Home » Viren, Trojaner & Malware Forum » Combofix von hexlein zwecks Vundo gen » Themenansicht

Combofix von hexlein zwecks Vundo gen

Thema ist geschlossen!
Thema ist geschlossen!
#0
06.05.2008, 13:04
hexlein7712
...neu hier

Beiträge: 8
#1 ComboFix 08-05-01.3 - Werner Langer 2008-05-06 12:48:44.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.121 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Werner Langer\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-06 bis 2008-05-06 ))))))))))))))))))))))))))))))
.

2008-05-06 12:26 . 2008-05-06 12:26 <DIR> d-------- C:\Programme\VirusTotalUploader
2008-05-06 10:57 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 10:57 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 10:56 . 2008-05-06 10:57 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-06 10:56 . 2008-05-06 10:56 <DIR> d-------- C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\Malwarebytes
2008-05-06 10:56 . 2008-05-06 10:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-05 17:22 . 2008-05-05 17:22 <DIR> d-------- C:\Programme\Avira
2008-05-05 16:52 . 2008-05-05 18:49 <DIR> d-------- C:\Programme\Trojancheck 6
2008-05-05 13:23 . 2008-05-05 15:49 <DIR> d-------- C:\Programme\a-squared Free
2008-05-05 12:52 . 2008-05-05 16:38 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-05-05 12:52 . 2008-05-05 16:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-05-05 09:47 . 2008-05-05 09:47 164 --a------ C:\install.dat
2008-05-05 09:46 . 2008-05-05 09:47 <DIR> d-------- C:\Downloads
2008-05-05 09:43 . 2008-05-05 11:10 <DIR> d-------- C:\Programme\FlashGet
2008-05-03 14:53 . 2008-05-03 14:53 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Startmenü
2008-05-03 13:34 . 2008-05-06 09:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-03 13:34 . 2008-05-03 14:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-05-03 09:32 . 2008-05-03 09:32 <DIR> d-------- C:\Programme\Alwil Software
2008-05-03 09:18 . 2008-05-05 12:27 <DIR> d-------- C:\VIRUSfighter
2008-05-03 07:45 . 2008-05-03 07:45 <DIR> d-------- C:\Programme\Trend Micro
2008-05-01 12:03 . 2008-05-01 12:03 <DIR> d-------- C:\Programme\Learn2.com
2008-05-01 12:02 . 2008-02-16 11:30 1,499,136 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-05-01 11:58 . 2008-05-05 12:49 <DIR> d-------- C:\Programme\AOL 9.0f
2008-04-30 20:41 . 2002-07-09 21:42 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-04-30 20:41 . 2001-11-21 09:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2008-04-30 20:41 . 1999-04-17 01:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-04-30 12:12 . 2008-05-02 21:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\udgvcpcl
2008-04-30 12:03 . 2008-04-30 12:03 5 ---h----- C:\WINDOWS\AMX.D98
2008-04-30 11:41 . 2008-04-30 11:41 <DIR> d-------- C:\Programme\sevCommand3
2008-04-24 17:30 . 2008-04-25 11:57 104 --a------ C:\WINDOWS\wiso.ini
2008-04-24 17:28 . 2008-04-24 17:28 <DIR> d-------- C:\Programme\WISO
2008-04-24 17:28 . 2008-04-24 17:28 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-04-24 17:28 . 2008-04-24 17:28 <DIR> d-------- C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\InstallShield Installation Information
2008-04-24 17:17 . 2008-04-24 17:17 <DIR> d-------- C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\Buhl Data Service
2008-04-24 17:16 . 2008-04-24 17:16 <DIR> d-------- C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\InstallShield
2008-04-24 17:16 . 2008-04-24 17:16 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
2008-04-12 09:02 . 2008-04-12 09:02 <DIR> d-------- C:\Programme\PixiePack Codec Pack
2008-04-09 18:25 . 2008-04-09 18:25 <DIR> d-------- C:\Programme\Purgatio Pro
2008-04-06 11:49 . 2008-05-02 22:32 <DIR> d-------- C:\WINDOWS\CAVTemp

