 09:25 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 09:23 . 2009-12-22 13:05 -------- d-----w- d:\programme\QuickTime
2010-07-01 09:21 . 2010-07-01 09:21 -------- d-----w- d:\programme\Apple Software Update
2010-07-01 09:18 . 2009-12-22 13:06 -------- d-----w- d:\programme\Bonjour
2010-06-26 14:30 . 2010-06-26 14:30 -------- d-----w- d:\programme\Gemeinsame Dateien\Skype
2010-06-24 12:35 . 2010-06-24 12:35 -------- d-----w- d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\LolClient
2010-06-23 18:04 . 2010-06-23 18:04 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\PMB Files
2010-06-23 18:03 . 2010-06-23 18:03 -------- d-----w- d:\programme\Pando Networks
2010-06-23 16:10 . 2010-01-20 17:27 -------- d-----w- d:\programme\TeamSpeak 3 Client
2010-06-21 15:06 . 2010-06-21 14:46 -------- d-----w- d:\programme\FL Studio 9
2010-06-14 14:31 . 2009-05-01 10:28 744448 ----a-w- d:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 23:57 . 2010-07-07 12:23 61440 ----a-w- d:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-07-07 12:23 2632296 ----a-w- d:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-07-07 12:23 2165352 ----a-w- d:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-07-07 12:23 15192064 ----a-w- d:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2010-07-07 12:23 4554752 ----a-w- d:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-07-07 12:23 232040 ----a-w- d:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2010-07-07 12:23 232040 ----a-w- d:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-07-07 12:23 2186342 ----a-w- d:\windows\system32\nvdata.bin
2010-06-07 23:57 . 2010-07-07 12:23 1359872 ----a-w- d:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2010-07-07 12:23 10256384 ----a-w- d:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2009-05-01 15:37 6300544 ----a-w- d:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2009-05-01 15:33 10531200 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2010-05-22 15:12 . 2010-05-22 15:11 243310 ----a-w- D:\cc_20100522_171146.reg
2010-03-31 05:20 . 2010-03-31 05:20 156592 ----a-w- d:\programme\fraps64.dll
2010-03-31 05:20 . 2010-03-31 05:20 206768 ----a-w- d:\programme\fraps32.dll
2010-03-31 05:20 . 2010-03-31 05:20 74672 ----a-w- d:\programme\fraps64.dat
2010-03-31 05:20 . 2010-03-31 05:20 2340784 ----a-w- d:\programme\fraps.exe
2010-03-31 05:14 . 2010-03-31 05:14 163840 ----a-w- d:\programme\frapslcd.dll
2010-03-31 05:10 . 2010-03-31 05:10 19716 ----a-w- d:\programme\changes.txt
2010-03-31 04:56 . 2010-03-31 04:56 1872 ----a-w- d:\programme\README.HTM
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- d:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- d:\programme\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 . F162D52EC8FEF363659AA6C667CE6989 . 724992 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . F162D52EC8FEF363659AA6C667CE6989 . 724992 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . d:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-04 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . d:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2010-02-17 . 786F98EFD090AD93F03E3BD95FB68714 . 2192256 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 30A5FAA29014D7D165548B66BC783041 . 2405888 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2010-02-16 . 30A5FAA29014D7D165548B66BC783041 . 2405888 . . [5.1.2600.5938] . . d:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . 30A5FAA29014D7D165548B66BC783041 . 2405888 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . E1BD0FAFF2C1D0A825CBA97DCF0DDDAE . 2148864 . . [5.1.2600.5938] . . d:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2010-02-16 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-10 . A97847B2D30F4A299B35239D26BAD948 . 2191616 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . D4128AA197DD8F3120FC80008AB66CF7 . 2147840 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . CB7B03E38E9FE008A8B332020748AD2D . 2404864 . . [5.1.2600.5857] . . d:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
[7] 2009-08-04 . 96D6882D49438D58B0DE0F7E8C8D241B . 2147840 . . [5.1.2600.5857] . . d:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AB44E2536F401A9AD471838E8C28DC38 . 2404864 . . [5.1.2600.5755] . . d:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2004-08-04 . C3EC5DD56E3EB15D80AF9FCEE030CABD . 2150912 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-14 . BF517C3FA60065DF6D97744648602957 . 589312 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . BF517C3FA60065DF6D97744648602957 . 589312 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\user32.dll
[7] 2004-08-04 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\user32.dll
[-] 2010-07-28 . E36DF1443AC667E81FC1764DC3AD763E . 1555456 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . E36DF1443AC667E81FC1764DC3AD763E . 1555456 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . d:\windows\system32\VITrans\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . d:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . d:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 . 149CF402512520027FEC06A978D59801 . 1312256 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 149CF402512520027FEC06A978D59801 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[7] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\ole32.dll
