ComboFix 08-05-01.3 - 2008-05-05 18:28:01.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1291 [GMT 2:00] ausgeführt von:: C:\Users\JJ\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2008-04-05 bis 2008-05-05 )))))))))))))))))))))))))))))) . Keine neuen Dateien erstellt in diesem Zeitraum . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-05 16:30 --------- d-----w C:\Users\JJ\AppData\Roaming\Skype 2008-05-02 16:26 --------- d-----w C:\Program Files\CCleaner 2008-05-01 18:14 --------- d-----w C:\Program Files\Trend Micro 2008-05-01 18:03 20,503 ----a-w C:\Users\JJ\AppData\Roaming\nvModes.dat 2008-04-30 13:56 --------- d-----w C:\ProgramData\Lavasoft 2008-04-30 13:55 --------- d-----w C:\Program Files\Lavasoft 2008-04-30 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-27 17:19 --------- d-----w C:\Program Files\Apple Software Update 2008-04-10 08:21 --------- d-----w C:\Program Files\Windows Mail 2008-04-06 16:32 --------- d-----w C:\Users\JJ\AppData\Roaming\Apple Computer 2008-04-06 16:28 --------- d-----w C:\Program Files\Safari 2008-04-06 16:27 --------- d-----w C:\Program Files\iTunes 2008-04-06 16:27 --------- d-----w C:\Program Files\iPod 2008-04-05 17:01 --------- d-----w C:\Program Files\QuickTime 2008-03-18 10:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-17 20:16 --------- d-----w C:\ProgramData\Adobe Systems 2008-03-15 22:48 --------- d-----w C:\Program Files\Magentic 2008-03-15 19:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-15 19:17 --------- d-----w C:\ProgramData\Symantec 2008-03-15 19:16 --------- d-----w C:\Program Files\Symantec 2008-03-14 11:31 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-14 11:31 --------- d-----w C:\Program Files\Microsoft Works 2008-03-09 10:00 751,016 ----a-w C:\Windows\System32\Magentic Screensaver.scr 2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll 2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe 2008-02-13 22:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 22:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 22:19 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 22:19 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 22:19 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 22:19 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 22:19 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 22:19 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 22:19 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-13 22:19 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 22:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 22:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 22:19 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-01-09 21:10 73,408 ----a-w C:\Users\JJ\AppData\Roaming\GDIPFONTCACHEV1.DAT 2007-12-17 19:20 0 ----a-w C:\Users\JJ\AppData\Roaming\wklnhst.dat 2007-12-08 20:39 174 --sha-w C:\Program Files\desktop.ini 2007-12-08 15:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-12-08 15:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-12-08 15:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 00:21 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36 25370152] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-03-09 12:00 480648] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 22:19 1006264] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-17 04:47 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-17 04:47 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-17 04:47 81920] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-12 07:52 118784] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 19:43 411768] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 20:39 321656] "Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2008-01-10 05:43 2037088] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 10:03 262401] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-21 22:44:54 113664] Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2007-02-13 15:19 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{55996F04-DA73-491B-80D6-5700FFD76628}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{D0E4209C-6883-4924-807F-8CC404836A3B}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{17B1ED26-318C-46F0-9ACD-15286115FF37}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CC597697-45A2-42F5-B046-9A68F7B23513}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D5516287-BA56-4CBA-B9F3-E83980C6FCED}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{CF087D20-B65D-48D3-B0B6-BE3A0068CD58}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{A466A49A-0891-4E04-9427-4D5649817E1B}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{D9775357-99B5-4FA6-AE2F-E4A809D39676}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{F8EEE6D1-1799-4B33-AA6D-650AA0F18BAB}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic "{3070D296-0140-4C30-9FE2-587FCA286CD7}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic "{FA184C4B-272A-4A81-ADAA-51A0E642482F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{9166A89A-22EC-44B0-BCD8-5A41C558A8C4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{BDBEE843-9A37-4564-A515-2F947750BC07}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic "{151AF75C-4ABD-4B17-A455-999F8EE5894B}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic "{1CB3C34C-1D58-4364-BAFB-4E4E6F5795DC}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic "{E4EF591D-7B64-4658-B523-69BCD4C9673E}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic "{E050003F-07C8-4570-8F44-31C0D42A52E4}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{6A292443-67CB-4462-8901-6A7FDA8036F5}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{A37D4820-996B-4FFB-BFD9-8A0F0DF045D3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{0830A75E-AD5D-428F-A0C5-CFF5C49C674E}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{CD1A3D8F-5F6D-4F7B-BF30-727635C8E096}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic "{FBF5F93E-F8A2-437B-939D-2032EDA081BB}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic "{5B797618-6C95-4BA3-8B88-D5C7ACEBDBA8}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic "{FA4DC486-1D8F-4EE4-98FC-824C55EE0B51}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 11:53] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [] R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2008-01-10 05:43] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 20:09] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 14:56] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-10 13:09] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:19] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:19] R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 03:03] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-02-08 05:53] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 05:10] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 12:33] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 12:33] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\Autorun.exe *Newly Created Service* - CATCHME . Inhalt des "geplante Tasks" Ordners "2008-05-05 16:20:14 C:\Windows\Tasks\User_Feed_Synchronization-{18908008-8A08-4050-9C1B-B271C41F12BB}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-05 18:30:40 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-05-05 18:31:45 ComboFix-quarantined-files.txt 2008-05-05 16:31:28 Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden. Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden. 184 --- E O F --- 2008-05-02 16:15:53