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 09:58 --------- d-----w C:\Programme\Goodees
2008-05-05 16:49 --------- d-----w C:\Programme\ZyConfig
2008-05-05 15:22 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-05-03 07:18 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-01 10:59 --------- d-----w C:\Programme\Gemeinsame Dateien\aol
2008-05-01 10:00 --------- d-----w C:\Programme\Gemeinsame Dateien\aolshare
2008-05-01 09:58 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AOL
2008-04-28 07:28 --------- d-----w C:\Programme\Lx_cats
2008-04-16 16:22 --------- d-----w C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\Zylom
2008-04-16 13:41 --------- d-----w C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\PlayFirst
2008-04-12 07:35 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rapidsolution
2008-04-09 17:03 --------- d-----w C:\Programme\AOL 9.0
2008-04-09 17:03 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
2008-04-09 10:12 --------- d-----w C:\Programme\Windows Live Toolbar
2008-04-08 11:37 668 ----a-w C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\wklnhst.dat
2008-04-05 07:48 --------- d-----w C:\Programme\CA
2008-04-05 05:43 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-04-01 18:37 --------- d-----w C:\Programme\AOL 9.0 VR
2008-03-24 12:15 --------- d-----w C:\Programme\Lexmark 2300 Series
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 18:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:30 671,744 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-07 12:46 9 ----a-w C:\Dokumente und Einstellungen\Werner Langer\Anwendungsdaten\mdb.bin
1999-04-30 15:00 98,304 ----a-w C:\Programme\internet explorer\plugins\UPjpeg.dll
.

------- Sigcheck -------

2004-08-04 14:00 14336 65a819b121eb6fdab4400ea42bdffe64 C:\WINDOWS\system32\svchost.exe
2004-08-04 14:00 14336 65a819b121eb6fdab4400ea42bdffe64 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 20:19 578560 4c90159a69a5fd3eb39c71411f28fcff C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579584 78785eff8cb90cec1862a4ccfd9a3c3a C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 14:00 578560 56785fd5236d7b22cf471a6da9db46d8 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:09 578560 3751d7cf0e0a113d84414992146bce6a C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 14:00 82944 d569240a22421d5f670bb6fb6dd522b5 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 14:00 82944 d569240a22421d5f670bb6fb6dd522b5 C:\WINDOWS\system32\dllcache\ws2_32.dll

2005-09-03 01:53 666112 c9abc4ae17820bfee9a4307b8a4e6de9 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2004-08-04 14:00 662016 b1a1da99c4a6ebfd59f86a453bf02f39 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2005-09-03 01:53 664064 8266074ce4a6573460559e4db2e6695f C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-04 06:00 669184 c91b7839095133064f9c898897f8d64c C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 07:26 669184 2e9fffc696613e2e38f2263ade718c67 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 13:25 670208 05e47ea6708bd99df2d8e4abd55df079 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 10:36 670208 c98f3024049aaeafae1340d94c16fdc8 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 16:02 670720 04a670155a6d86dfbf562f45544e1908 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2007-02-19 17:22 671232 e2cb4d46ff3638bff234ae4253bc6430 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 671232 af95c8d19c4391550dbb9fb78d078fa2 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:39 671232 8ffb79a006666912364801ae679e618e C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:56 671232 d6140d5095e62bd609df3201c7b854ac C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:58 671744 6be2cddc28610d9e73e54678a131b253 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:46 671744 273f4b37b80c8d398713a88b788fe59b C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2006-05-10 07:26 669184 2e9fffc696613e2e38f2263ade718c67 C:\WINDOWS\SoftwareDistribution\Download\3cbb4547279a4d2746f1b6f7f9401436\sp2qfe\wininet.dll
2008-02-16 11:30 671744 6c49192217df0509bc6a576535545529 C:\WINDOWS\system32\wininet.dll
2008-02-16 11:30 671744 6c49192217df0509bc6a576535545529 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB889527$\tcpip.sys
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\28401d44e28d5fe988966badd69aee22\sp2qfe\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 14:00 507392 2b6a0baf33a9918f09442d873848ff72 C:\WINDOWS\$NtUninstallKB883529$\winlogon.exe
2004-08-25 18:59 507904 325a82ebbd69248d75c5f831e8817d17 C:\WINDOWS\system32\winlogon.exe
2004-08-25 18:59 507904 325a82ebbd69248d75c5f831e8817d17 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 11:11 2059264 ae8364004bbfd70461d2ef34888d3360 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2061696 9b9ca27ad315c02b71510238574894b2 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 14:00 2059136 ce41fc4c06499a389d39b301879535fb C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:06 2059136 bdff8ffa77ee7df9758ef8c1e0da8eff C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059904 06effe1520c59641fcdb8baa94a8539f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2059904 06effe1520c59641fcdb8baa94a8539f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059904 06effe1520c59641fcdb8baa94a8539f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:11 2181888 eb5538a452e0e99169e2b6cdb62ff9d2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2184448 e1de7a10d46959560c3b617227d95c19 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 14:00 2183296 dc888c9c4ca0eea7a3cb7e6b610f75c7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:06 2181632 7189a2391adc1f65c9ae87b0abe0f945 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182656 2804b72eb675cd43df7994ae4685b894 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2182656 2804b72eb675cd43df7994ae4685b894 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182656 2804b72eb675cd43df7994ae4685b894 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\explorer.exe
2004-08-04 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
2005-04-07 20:46 1035264 64322e8399b205b7281ff883737a9b03 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 14:00 15360 7ce20569925df6789c31799f0c538f29 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 14:00 15360 7ce20569925df6789c31799f0c538f29 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60ECEE7E-9981-4411-841C-30ADE1ED87D0}]
C:\WINDOWS\system32\rqRkLcBs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MSMSGS"="c:\PROGRA~1\MESSEN~1\Msmsgs.exe" [2005-08-31 21:27 1658592]
"E-Mail Alarm"="C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe" [2006-12-14 18:16 2299904]
"InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-01-16 11:56 176128]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WEB.DE Club E-Mail Alarm"="C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe" [2006-12-14 18:16 2299904]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"GMX SMS-Manager"="C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 12:17 3539968]
"mlujskla"="C:\WINDOWS\system32\wnmtejyr.exe" [ ]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 14:00 33792 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-08-02 17:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AOLDialer"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 14:42 70952]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-12-12 22:36 98304]
"lxcgmon.exe"="C:\Programme\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07 200704]
"EzPrint"="C:\Programme\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05 94208]
"WordPerfect Office 1215"="C:\Programme\WordPerfect Office 12\Programs\Registration.exe" [2004-04-20 16:04 733184]
"OFFICEKB"="C:\Programme\Labtec\Desktop\V5.1\kbdap32a.exe" [2006-08-03 11:22 387584]
"FLMOFFICE4DMOUSE"="C:\Programme\Labtec\Desktop\V5.1\moffice.exe" [2006-08-03 11:22 958464]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Goodees"="C:\Programme\Goodees\Goodees.exe" [2006-05-16 18:46 2363392]
"HostManager"="C:\Programme\Gemeinsame Dateien\AOL\1163883366\ee\AOLSoftware.exe" [2007-04-12 23:23 42032]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-07-30 19:50 286720]
"ToADiMon.exe"="C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 10:04 282624]
"SANSUNMouse "="C:\Programme\Mouse Driver\mouse_2k.exe" [2004-12-21 16:02 253952]
"Keyboard driver "="C:\Programme\Keyboard Driver\Keyboard Driver\ikeymain.exe" [2002-11-29 20:08 65536]
"RealTray"="C:\Programme\Real\RealPlayer\RealPlay.exe" [2005-12-12 22:36 26112]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]
"Trojancheck 6 Guard"="C:\Programme\Trojancheck 6\tcguard.exe" [2002-11-14 17:23 590336]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-01-16 11:56 176128]

