Hallo!
Wie manch anderer hab' auch ich mir auf meinem Computer ein Malware-Problem eingefangen. Das Hauptproblem ist so'n Ding, das behauptet, auf meinem PC schädliche Software gefunden hat und mich dann auf antispyware-review.biz schickt, um dort was zu kaufen.
Ich glaub außerdem, das da noch das ein oder andere Prog auf meinem Laptop sein Unwesen treibt in derselben Kategorie.
Hier ist mal mein ComboFix Log:
Sieht für mich als Laien mal übel aus, aber leider reichen für sowas meine PC-Kenntnisse nicht mehr aus 🙁, drum bitte ich hier um Hilfe!
Schöne Grüße
Sigi
Wie manch anderer hab' auch ich mir auf meinem Computer ein Malware-Problem eingefangen. Das Hauptproblem ist so'n Ding, das behauptet, auf meinem PC schädliche Software gefunden hat und mich dann auf antispyware-review.biz schickt, um dort was zu kaufen.
Ich glaub außerdem, das da noch das ein oder andere Prog auf meinem Laptop sein Unwesen treibt in derselben Kategorie.
Hier ist mal mein ComboFix Log:
Code:
ComboFix 08-05-01.3 - seyrling 2008-05-03 18:36:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.930 [GMT 2:00]
ausgeführt von:: C:\Users\seyrling\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\FVProtect.exe
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mslagent\2_mslagent.dll
C:\Windows\mslagent\mslagent.exe
C:\Windows\mslagent\uninstall.exe
C:\Windows\mssecu.exe
C:\Windows\system32\bsva-egihsg52.exe
C:\Windows\system32\khFwWqpm.dll
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\userconfig9x.dll
C:\Windows\Web\def.htm
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp
.
((((((((((((((((((((((( Dateien erstellt von 2008-04-03 bis 2008-05-03 ))))))))))))))))))))))))))))))
.
Keine neuen Dateien erstellt in diesem Zeitraum
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 16:13 67,100 ----a-w C:\Users\seyrling\AppData\Roaming\nvModes.dat
2008-05-03 14:07 --------- d-----w C:\Users\seyrling\AppData\Roaming\skypePM
2008-05-03 13:46 --------- d-----w C:\Program Files\McAfee
2008-05-02 16:20 --------- d-----w C:\ProgramData\Lavasoft
2008-05-02 16:19 --------- d-----w C:\Program Files\Lavasoft
2008-05-02 16:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 15:18 --------- d-----w C:\Program Files\Microsoft Games
2008-04-20 17:18 --------- d-----w C:\Users\seyrling\AppData\Roaming\Skype
2008-04-17 16:03 --------- d-----w C:\Program Files\Java
2008-04-16 16:40 --------- d-----w C:\Program Files\WinPcap
2008-04-16 16:40 --------- d-----w C:\Program Files\SIEMENS
2008-04-12 01:03 --------- d-----w C:\Program Files\Windows Mail
2008-04-11 15:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 11:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-06 11:47 --------- d-----w C:\Program Files\DivX
2008-04-06 11:47 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-04 17:34 --------- d--h--w C:\ProgramData\{33192069-C12D-42A7-99B0-5DECF0AB0841}
2008-04-04 17:34 --------- d-----w C:\Program Files\cablecom
2008-03-24 16:22 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-15 22:11 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 22:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 22:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 22:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 22:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 22:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 22:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 22:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 22:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-15 22:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 22:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 22:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 22:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 22:04 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-01-17 17:07 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-17 17:07 32 ----a-w C:\ProgramData\ezsid.dat
2007-12-22 12:34 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 17:16 1232896]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 14:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"cwzjvjdc"="C:\Windows\system32\krkbmhoz.exe" [2008-05-01 15:21 90112]
"febb00e0"="C:\Users\seyrling\AppData\Local\Temp\phwdjfme.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-08 02:17 1006264]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-18 05:31 159744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:35 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:35 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:35 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:35 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 22:37 303104 C:\Windows\sttray.exe]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 21:33 1548288]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 21:15 101136]
"@"="" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 18:10 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 21:40 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 21:15 101136 C:\Windows\KHALMNPR.Exe]
