O, so this is the Combofix log
ComboFix 09-01-21.04 - Standard 2009-01-30 1:21:45.4 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.255.127 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Standard\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\FT62
c:\windows\system32\dPI19
D:\Autorun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2008-12-28 bis 2009-01-30 ))))))))))))))))))))))))))))))
.
2009-03-21 12:07 . 2009-03-21 12:10 61,952 --a------ C:\nvjepyv.exe
2009-02-01 13:37 . 2009-02-01 13:37 <DIR> d-------- c:\programme\Avira
2009-02-01 13:37 . 2009-02-01 13:37 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-01-30 20:07 . 2009-01-30 20:07 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-30 20:07 . 2009-01-30 20:07 1,409 --a------ c:\windows\QTFont.for
2009-01-30 18:20 . 2009-01-30 18:20 <DIR> d-------- C:\BitRecorder
2009-01-30 18:18 . 2009-01-30 18:18 <DIR> d-------- c:\programme\StreamingStar
2009-01-22 03:08 . 2009-01-22 03:08 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Playrix Entertainment
2009-01-22 00:04 . 2009-01-22 00:04 <DIR> d--hs---- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\twain_32
2009-01-16 12:32 . 2009-01-16 12:32 <DIR> d-------- c:\dokumente und einstellungen\Standard\dwhelper
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 11:21 16,186,394 ------w c:\windows\Internet Logs\tvDebug.zip
2009-01-31 14:31 2,061,824 ------w c:\windows\Internet Logs\xDBF.tmp
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-18 23:39 3,076,608 ------w c:\windows\Internet Logs\xDBE.tmp
2008-10-21 00:20 688,640 ------w c:\windows\Internet Logs\xDBD.tmp
2008-10-07 23:49 215,552 ------w c:\windows\Internet Logs\xDBC.tmp
2008-10-05 09:03 20,419,767 ------w c:\windows\Internet Logs\vsmon_on_demand_2008_10_05_02_50_53_full.dmp.zip
2008-04-03 12:53 43,768 ----a-w c:\dokumente und einstellungen\Standard\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2000-08-18 15:39 271 --sh--w c:\programme\DESKTOP.INI
2000-08-18 15:39 23,480 ---h--w c:\programme\FOLDER.HTT
2006-05-03 11:06 163,328 --sh--r c:\windows\SYSTEM32\flvDX.dll
2007-02-21 12:47 31,232 --sh--r c:\windows\SYSTEM32\msfDX.dll
2007-12-17 14:43 27,648 --sh--w c:\windows\SYSTEM32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-14_22.12.49.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\18.11.2008\ERDNT.EXE
+ 2008-11-17 23:06:40 4,878,336 ----a-w c:\windows\ERDNT\18.11.2008\Users\
00000001\ntuser.dat
+ 2008-11-17 23:06:40 28,672 ----a-w c:\windows\ERDNT\18.11.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\
01.02.2009\ERDNT.EXE
+ 2009-02-01 12:20:14 5,124,096 ----a-w c:\windows\ERDNT\AutoBackup\
01.02.2009\Users\
00000001\ntuser.dat
+ 2009-02-01 12:20:14 28,672 ----a-w c:\windows\ERDNT\AutoBackup\
01.02.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\13.01.2009\ERDNT.EXE
+ 2009-01-13 21:48:56 4,968,448 ----a-w c:\windows\ERDNT\AutoBackup\13.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-13 21:48:56 28,672 ----a-w c:\windows\ERDNT\AutoBackup\13.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\14.01.2009\ERDNT.EXE
+ 2009-01-14 10:23:58 4,972,544 ----a-w c:\windows\ERDNT\AutoBackup\14.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-14 10:23:58 28,672 ----a-w c:\windows\ERDNT\AutoBackup\14.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\14.12.2008\ERDNT.EXE
+ 2008-12-14 09:43:20 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\14.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-14 09:43:20 28,672 ----a-w c:\windows\ERDNT\AutoBackup\14.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\15.01.2009\ERDNT.EXE
+ 2009-01-15 10:42:10 4,968,448 ----a-w c:\windows\ERDNT\AutoBackup\15.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-15 10:42:12 28,672 ----a-w c:\windows\ERDNT\AutoBackup\15.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\15.12.2008\ERDNT.EXE
+ 2008-12-15 17:42:26 4,911,104 ----a-w c:\windows\ERDNT\AutoBackup\15.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-15 17:42:28 28,672 ----a-w c:\windows\ERDNT\AutoBackup\15.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\16.01.2009\ERDNT.EXE
+ 2009-01-16 10:05:14 4,976,640 ----a-w c:\windows\ERDNT\AutoBackup\16.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-16 10:05:14 28,672 ----a-w c:\windows\ERDNT\AutoBackup\16.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\16.12.2008\ERDNT.EXE
