Tech Support Forum - View Single Post - vundo removal not possible until yet -

guise2 · 12-04-2007, 12:03 AM

here again a combo-fix log from today:

ComboFix 07-12-02.6 - Thomas 2007-12-04 8:00:49.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.619 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Thomas\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iifdcbx.dll

.
((((((((((((((((((((((( Dateien erstellt von 2007-11-04 bis 2007-12-04 ))))))))))))))))))))))))))))))
.

2007-12-03 09:53 . 2007-12-03 11:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-03 09:53 . 2007-12-03 09:53 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-03 09:53 . 2007-12-03 09:53 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-03 09:53 . 2007-12-03 09:53 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-03 09:23 . 2007-12-03 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 09:23 . 2007-12-03 09:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 15:27 . 2007-12-01 11:13 <DIR> d-------- C:\Programme\SimpleOCR
2007-11-30 15:26 . 2007-11-30 15:26 9,739,116 --a------ C:\Programme\InstSocr.exe
2007-11-29 15:04 . 2003-06-02 13:30 360,448 --a------ C:\WINDOWS\SYSTEM32\cdintf.dll
2007-11-29 14:35 . 2000-05-22 00:00 608,448 --a------ C:\WINDOWS\SYSTEM32\COMCTL32.OCX
2007-11-29 14:35 . 2002-09-23 13:44 57,344 --a------ C:\WINDOWS\SYSTEM32\Crypto.dll
2007-11-29 14:35 . 1997-06-25 15:24 40,448 --a------ C:\WINDOWS\SYSTEM32\regobj.dll
2007-11-29 14:35 . 2001-07-05 15:05 40,448 --a------ C:\WINDOWS\SYSTEM32\dsofile.dll
2007-11-29 13:59 . 2007-11-29 13:59 <DIR> d-------- C:\Programme\EPSON Speed Dial Utility
2007-11-29 13:50 . 2004-09-30 12:07 80,742 --a------ C:\WINDOWS\SYSTEM32\EBPMON2.DLL
2007-11-29 13:50 . 2003-05-21 11:27 64,000 --a------ C:\WINDOWS\SYSTEM32\ECBTEG.DLL
2007-11-29 13:50 . 2001-09-04 11:04 182 --a------ C:\WINDOWS\SYSTEM32\EBPPORT.DAT
2007-11-26 21:07 . 2007-11-26 21:07 <DIR> d-------- C:\Programme\Trend Micro
2007-11-26 21:05 . 2007-11-26 21:05 <DIR> d-------- C:\Deckard
2007-11-25 23:51 . 2007-11-25 23:51 <DIR> d-------- C:\VundoFix Backups
2007-11-25 12:45 . 2007-11-25 12:45 1,613,990 --a------ C:\Programme\ProcessExplorer.zip
2007-11-25 12:18 . 2007-11-26 19:57 <DIR> d-------- C:\Programme\Enigma Software Group
2007-11-23 09:05 . 2007-11-23 09:05 <DIR> d-------- C:\Programme\MSXML 4.0
2007-11-22 13:07 . 2007-11-22 13:07 <DIR> d-------- C:\Programme\Mindjet
2007-11-22 13:07 . 2007-11-22 13:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
2007-11-22 10:35 . 2006-11-30 14:39 474,892 --a------ C:\WINDOWS\SYSTEM32\ensppmon.dll
2007-11-22 10:35 . 2006-11-30 14:40 457,611 --a------ C:\WINDOWS\SYSTEM32\ensppui.dll
2007-11-22 10:35 . 2006-12-26 15:27 247,296 --a------ C:\WINDOWS\SYSTEM32\enspres.dll
2007-11-22 10:28 . 2007-11-22 10:28 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InstallShield
2007-11-21 21:52 . 2007-11-21 21:52 876 --a------ C:\WINDOWS\$_hpcst$.hpc
2007-11-21 17:33 . 2007-11-29 14:00 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\EPSON
2007-11-21 17:33 . 2007-11-21 17:33 29 --a------ C:\WINDOWS\DEBUGSM.INI
2007-11-21 17:30 . 2007-11-21 17:30 <DIR> d-------- C:\Programme\BPPRINT
2007-11-21 17:29 . 2007-11-29 14:35 <DIR> d-------- C:\Programme\OfficeReady Essentials
2007-11-21 17:23 . 2007-11-29 14:31 <DIR> d-------- C:\Programme\NewSoft
2007-11-21 17:23 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\SYSTEM32\msjt4jlt.dll
2007-11-21 17:21 . 2007-11-21 17:21 25 --a------ C:\WINDOWS\CDEALCX11SWCD.ini
2007-11-21 17:00 . 2007-11-21 17:24 <DIR> d-------- C:\Programme\EPSON
2007-11-21 17:00 . 2005-02-08 00:00 32,768 --a------ C:\WINDOWS\SYSTEM32\esccm.dll
2007-11-21 17:00 . 2005-02-08 00:00 30,208 --a------ C:\WINDOWS\SYSTEM32\escwiab.dll
2007-11-21 17:00 . 2005-02-08 00:00 27,648 --a------ C:\WINDOWS\SYSTEM32\escimg.dll
2007-11-21 16:55 . 2007-11-21 16:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EPSON
2007-11-21 16:55 . 2007-11-29 13:51 <DIR> d-------- C:\Programme\EpsonNet
2007-11-21 16:54 . 2007-11-21 16:54 25 --a------ C:\WINDOWS\CDEALCX11Euro.ini
2007-11-11 19:23 . 2007-11-11 19:23 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
2007-11-11 19:22 . 2007-12-03 11:01 <DIR> d-------- C:\Programme\Last.fm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 06:55 --------- d-----w C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Skype
2007-12-03 23:19 --------- d-----w C:\Programme\Avery Zweckform Assistent 3.1
2007-12-03 14:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2007-12-03 09:58 --------- d-----w C:\Programme\iTunes
2007-11-29 13:35 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-11-25 22:11 --------- d-----w C:\Programme\Axis Communications
2007-11-21 16:26 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-11-13 12:22 --------- d-----w C:\Programme\McAfee
2007-11-12 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\McAfee
2007-10-11 09:36 --------- d-----w C:\Programme\Google
2007-02-13 11:10 9,466,787 ----a-w C:\Programme\owbsetup-114.zip
2006-11-08 14:39 59,400,255 ----a-w C:\Programme\WinCmapTools_v4.07_10-10-06.exe
2006-07-03 11:57 13,640,684 ----a-w C:\Programme\PDFCreator-0_9_1_AFPLGhostscript_32bit.msi
2006-04-13 12:32 9,692,886 ----a-w C:\Programme\vlc-0.8.4a-win32.exe
2006-04-01 05:44 21,832,475 ----a-w C:\Programme\ptw06.exe
2005-08-20 13:07 10,958,640 ----a-w C:\Programme\GoogleEarth.exe
2005-02-19 11:46 10,479,136 ----a-w C:\Programme\RealPlayer10-5GOLD.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-01_23.20.29.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 15:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 02:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2006-08-24 07:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\as.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\ascontrol.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\asmdat.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\instlsp.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\msvcr71.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavdr.exe
+ 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavinas.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavoe.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavpz.dll
+ 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\port32.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pscpu.dll
+ 2006-08-23 12

