ComboFix 08-04-20.5 - Guido 2008-04-23 20:06:49.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.494 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Guido\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((( Dateien erstellt von 2008-03-23 bis 2008-04-23 )))))))))))))))))))))))))))))) . 2008-04-23 19:54 . 2008-04-23 19:54 d-------- C:\Programme\World of Warcraft.dc2f1203.temp 2008-04-23 19:54 . 2008-04-23 19:54 d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment.temp 2008-04-23 09:01 . 2008-04-23 09:41 d-------- C:\Programme\World of Warcraft.ee7bf002.temp 2008-04-22 23:37 . 2008-04-22 23:36 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-04-22 23:36 . 2008-04-23 09:39 d-------- C:\Dokumente und Einstellungen\Guido\.housecall6.6 2008-04-22 23:16 . 2008-04-22 23:16 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-22 22:33 . 2008-04-22 23:12 d-------- C:\Programme\World of Warcraft.temp 2008-04-22 21:03 . 2008-04-22 21:03 d-------- C:\Dokumente und Einstellungen\Guido\DoctorWeb 2008-04-22 20:51 . 2008-04-22 20:51 d-------- C:\Programme\CCleaner 2008-04-22 08:48 . 2008-04-22 08:48 d-------- C:\Programme\Avira 2008-04-22 08:21 . 2008-04-22 08:21 d-------- C:\Programme\Trend Micro 2008-04-22 08:08 . 2008-04-22 08:10 d-------- C:\Programme\Panda Security 2008-04-22 07:29 . 2008-04-22 08:48 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-04-21 20:06 . 2008-04-21 20:06 d-------- C:\Programme\Creative 2008-04-21 20:06 . 2008-04-21 20:06 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Creative 2008-04-21 20:06 . 2000-05-22 16:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-04-21 20:06 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe 2008-04-21 20:06 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE 2008-04-21 20:06 . 1999-11-18 09:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2008-03-29 11:14 . 2008-03-29 11:14 d-------- C:\Programme\Teamspeak2_RC2 2008-03-29 11:01 . 2008-04-06 04:07 d-------- C:\Programme\Teamspeak2_Server_RC2 2008-03-26 12:26 . 2008-03-26 12:26 d-------- C:\Logs . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-21 18:06 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-18 23:41 --------- d-----w C:\Programme\Java 2008-03-01 16:24 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2008-03-01 12:54 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2008-03-01 12:54 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2008-03-01 12:54 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-03-01 12:54 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2008-03-01 12:54 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2008-03-01 12:54 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2008-03-01 12:54 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2008-03-01 12:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:54 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:33 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2005-06-04 19:49 560 ----a-w C:\Programme\Global.sw 2005-03-22 15:25 0 ----a-w C:\Dokumente und Einstellungen\Guido\Anwendungsdaten\wklnhst.dat 2005-02-25 10:48 464 ----a-w C:\Dokumente und Einstellungen\Tanja\Anwendungsdaten\wklnhst.dat 2005-02-17 20:23 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-16 23:25 8,617,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-16 22:01 464,160 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((( snapshot@2008-04-22_20.55.27,27 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-22 05:49:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-23 17:51:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-04-22 21:22:12 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe + 2008-04-23 17:52:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_684.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "CTZDetec.exe"="C:\Programme\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 14:20 401408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 16:35 98393] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 16:34 688217] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 20:46 196608] "AudioDeck"="C:\Programme\VIAudioi\SBADeck\ADeck.exe" [2004-11-08 18:27 7957504] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-01 14:16 344064] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "vidc.VP40"= vp4vfw.dll "vidc.VP50"= vp5vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Dokumente und Einstellungen\\Guido\\Eigene Dateien\\Dreambox\\9577_dcc282\\DCC.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows-Peer-zu-Peer-Gruppierung "3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP) "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "8767:UDP"= 8767:UDP:Majestic Darkness [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-02-12 03:18] S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-01-28 01:00] S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 p2pimsvc;Peernetzwerkidentitäts-Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 p2psvc;Peernetzwerk;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 PNRPSvc;Peer Name Resolution-Protokoll;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 20:07:23 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-04-23 20:08:10 ComboFix-quarantined-files.txt 2008-04-23 18:08:03 ComboFix2.txt 2008-04-23 18:05:53 ComboFix3.txt 2008-04-22 18:55:41 ComboFix4.txt 2008-04-22 05:58:59 15 Verzeichnis(se), 9,227,759,616 Bytes frei 16 Verzeichnis(se), 9,216,278,528 Bytes frei 141 --- E O F --- 2008-04-12 02:08:39