+ 2008-12-16 09:30:36 4,911,104 ----a-w c:\windows\ERDNT\AutoBackup\16.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-16 09:30:38 28,672 ----a-w c:\windows\ERDNT\AutoBackup\16.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\17.01.2009\ERDNT.EXE
+ 2009-01-17 00:53:06 5,025,792 ----a-w c:\windows\ERDNT\AutoBackup\17.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-17 00:53:08 28,672 ----a-w c:\windows\ERDNT\AutoBackup\17.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\17.12.2008\ERDNT.EXE
+ 2008-12-16 23:15:02 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\17.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-16 23:15:02 28,672 ----a-w c:\windows\ERDNT\AutoBackup\17.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\18.01.2009\ERDNT.EXE
+ 2009-01-18 11:29:04 5,025,792 ----a-w c:\windows\ERDNT\AutoBackup\18.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-18 11:29:04 28,672 ----a-w c:\windows\ERDNT\AutoBackup\18.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\18.12.2008\ERDNT.EXE
+ 2008-12-18 11:41:16 4,915,200 ----a-w c:\windows\ERDNT\AutoBackup\18.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-18 11:41:18 28,672 ----a-w c:\windows\ERDNT\AutoBackup\18.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\19.01.2009\ERDNT.EXE
+ 2009-01-18 23:40:20 5,038,080 ----a-w c:\windows\ERDNT\AutoBackup\19.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-18 23:40:22 28,672 ----a-w c:\windows\ERDNT\AutoBackup\19.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\19.12.2008\ERDNT.EXE
+ 2008-12-19 09:39:22 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\19.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-19 09:39:22 28,672 ----a-w c:\windows\ERDNT\AutoBackup\19.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\20.03.2009\ERDNT.EXE
+ 2009-03-20 11:23:02 5,058,560 ----a-w c:\windows\ERDNT\AutoBackup\20.03.2009\Users\
00000001\ntuser.dat
+ 2009-03-20 11:23:04 28,672 ----a-w c:\windows\ERDNT\AutoBackup\20.03.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\20.12.2008\ERDNT.EXE
+ 2008-12-20 13:03:38 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\20.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-20 13:03:38 28,672 ----a-w c:\windows\ERDNT\AutoBackup\20.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\21.03.2009\ERDNT.EXE
+ 2009-03-21 01:52:34 5,058,560 ----a-w c:\windows\ERDNT\AutoBackup\21.03.2009\Users\
00000001\ntuser.dat
+ 2009-03-21 01:52:36 28,672 ----a-w c:\windows\ERDNT\AutoBackup\21.03.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\22.01.2009\ERDNT.EXE
+ 2009-01-21 23:04:34 5,111,808 ----a-w c:\windows\ERDNT\AutoBackup\22.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-21 23:04:36 28,672 ----a-w c:\windows\ERDNT\AutoBackup\22.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\22.12.2008\ERDNT.EXE
+ 2008-12-22 14:36:14 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\22.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-22 14:36:14 28,672 ----a-w c:\windows\ERDNT\AutoBackup\22.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\23.01.2009\ERDNT.EXE
+ 2009-01-23 11:00:10 5,111,808 ----a-w c:\windows\ERDNT\AutoBackup\23.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-23 11:00:12 28,672 ----a-w c:\windows\ERDNT\AutoBackup\23.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\23.12.2008\ERDNT.EXE
+ 2008-12-23 18:45:44 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\23.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-23 18:45:44 28,672 ----a-w c:\windows\ERDNT\AutoBackup\23.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\24.01.2009\ERDNT.EXE
+ 2009-01-24 10:44:08 5,111,808 ----a-w c:\windows\ERDNT\AutoBackup\24.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-24 10:44:08 28,672 ----a-w c:\windows\ERDNT\AutoBackup\24.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\24.12.2008\ERDNT.EXE
+ 2008-12-24 10:10:52 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\24.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-24 10:10:52 28,672 ----a-w c:\windows\ERDNT\AutoBackup\24.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\25.01.2009\ERDNT.EXE
+ 2009-01-25 10:52:08 5,124,096 ----a-w c:\windows\ERDNT\AutoBackup\25.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-25 10:52:08 28,672 ----a-w c:\windows\ERDNT\AutoBackup\25.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\25.12.2008\ERDNT.EXE
+ 2008-12-25 22:58:16 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\25.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-25 22:58:16 28,672 ----a-w c:\windows\ERDNT\AutoBackup\25.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\26.01.2009\ERDNT.EXE