C:\Dokumente und Einstellungen\Administrator\Startmen\Programme\Autostart\
DSL-Manager.lnk - C:\Programme\T-Online\DSL-Manager\DslMgr.exe [2007-10-20 12:32:29 1085440]
T-Online DSL-Manager.lnk - C:\Programme\T-Online\DSL-Manager\TODslMgr.exe [2007-04-02 00:16:37 901120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"sUq9rAi5HP"= C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\udgvcpcl\ivchqrwh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\AOL 9.0\\waol.exe"=
"C:\\WINDOWS\\system32\\lxcgcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe"=
"C:\\Programme\\AOL 9.0a\\waol.exe"=
"C:\\Programme\\AOL 9.0b\\waol.exe"=
"C:\\Programme\\AOL 9.0c\\waol.exe"=
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"=
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Programme\\AOL 9.0d\\waol.exe"=
"C:\\Programme\\AOL 9.0 VR\\waol.exe"=
"C:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"C:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"C:\\Programme\\AOL 9.0e\\waol.exe"=
"C:\\Programme\\Gemeinsame Dateien\\aol\\1163883366\\ee\\aolsoftware.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Messenger\\Msmsgs.exe"=
"C:\\Programme\\AOL 9.0f\\waol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2007-01-09 16:16]
R3 TSMPacket;DSL-Manager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys [2007-06-26 12:53]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2006-10-04 08:14]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 14:03]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 13:46]
S3 TDslMgrService;DSL-Manager;"C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe" [2007-08-01 15:36]
S3 TNPacket;T-Systems Nova Packet Capture Driver;C:\Programme\T-DSL SpeedManager\TNPACKET.SYS [2004-03-11 18:44]

*Newly Created Service* - ATWPKT2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
"2008-05-06 10:39:02 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Programme\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 12:52:31
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASFWHide]
"ImagePath"="\??\C:\DOKUME~1\WERNER~1\LOKALE~1\Temp\ASFWHide"
.
Zeit der Fertigstellung: 2008-05-06 12:55:09
ComboFix-quarantined-files.txt 2008-05-06 10:54:49
ComboFix2.txt 2008-05-06 08:00:08

25 Verzeichnis(se), 61,587,738,624 Bytes frei
29 Verzeichnis(se), 61,575,090,176 Bytes frei

272 --- E O F --- 2008-04-11 19:09:19
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1