[7] 2004-08-04 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2008-04-14 . 7270F0B822CB67F0C32BEF7FB00CA4D4 . 25088 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 7270F0B822CB67F0C32BEF7FB00CA4D4 . 25088 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2010-02-16 . 9F24D01B6027FED0423FD28F1055E3DD . 2069120 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . 93A00B3500C269113E20BF4379D1C22F . 2284032 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2010-02-16 . 93A00B3500C269113E20BF4379D1C22F . 2284032 . . [5.1.2600.5938] . . d:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 93A00B3500C269113E20BF4379D1C22F . 2284032 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . 1DFCBCFD1C9016C051BE6D7243459CCA . 2027008 . . [5.1.2600.5938] . . d:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2010-02-16 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-10 . 2E72317A93EF61138E43DCF7CD423EDF . 2068480 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 1143EBE276EA80A88942A21613078088 . 2026496 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 9AEA0FA72067F6966EB97982CAFA72B7 . 2283520 . . [5.1.2600.5857] . . d:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
[7] 2009-08-04 . 1FF1F43613BA7510A5A975ED034EB8E0 . 2026496 . . [5.1.2600.5857] . . d:\windows\system32\VITrans\ntkrnlpa.exe
[-] 2009-02-09 . B3FE2F98DD72EE16CBC6D3B93146362A . 2283520 . . [5.1.2600.5755] . . d:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2004-08-04 . F8D35488D41B19A306A454FFC0ED0336 . 2017792 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN Optimizer"="d:\dokumente und einstellungen\MeinPC\Desktop\WLAN Optimizer.exe" [2009-08-07 109056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SunJavaUpdateSched"="d:\programme\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Diamondback"="d:\programme\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"Launch LgDevAgt"="d:\programme\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"Launch LGDCore"="d:\programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"StartCCC"="d:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="d:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"LogMeIn Hamachi Ui"="d:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 09:49 49152 ----a-w- d:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:52 25088 ----a-w- d:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG DWL-G122]
2008-01-02 10:04 1552384 ----a-w- d:\programme\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- d:\programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- d:\programme\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- d:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-02 12:09 1238352 ----a-w- d:\programme\Steam\steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programme\\Steam\\SteamApps\\grandnic1\\counter-strike source\\hl2.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Programme\\Steam\\SteamApps\\grandnic1\\half-life 2 deathmatch\\hl2.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\Java\\jre6\\bin\\java.exe"=
"d:\\Programme\\Steam\\Steam.exe"=
"d:\\Programme\\Steam\\steamapps\\faridbang1991\\counter-strike source\\hl2.exe"=
"d:\\Programme\\Steam\\steamapps\\faridbang1991\\counter-strike\\hl.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\source sdk base 2007\\hl2.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\insurgency\\hl2.exe"=
"d:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\source dedicated server\\srcds.exe"=
"d:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Programme\\League of Legends\\Air\\LolClient.exe"=
"d:\\Programme\\League of Legends\\Game\\League of Legends.exe"=
"d:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\uTorrent\\uTorrent.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\counter-strike\\hl.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\red faction guerrilla\\rfg_launcher.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\red faction guerrilla\\rfg.exe"=
"d:\\Programme\\Warcraft III\\Warcraft III.exe"=
"d:\\Programme\\Warcraft III\\War3.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\StarCraft II\\StarCraft II.exe"=
"d:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"56748:TCP"= 56748:TCP:Pando Media Booster
"56748:UDP"= 56748:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"5883:TCP"= 5883:TCP:qlfzgim
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [04.10.2009 16:45 135336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programme\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 11:16 1107336]
R3 cmudau32;C-Media USB UDA Sound Interface;d:\windows\system32\drivers\cmudaxu.sys [05.05.2009 16:03 1414528]
R3 Razerlow;Diamondback 3G USB Filter Driver;d:\windows\system32\drivers\DB3G.sys [01.09.2009 12:29 13225]
S2 gupdate1ca0a43d3fac66;Google Update Service (gupdate1ca0a43d3fac66);"d:\programme\Google\Update\GoogleUpdate.exe" /svc --> d:\programme\Google\Update\GoogleUpdate.exe [?]