+ 2009-01-26 12:17:46 5,124,096 ----a-w c:\windows\ERDNT\AutoBackup\26.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-26 12:17:48 28,672 ----a-w c:\windows\ERDNT\AutoBackup\26.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\26.12.2008\ERDNT.EXE
+ 2008-12-26 10:06:58 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\26.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-26 10:06:58 28,672 ----a-w c:\windows\ERDNT\AutoBackup\26.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\27.01.2009\ERDNT.EXE
+ 2009-01-27 12:16:46 5,124,096 ----a-w c:\windows\ERDNT\AutoBackup\27.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-27 12:16:46 28,672 ----a-w c:\windows\ERDNT\AutoBackup\27.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\27.12.2008\ERDNT.EXE
+ 2008-12-27 00:01:28 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\27.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-27 00:01:28 28,672 ----a-w c:\windows\ERDNT\AutoBackup\27.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\28.12.2008\ERDNT.EXE
+ 2008-12-28 10:26:06 4,964,352 ----a-w c:\windows\ERDNT\AutoBackup\28.12.2008\Users\
00000001\ntuser.dat
+ 2008-12-28 10:26:08 28,672 ----a-w c:\windows\ERDNT\AutoBackup\28.12.2008\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\30.01.2009\ERDNT.EXE
+ 2009-01-30 11:36:40 5,124,096 ----a-w c:\windows\ERDNT\AutoBackup\30.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-30 11:36:40 28,672 ----a-w c:\windows\ERDNT\AutoBackup\30.01.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\31.01.2009\ERDNT.EXE
+ 2009-01-31 00:55:04 5,124,096 ----a-w c:\windows\ERDNT\AutoBackup\31.01.2009\Users\
00000001\ntuser.dat
+ 2009-01-31 00:55:04 28,672 ----a-w c:\windows\ERDNT\AutoBackup\31.01.2009\Users\
00000002\UsrClass.dat
+ 2008-02-23 11:27:30 29,926 ----a-r c:\windows\Installer\{2B091530-69AA-442E-AB09-39ED06B58220}\MsblIco.Exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-11-14 17:58:12 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2009-01-25 11:35:22 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2008-11-14 17:58:08 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-25 11:37:24 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-14 17:58:08 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2009-01-25 11:35:22 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2008-01-19 22:34:48 1,632 ----a-w c:\windows\SYSTEM32\d3d8caps.dat
+ 2009-01-22 02:08:50 1,632 ----a-w c:\windows\SYSTEM32\d3d8caps.dat
- 2008-10-30 02:10:48 1,744 ----a-w c:\windows\SYSTEM32\d3d9caps.dat
+ 2009-01-30 19:15:02 1,744 ----a-w c:\windows\SYSTEM32\d3d9caps.dat
+ 2004-08-04 08:57:58 93,184 ----a-w c:\windows\SYSTEM32\dllcache\iexplore.exe
- 2008-05-09 12:15:48 45,376 ----a-w c:\windows\SYSTEM32\DRIVERS\avgntdd.sys
+ 2008-05-09 11:15:48 45,376 ----a-w c:\windows\SYSTEM32\DRIVERS\avgntdd.sys
- 2008-01-21 17:11:30 22,336 ----a-w c:\windows\SYSTEM32\DRIVERS\avgntmgr.sys
+ 2008-01-21 16:11:30 22,336 ----a-w c:\windows\SYSTEM32\DRIVERS\avgntmgr.sys
- 2008-11-14 18:30:18 75,072 ----a-w c:\windows\SYSTEM32\DRIVERS\avipbb.sys
+ 2008-10-30 09:21:04 75,072 ----a-w c:\windows\SYSTEM32\DRIVERS\avipbb.sys
- 2007-01-25 18:31:34 42,000 ----a-w c:\windows\SYSTEM32\DRIVERS\npf.sys
+ 2007-11-06 20:22:06 34,064 ----a-w c:\windows\SYSTEM32\DRIVERS\npf.sys
- 2007-11-08 18:03:26 21,248 ----a-w c:\windows\SYSTEM32\DRIVERS\ssmdrv.sys
+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\SYSTEM32\DRIVERS\ssmdrv.sys
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\SYSTEM32\MACROMED\FLASH\FlashUtil10a.exe
- 2007-06-11 12:34:00 2,115,816 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\NPSWF32.dll
- 2007-06-11 12:34:00 190,696 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\NPSWF32_FlashUtil.exe
+ 2008-02-23 11:01:52 88,590 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\uninstall_activeX.exe
+ 2009-01-30 16:33:08 84,661 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\uninstall_plugin.exe
- 2007-01-25 18:31:34 88,952 ----a-w c:\windows\SYSTEM32\Packet.dll
+ 2007-11-06 20:22:20 88,696 ----a-w c:\windows\SYSTEM32\Packet.dll
- 2007-01-25 18:31:36 53,299 ----a-w c:\windows\SYSTEM32\pthreadVC.dll
+ 2007-11-06 20:19:28 53,299 ----a-w c:\windows\SYSTEM32\pthreadVC.dll
- 2007-01-19 11:53:04 51,056 ----a-w c:\windows\SYSTEM32\sirenacm.dll
+ 2007-10-18 10:31:46 51,224 ----a-w c:\windows\SYSTEM32\sirenacm.dll
- 2007-01-25 18:31:34 68,480 ----a-w c:\windows\SYSTEM32\WanPacket.dll
