ComboFix 08-05-15.3 - majaendres 2008-05-17 16:23:01.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.621 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\majaendres\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\majaendres\Desktop\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\Ecoach.dll c:\WINDOWS\system32\ecoach.xml c:\WINDOWS\system32\Ecoach_main.bmp c:\WINDOWS\system32\ecoach1.bmp c:\WINDOWS\system32\freebooks.bmp c:\WINDOWS\system32\freebooks1.bmp c:\WINDOWS\system32\go.bmp c:\WINDOWS\system32\go1.bmp c:\WINDOWS\system32\ilance.bmp c:\WINDOWS\system32\ilance1.bmp c:\WINDOWS\system32\obt.bmp c:\WINDOWS\system32\obt1.bmp c:\WINDOWS\system32\read.txt C:\WINDOWS\system32\SysIdle.exe c:\WINDOWS\system32\SysIdle.ini c:\WINDOWS\system32\version.txt C:\WINDOWS\TEMP\303.tmp . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\WINDOWS\system32\Ecoach_main.bmp c:\WINDOWS\system32\ecoach1.bmp c:\WINDOWS\system32\freebooks.bmp c:\WINDOWS\system32\freebooks1.bmp c:\WINDOWS\system32\go.bmp c:\WINDOWS\system32\go1.bmp c:\WINDOWS\system32\ilance.bmp c:\WINDOWS\system32\ilance1.bmp c:\WINDOWS\system32\obt.bmp c:\WINDOWS\system32\obt1.bmp c:\WINDOWS\system32\read.txt c:\WINDOWS\system32\SysIdle.ini c:\WINDOWS\system32\version.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780} -------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780} ((((((((((((((((((((((( Dateien erstellt von 2008-04-17 bis 2008-05-17 )))))))))))))))))))))))))))))) . 2008-05-17 14:02 . 2008-05-17 14:09 d-------- C:\oscan 2008-05-16 17:49 . 2008-05-16 17:49 1,649,976 --a------ C:\mbam-setup.exe 2008-05-16 17:42 . 2008-05-16 17:42 0 --a------ C:\WINDOWS\NDSBrow.INI 2008-05-16 14:02 . 2008-05-16 14:03 103,130 --a------ C:\[u]0[/u]80516_SD_01.pdf 2008-05-16 12:17 . 2008-05-16 12:17 d-------- C:\Adobe 2008-05-16 09:21 . 2008-05-16 09:21 d-------- C:\Programme\FRISK Software 2008-05-16 09:21 . 2008-05-16 09:21 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FRISK Software 2008-05-16 09:19 . 2008-04-18 11:42 117,248 --a------ C:\Protokoll_Interne Besprechung Beratung_180408.doc 2008-05-16 00:09 . 2008-05-16 00:09 14,782,496 --a------ C:\IE7-WindowsXP-x86-deu.exe 2008-05-15 21:04 . 2008-05-15 21:04 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-15 20:46 . 2008-04-14 07:53 32,866 --a--c--- C:\WINDOWS\system32\dllcache\slrundll.exe 2008-05-15 20:46 . 2008-04-14 07:53 32,866 --a------ C:\WINDOWS\slrundll.exe 2008-05-15 20:01 . 2008-05-15 23:45 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-05-15 18:44 . 2008-05-15 21:04 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2008-05-15 18:44 . 2008-05-15 23:44 206,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-15 18:44 . 2008-05-15 23:44 13,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-15 18:44 . 2008-05-15 23:44 3,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-15 18:44 . 2008-05-15 23:44 2,372 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-15 18:27 . 2008-05-15 18:27 18,462,024 --a------ C:\sdsetup.exe 2008-05-15 17:41 . 2008-05-15 17:41 812,344 --a------ C:\HJTInstall.exe 2008-05-15 17:02 . 2008-05-15 17:02 d-------- C:\Programme\CCleaner 2008-05-15 11:13 . 2008-05-15 12:19 132,608 --a------ C:\zkubest1505_2.doc 2008-05-15 09:31 . 2008-05-15 11:13 88,064 --a------ C:\zkubest1505.doc 2008-05-14 16:32 . 2008-05-14 16:32 101,376 --a------ C:\zkubest.doc 2008-05-13 20:28 . 2008-05-13 21:11 d-------- C:\Programme\Opera 2008-05-13 17:09 . 2008-05-13 17:09 13,824 --a------ C:\fm6.xls 2008-05-09 11:59 . 2008-05-16 18:45 d-------- C:\Programme\FreeCap 2008-05-09 11:54 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe 2008-05-08 19:04 . 2008-05-08 19:08 d-------- C:\WINDOWS\ServicePackFiles 2008-05-08 18:59 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]03076_.tmp 2008-05-05 11:05 . 2008-05-05 14:30 705,024 --a------ C:\SD_Angebtosabwicklung.doc 2008-04-29 21:04 . 2008-04-29 21:04 1,953 --a------ C:\Einloggen per Link Tutorial.rar 2008-04-28 19:25 . 2008-05-17 16:21 d-------- C:\staemme 2008-04-28 19:21 . 2008-04-28 19:21 9,166,477 --a------ C:\graphic.zip 2008-04-28 15:42 . 2008-04-29 14:45 424,448 --a------ C:\KopieAngebot_Kundenauftrag.doc 2008-04-27 19:56 . 2008-04-27 19:58 6,440 --a------ C:\Unbenannt.JPG 2008-04-26 22:01 . 2008-04-26 22:01 1,909,646 --a------ C:\myto.psd 2008-04-25 15:21 . 2008-04-25 15:21 30,720 --a------ C:\zkubest_offene_Abrufmenge.doc 2008-04-25 12:15 . 