"ICSDCLT"="C:\Windows\C:\Windows\system32\icsdclt.dll" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-29 17:53 185896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"MSServer"="C:\Windows\system32\khFwWqpm.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2001-07-21 15:30 55568]
C:\Users\seyrling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 19:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-07 19:02:07 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-07 19:00:32 45056]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-11-07 19:03:14 679936]
VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2007-12-22 20:26:01 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Y3enIj2OVi"= C:\ProgramData\sbuvapyb\utcvyfat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BDFC9969-2FB0-4477-961D-80A6A66A1357}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D92685F6-7859-409F-9481-BAA1D1559453}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C138998-11BE-4E97-9685-250D80FB5F73}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{B5ECACF1-4343-4D1F-8B2C-B2B3BA3E63FD}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8AF13408-210F-4C68-A595-BA8BAF62C158}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{8D0E3C62-B5D1-4CA6-B7F2-6EA258DD8692}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{F9762938-EC68-4DD1-A1DC-899583875F16}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{DBA670F9-78FC-4582-A0BD-360518C33870}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{B0CAA1A7-F948-488B-9667-6A244874B4A2}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{913F183D-7930-41DD-9C7B-EAE52DCA0CF7}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"{D9113236-95BF-409F-A468-44185ADABD8D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1030A3D5-9F23-4D15-ADE9-F8F4F388B4D9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{7DD08B97-96C5-4206-908E-06931FD0AB4B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{12985C6D-2C5E-49B2-840F-98632A7FD80A}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{A65AC401-D954-4677-AAA9-83F96AF2EE7F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FBC61BD1-E2B8-4B2F-A465-D2CA1EE6E7CB}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{9F1DED69-1832-4818-B061-E7334F52FC81}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{37313B1A-185E-45AD-B05A-906D020C2CB7}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"TCP Query User{64E2FAAD-3AEA-4CD2-A18E-238CCD8F2A0C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{9DF67290-3005-4F09-96BA-C152579777CA}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{26D47BA7-2D56-44E0-949F-80DF3D3D77B9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{42009D2D-7052-487E-A3E8-230C0996FBDF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{227C3D32-2149-44AC-8A70-0F513CD1938D}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{82E65204-4C28-4B5D-BE4C-DB3A99B7ADE0}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{FC5C0D5E-BA20-4CFB-8FA1-E458B1497E9F}C:\\program files\\gnucleus\\gnucleus.exe"= UDP:C:\program files\gnucleus\gnucleus.exe:Gnucleus
"UDP Query User{34A2D32A-7559-4E89-B23C-7FF3A1E1004D}C:\\program files\\gnucleus\\gnucleus.exe"= TCP:C:\program files\gnucleus\gnucleus.exe:Gnucleus
"TCP Query User{BD655423-4889-4F6D-B755-6F7F1FA5C44A}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{FDC5F4DC-1F08-4439-AB93-63229B24B19F}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{D5F5BD2E-47E6-4091-AC1F-4BFB125A46ED}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{30F89A17-43B5-4EC7-8694-2DF6E070B487}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E51F1EED-4D66-4DF8-BED3-4066DC23B994}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{F204913B-CAB9-4928-88B9-C17F569DCEDB}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{88761CD6-8CFC-4592-A2B9-4B732D56D353}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2A87C156-2CB2-4584-82F3-BED68A3EB1A2}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{2E02BD2E-45F2-4526-A7F8-076E144C9F77}"= UDP:C:\Windows\Temp\cablecom_installer.exe:cablecom installer
"{040BEBC8-7A8E-47B4-A114-3B675F175EC1}"= TCP:C:\Windows\Temp\cablecom_installer.exe:cablecom installer
"TCP Query User{D1017423-28D6-4E96-A37A-BE96352F74FC}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{82530372-36CB-4C8F-94B4-A0B1E61D7034}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 02:39]
R3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 23:10]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2052965-8d4f-11dc-ade1-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7b797a5-f421-11dc-a727-001dd9e5a0c7}]
\shell\AutoRun\command - higj2p.bat
\shell\explore\Command - higj2p.bat
\shell\open\Command - higj2p.bat
*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2007-11-07 17:29:29 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-07 17:29:29 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 18:40:10
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-03 18:41:30
ComboFix-quarantined-files.txt 2008-05-03 16:41:10
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
250 --- E O F --- 2008-05-02 15:25:06
Schöne Grüße
Sigi