+ 2007-11-06 20:22:30 68,224 ----a-w c:\windows\SYSTEM32\WanPacket.dll
- 2007-01-25 18:31:36 240,496 ----a-w c:\windows\SYSTEM32\wpcap.dll
+ 2007-11-06 20:23:18 240,248 ----a-w c:\windows\SYSTEM32\wpcap.dll
- 2008-11-14 21:02:18 294,912 ----a-w c:\windows\Verlauf\HISTORY.IE5\index.dat
+ 2009-02-02 00:17:08 147,456 ----a-w c:\windows\Verlauf\HISTORY.IE5\index.dat
+ 2009-02-02 00:16:14 49,152 ----a-w c:\windows\Verlauf\HISTORY.IE5\MSHist012009020220090203\index.dat
+ 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CorelDRAW Graphics Suite 11b"="c:\programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe" [2003-11-28 733184]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"C-Media Mixer"="Mixer.exe" [2002-10-15 c:\windows\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\dokumente und einstellungen\Standard\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VDOM"= vdowave.drv
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL5.0 Tray Icon.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AOL5.0 Tray Icon.lnk
backup=c:\windows\pss\AOL5.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^T-COM WLAN Manager T-Sinus 154data.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\T-COM WLAN Manager T-Sinus 154data.lnk
backup=c:\windows\pss\T-COM WLAN Manager T-Sinus 154data.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Standard^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
path=c:\dokumente und einstellungen\Standard\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI Foto Service]
--a------ 2007-01-26 16:44 1167360 c:\programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_SUED_FotoSuite_Download]
--a------ 2007-01-26 16:44 1167360 c:\programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2005-04-25 13:45 36040 c:\progra~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
--a------ 2007-03-01 08:01 180736 c:\windows\SYSTEM32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\programme\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\programme\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 c:\programme\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Dosbat"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\SYSTEM32\DRIVERS\avmwan.sys [2007-01-15 37568]
R3 DT154_A02;T-Sinus 154data Driver;c:\windows\SYSTEM32\DRIVERS\TS154USB.sys [2003-10-27 335328]
R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\SYSTEM32\DRIVERS\fpcibase.sys [2007-01-15 444416]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [2007-11-06 34064]
S3 w32n5223;w32n5223 Protocol Driver;c:\programme\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\w32n5223.sys [2003-05-12 15104]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Inhalt des "geplante Tasks" Ordners
2009-02-01 c:\windows\Tasks\PCHealth-Planer für die Zusammenstellung der Daten.job
- c:\windows\PCHEALTH\SUPPORT\PCHSCHD.EXE []
2007-01-15 c:\windows\Tasks\Videoerinnerung.job
- c:\windows\TUNEUP.EXE []
.
.
------- Zusätzlicher Suchlauf -------
.
mLocal Page = c:\windows\SYSTEM\blank.htm
IE: &Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm
DPF: DirectAnimation Java Classes -
file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso4.cab
DPF: Win32 Classes
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-30 01:22:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\windows\system32\drivers\gaopdxnvrmpifo.sys 81920 bytes
c:\windows\system32\gaopdxcounter 16384 bytes
c:\windows\system32\gaopdxxsvypaoi.dll 65536 bytes
Scan erfolgreich abgeschlossen
versteckte Dateien: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxnvrmpifo.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gaopdxnvrmpifo.sys"
"group"="file system"
"userdata"=dword:ffffffff
.
Zeit der Fertigstellung: 2009-01-30 1:24:18
ComboFix-quarantined-files.txt 2009-01-30 00:24:16
ComboFix4.txt 2008-11-14 21:14:14
ComboFix3.txt 2008-11-16 03:06:50
ComboFix2.txt 2008-11-17 23:16:56
Vor Suchlauf: 1.478.787.072 Bytes frei
Nach Suchlauf: 1,473,511,424 Bytes frei
337
And this is the Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:21, on 30.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040409 serial=DR12WEX-1538262-SEU lang=DE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [duheroyite] Rundll32.exe "C:\WINDOWS\system32\vevesadi.dll",s (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 7080512042O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/pub/s ... wflash.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
--
End of file - 5092 bytes