Hallo,
kann mir da jemand behilflich sein; bei diesem Log? Danke!!!
ComboFix 08-09-14.06 - asterix 2008-09-15 22:45:58.1 - NTFSx86
Running from: C:\Documents and Settings\asterix\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.
2008-09-14 15:52 . 2008-09-14 15:55 <DIR> d-------- C:\Program Files\LimeWire
2008-09-14 15:52 . 2008-09-14 15:55 <DIR> d-------- C:\Documents and Settings\asterix\Application Data\LimeWire
2008-09-13 15:23 . 2008-09-13 17:07 <DIR> d-------- C:\Documents and Settings\asterix\.housecall6.6
2008-09-13 15:21 . 2008-09-13 15:21 <DIR> d-------- C:\WINDOWS\Sun
2008-09-13 14:05 . 2008-09-13 14:05 <DIR> d-------- C:\fsaua.data
2008-09-13 10:41 . 2008-09-13 10:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-12 18:45 . 2008-09-12 18:45 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-09-12 18:45 . 2008-09-12 18:45 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-11 21:48 . 2008-09-15 08:21 <DIR> d-------- C:\Program Files\Panda Security
2008-09-09 17:24 . 2008-09-09 17:24 <DIR> d-------- C:\Documents and Settings\asterix\Application Data\Sunbelt
2008-09-09 17:24 . 2008-09-09 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-09-09 17:23 . 2008-09-09 17:34 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-09-04 14:47 . 2008-09-04 15:28 <DIR> d-------- C:\Program Files\Secunia
2008-09-04 13:42 . 2008-09-04 13:43 <DIR> d-------- C:\Program Files\Chrome
2008-08-29 10:32 . 2008-08-29 10:32 <DIR> d--hs---- C:\Documents and Settings\asterix\PrivacIE
2008-08-29 10:17 . 2008-08-29 10:21 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-28 10:03 . 2008-08-28 10:03 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-08-28 10:03 . 2008-08-28 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-08-26 17:20 . 2008-08-26 17:20 59,176 --a------ C:\WINDOWS\system32\sbbd.exe
2008-08-25 13:24 . 2008-08-25 13:29 <DIR> d-------- C:\Program Files\Lavalys
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll
2008-08-16 19:22 . 2008-08-16 19:22 <DIR> d-------- C:\Documents and Settings\asterix\Application Data\KC Softwares
2008-08-16 18:18 . 2008-08-27 16:31 <DIR> d-------- C:\Program Files\KC Softwares
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-15 20:25 --------- d-----w C:\Program Files\PeerGuardian2
2008-09-15 20:23 --------- d-----w C:\Program Files\MedalFolders
2008-09-14 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-13 08:55 --------- d-----w C:\Program Files\ANTI_VIRUS
2008-09-13 08:28 --------- d-----w C:\Program Files\Java
2008-09-10 20:39 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 08:05 --------- d-----w C:\Program Files\Winamp
2008-08-27 15:36 --------- d-----w C:\Program Files\Avira
2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 01:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 01:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 01:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 01:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-11 18:43 --------- d-----w C:\Documents and Settings\asterix\Application Data\dvdcss
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-29 11:58 --------- d-----w C:\Documents and Settings\asterix\Application Data\Winamp
2008-07-28 22:14 --------- d-----w C:\Documents and Settings\asterix\Application Data\vlc
2008-07-28 15:49 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-07-28 13:10 --------- d-----w C:\Program Files\Shock Utility
2008-07-28 12:49 --------- d-----w C:\Program Files\Windows Tools
2008-07-28 07:14 --------- d-----w C:\Program Files\VisualTaskTips
2008-07-28 07:13 --------- d-----w C:\Program Files\RocketDock
2008-07-28 07:12 --------- d-----w C:\Program Files\FolderSize
2008-07-28 07:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 07:10 --------- d-----w C:\Program Files\Avira GmbH
2008-07-28 06:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-28 06:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-27 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-25 19:11 --------- d-----w C:\Documents and Settings\asterix\Application Data\Malwarebytes
2008-07-25 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 08:15 --------- d-----w C:\Program Files\XLS to DBF
2008-07-21 10:15 --------- d-----w C:\Program Files\GooglePreview
2008-07-21 09:57 5,940 --sha-w C:\WINDOWS\system32\drivers\5ec1B2.DAT
2008-07-21 09:57 5,940 --sha-w C:\WINDOWS\system32\drivers\5431B3.DAT
2008-07-21 09:57 5,940 --sha-w C:\WINDOWS\system32\drivers\0261B1.DAT
2008-07-20 19:19 --------- d-----w C:\Program Files\Google
2008-07-20 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-22 12:03 2,673 ----a-w C:\Program Files\Sony Ericsson PC Suite.lnk
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Duden Korrektor SysTray"="C:\Program Files\Duden\Duden Korrektor\dktray.exe" [2007-06-22 565976]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Shock4Way3D"="C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe" [2008-06-08 1222144]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ShockAero3D"="C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe" [2008-05-14 1181696]
"Google Update"="C:\Documents and Settings\asterix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SBAMTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-08-26 677160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-12 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\asterix\Start Menu\Programs\Startup\
MedalFolders.lnk - C:\Program Files\MedalFolders\MedalFolders.exe [2005-11-24 965120]
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 663552]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SBAMS
vc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\Aut
horizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-12 152984]
S0 0261B1;0261B1;C:\WINDOWS\system32\drivers\0261B1.S YS [ ]
S1 5ec1B2;5ec1B2;C:\WINDOWS\system32\drivers\5ec1B2.S YS [ ]
S2 5431B3;5431B3;C:\WINDOWS\system32\drivers\5431B3.S YS [ ]
S2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-26 869672]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [2007-11-06 87848]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\asterix\Application Data\Mozilla\Firefox\Profiles\ns0s736m.default\
FireFox -: prefs.
js - STARTUP.HOMEPAGE - hxxp://***.google.ch/
FF -: plugin - C:\Documents and Settings\asterix\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dl l
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://***.gmer.net
Rootkit scan 2008-09-15 22:48:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-09-15 22:50:04
ComboFix-quarantined-files.txt 2008-09-15 20:49:48
Pre-Run: 84,776,894,464 bytes free
Post-Run: 84,946,231,296 bytes free
183 --- E O F --- 2008-08-16 18:03:32
Mfg Zrs
ComboFix Log 
Linear-Darstellung