S2 wwskc;Task Network;d:\windows\system32\svchost.exe -k netsvcs [04.08.2004 14:00 14336]
S3 avmeject;AVM Eject;d:\windows\system32\drivers\avmeject.sys [05.07.2010 02:18 4352]
S3 FWLANUSB;AVM FRITZ!WLAN;d:\windows\system32\drivers\fwlanusb.sys [05.07.2010 02:17 265088]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wwskc
.
Inhalt des "geplante Tasks" Ordners
2010-07-01 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\Mozilla\Firefox\Profiles\t9h5toww.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: d:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: d:\programme\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-CmUsbSound - cmcnfgu.cpl
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-19 18:59
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1343024091-1060284298-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e0,92,98,78,82,ed,09,76,58,98,d2,4d,65,39,75,e1,36,16,7e,33,98,81,f6,
0c,ea,02,5f,3e,2f,e2,3b,6d,25,1f,19,e4,85,6b,87,93,e3,0e,4b,9b,c4,45,62,ac,\
"??"=hex:ed,64,b7,4b,d8,82,fd,d4,69,8e,e3,43,f8,8a,33,ca
[HKEY_USERS\S-1-5-21-1343024091-1060284298-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:ff,bf,6a,09,79,e2,c5,6b,0f,0b,40,2a,cb,71,92,7f,dc,2e,34,76,dc,
26,f3,e7,91,ac,da,fc,7f,e2,b6,10,f8,b7,2c,ea,99,cf,8d,d5,15,b6,fe,1a,a9,58,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040211900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(900)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
d:\windows\system32\cscui.dll
d:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(956)
d:\windows\system32\wdigest.dll
d:\windows\system32\setupapi.dll
d:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(3924)
d:\windows\system32\SHDOCVW.dll
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\LINKINFO.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\MSVCP60.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\stobject.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\windows\system32\nvsvc32.exe
d:\programme\Avira\AntiVir Desktop\avguard.exe
d:\programme\Avira\AntiVir Desktop\avshadow.exe
d:\programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
d:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\programme\Bonjour\mDNSResponder.exe
d:\programme\Java\jre6\bin\jqs.exe
d:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\wscntfy.exe
d:\windows\RTHDCPL.EXE
d:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\system32\RunDll32.exe
d:\windows\system32\RUNDLL32.EXE
d:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\programme\Razer\Diamondback 3G\razertra.exe
d:\programme\Razer\Diamondback 3G\razerofa.exe
d:\programme\iPod\bin\iPodService.exe
d:\programme\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-19 19:07:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-19 17:07
Vor Suchlauf: 11 Verzeichnis(se), 25.432.571.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 25.488.547.840 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Main Windows" /noexecute=optin /fastdetect
- - End Of File - - 97508C1593A847FA0A9C21DA026354E5 Gruß, hyper. |