ComboFix 07-09-21.2 - "Jule" 2007-10-01 18:19:03.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.647 [GMT 2:00] . ((((((((((((((((((((((( Dateien erstellt von 2007-09-01 bis 2007-10-01 )))))))))))))))))))))))))))))) . 2007-10-01 16:58 d-------- C:\Programme\Hijack This 2007-10-01 16:45 d--hs---- C:\FOUND.003 2007-10-01 16:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-01 14:00 693,412 ---hs---- C:\WINDOWS\system32\badsvfhq.ini2 2007-09-30 19:27 d-------- C:\Programme\Security Task Manager 2007-09-30 19:27 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan 2007-09-30 15:16 83,008 --a------ C:\WINDOWS\system32\qhfvsdab.dll 2007-09-28 20:21 79,936 --a------ C:\WINDOWS\system32\lwkdaupv.dll 2007-09-28 11:46 14,855 ---hs---- C:\WINDOWS\system32\gfhkj.bak2 2007-09-27 15:09 14,659 ---hs---- C:\WINDOWS\system32\rstwa.bak2 2007-09-25 18:58 6,440 ---hs---- C:\WINDOWS\system32\rstwa.bak1 2007-09-25 18:58 283,232 --a------ C:\WINDOWS\system32\awtsr.dll 2007-09-24 19:38 28,258 ---hs---- C:\WINDOWS\system32\gjkkj.bak2 2007-09-23 22:30 6,848 ---hs---- C:\WINDOWS\system32\gjkkj.bak1 2007-09-23 20:21 6,757 ---hs---- C:\WINDOWS\system32\gfhkj.bak1 2007-09-23 20:20 282,720 --a------ C:\WINDOWS\system32\jkhfg.dll 2007-09-14 16:22 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll . ((((((((((((((((((((((((((((( snapshot_2007-10-01_164803.96 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 163,328 2007-03-13 08:57:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE . . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PCMService"="C:\Programme\Arcade\PCMService.exe" [2005-03-09 18:59] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-03-31 17:11] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13] "LManager"="C:\Programme\Launch Manager\QtZgAcer.EXE" [2005-09-05 11:43] "eRecoveryService"="C:\Programme\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-06-22 23:23] "WMC_AutoUpdate"="" [] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-10 16:52] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-27 20:12] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "320d18a1"="C:\WINDOWS\system32\qhfvsdab.dll" [2007-09-30 15:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Programme\Ares\Ares.exe" [2006-05-03 17:39] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [] "swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-17 22:46] "updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\ Adobe Reader Speed Launch.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsr] C:\WINDOWS\system32\awtsr.dll 2007-09-25 18:58 283232 C:\WINDOWS\system32\awtsr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfg] C:\WINDOWS\system32\jkhfg.dll 2007-09-23 20:20 282720 C:\WINDOWS\system32\jkhfg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjg] C:\WINDOWS\system32\jkkjg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyxya] yayyxya.dll R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys R2 int15.sys;int15.sys;\??\C:\Programme\Acer\eRecovery\int15.sys R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys S3 c1244df4-f2d9-408c-9e40-e4dd9c92009f;c1244df4-f2d9-408c-9e40-e4dd9c92009f;\??\E:\Player\cds300.dll S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-01 18:20:08 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-01 18:20:46 C:\ComboFix-quarantined-files.txt ... 2007-10-01 18:20 C:\ComboFix2.txt ... 2007-10-01 16:48 . --- E O F ---