2008-04-25 12:17 d-------- C:\CD36 2008-04-24 11:10 . 2008-04-24 11:10 d-------- C:\angriffsplaner 2008-04-24 11:09 . 2008-05-01 17:46 360,366 --a------ C:\angriffsplaner.zip 2008-04-23 22:45 . 2008-04-23 22:46 d-------- C:\CryptLoad_1.0.6 2008-04-22 21:55 . 2008-04-22 21:55 198,236 --a------ C:\Hilfe fr den St„mme Bot.zip 2008-04-22 21:54 . 2008-04-29 21:04 2,029 --a------ C:\Gruppenangriff Manual.rar 2008-04-21 20:17 . 2008-04-21 20:28 25,600 --a------ C:\axa.doc 2008-04-21 10:35 . 2008-04-21 20:31 26,112 --a------ C:\heidelberger.doc 2008-04-20 19:40 . 2008-04-20 19:40 10,835,448 --a------ C:\multiple-ie-setup.exe 2008-04-20 15:25 . 2008-04-20 15:25 952,776 --a------ C:\pidsetup.exe 2008-04-17 10:03 . 2008-04-17 10:03 d-------- C:\fsadere 2008-04-17 10:03 . 2008-04-17 10:03 47,609,310 --a------ C:\fsadere.rar . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 17:26 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-05-15 16:38 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-05-05 08:33 --------- d-----w C:\Dokumente und Einstellungen\majaendres\Anwendungsdaten\OpenOffice.org2 2008-04-26 09:19 --------- d-----w C:\Dokumente und Einstellungen\majaendres\Anwendungsdaten\ICQ 2008-04-26 09:17 --------- d-----w C:\Programme\ICQ6 2008-04-14 05:53 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 05:53 288,768 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 05:53 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 05:53 153,600 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 05:53 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 05:53 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 05:32 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 05:32 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 05:32 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 05:32 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 05:32 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 05:28 800,384 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 05:28 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 05:28 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 05:28 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 05:27 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys 2008-04-14 05:27 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 05:26 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 05:25 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 05:25 52,992 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 05:24 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 05:22 57,728 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 05:22 53,760 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 05:22 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 05:22 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 05:22 16,384 ----a-w C:\WINDOWS\system32\drivers\battc.sys 2008-04-14 05:21 701,952 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-04-14 05:21 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 05:21 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-04-14 05:20 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 05:20 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 05:19 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 05:19 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 05:19 188,800 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 22:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 22:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 22:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 22:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 22:16 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys 2008-04-13 22:16 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys 2008-04-13 22:16 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys 2008-04-13 22:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2008-04-13 22:16 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys 2008-04-13 22:16 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2005-10-07 18:14 308,224 --sha-w C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-17_11.47.28,79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-16 15:40:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-17 14:38:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-05-17 14:03:30 5,874 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{4DE620DF-5453-4010-BCDD-36E7148754D3}.bin + 2008-05-17 14:43:13 1,644 ----a-w C:\WINDOWS\Temp\ExchangePerflog_8484fa2168db83cbcfcccd43.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360] "TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 16:04 65536] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00THotkey"="C:\WINDOWS\system32\[u]0[/u]0THotkey.exe" [2004-08-11 11:38 253952] "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe] "SigmaTel StacMon"="C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe" [2003-08-03 16:01 86073] "Apoint"="C:\Programme\Apoint2K\Apoint.exe" [2003-10-30 16:46 192512] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 15:00 88363 C:\WINDOWS\agrsmmsg.exe] "TFNF5"="TFNF5.exe" [2003-12-02 14:15 73728 C:\WINDOWS\system32\TFNF5.exe] "SmoothView"="C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2004-03-30 14:01 118784] "TPSMain"="TPSMain.exe" [2004-06-28 11:56 266240 C:\WINDOWS\system32\TPSMain.exe] "TMESRV.EXE"="C:\Programme\TOSHIBA\TME3\TMESRV31.exe" [2004-04-13 12:15 126976] "TMERzCtl.EXE"="C:\Programme\TOSHIBA\TME3\TMERzCtl.exe" [2004-08-19 17:02 86016] "TFncKy"="TFncKy.exe" [] "NDSTray.exe"="NDSTray.exe" [] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 01:04 122939] "openvpn-gui"="C:\Programme\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 10:55 99328] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184] "ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-06-14 17:18 81920] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-10-29 14:19 77824] "TouchED"="C:\Programme\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 15:03 122880] "F-PROT Antivirus Tray application"="C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2007-04-24 15:16 1335928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="cmd.exe" [2008-04-14 07:52 401920 C:\WINDOWS\system32\cmd.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.divxa32"= DivXa32.acm "msacm.l3codec"= L3codecp.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer] @="Service" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows-Desktopsuche.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk backup=C:\WINDOWS\pss\Windows-Desktopsuche.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^majaendres^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk] path=C:\Dokumente und Einstellungen\majaendres\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-02-28 23:06 2321600 C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Programme\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2007-11-21 02:47 172280 C:\Programme\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-10-29 14:19 118784 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-10-29 14:19 94208 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "iPod Service"=3 (0x3) "MDM"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Programme\\SAP\\FrontEnd\\SapGui\\saplogon.exe"= "C:\\Programme\\NetPhone Client\\client.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\Bonjour\\mDNSResponder.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "C:\\Programme\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ""= R0 FPAV_RTP;FPAV_RTP;C:\WINDOWS\system32\drivers\FStopW.sys [2007-05-31 15:22] R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 11:08] R2 FPAVServer;F-PROT Antivirus for Windows system;"C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe" [2007-02-15 11:42] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 03:54] . Inhalt des "geplante Tasks" Ordners "2008-05-16 07:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programme\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-17 16:40:42 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\BRSS01A.EXE C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Toshiba\ConfigFree\CFSvcs.exe C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Programme\Toshiba\TME3\TMEEJME.exe C:\Programme\Toshiba\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\Apoint2K\ApntEx.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Hardcopy\hardcopy.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-17 16:58:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-17 14:58:06 ComboFix2.txt 2008-05-17 09:48:04 ComboFix3.txt 2008-05-15 22:54:14 35 Verzeichnis(se), 4,409,823,232 Bytes frei 39 Verzeichnis(se), 4,333,477,888 Bytes frei 348 --- E O F --- 2008-05-17 14:02:33