08 1,388,544 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskahk.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskas.dll
+ 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskavs.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvm.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\rawvfile.dll
+ 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\sporder.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\tcpvfile.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\SYSTEM32\asuninst.exe
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2007-12-01 12:37:18 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT
+ 2007-12-04 06:58:09 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT
- 2007-12-01 12:37:18 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-04 06:58:09 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-12-01 12:37:18 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT
+ 2007-12-04 06:58:09 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT
- 2007-12-01 12:37:19 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-04 06:58:09 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\SYSTEM32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2006-11-24 17:16]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 15:57]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2004-12-17 23:20]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-01-31 10:02]
"pdfSaver3"="" []
"MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [2006-04-12 21:12]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 EpsonNet_Primitive_Service;EpsonNet Primitive Service;C:\Programme\EpsonNet\common\bin\ensrvmgr.exe

.
Inhalt des "geplante Tasks" Ordners
"2007-03-15 00

19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
"2007-03-03 13:47:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 08:05:40
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-04 8

45 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-03 09:45
C:\ComboFix3.txt ... 2007-12-01 23:21
.
--- E O F ---

12-04-2007, 12:03 AM	#9 (permalink)
guise2 Registered User Join Date: Nov 2007 Posts: 13 OS: xp home	Re: vundo removal not possible until yet - here again a combo-fix log from today: ComboFix 07-12-02.6 - Thomas 2007-12-04 8:00:49.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.619 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\Thomas\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\iifdcbx.dll . ((((((((((((((((((((((( Dateien erstellt von 2007-11-04 bis 2007-12-04 )))))))))))))))))))))))))))))) . 2007-12-03 09:53 . 2007-12-03 11:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-12-03 09:53 . 2007-12-03 09:53 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2007-12-03 09:53 . 2007-12-03 09:53 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2007-12-03 09:53 . 2007-12-03 09:53 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2007-12-03 09:23 . 2007-12-03 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 09:23 . 2007-12-03 09:23 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-30 15:27 . 2007-12-01 11:13 <DIR> d-------- C:\Programme\SimpleOCR 2007-11-30 15:26 . 2007-11-30 15:26 9,739,116 --a------ C:\Programme\InstSocr.exe 2007-11-29 15:04 . 2003-06-02 13:30 360,448 --a------ C:\WINDOWS\SYSTEM32\cdintf.dll 2007-11-29 14:35 . 2000-05-22 00:00 608,448 --a------ C:\WINDOWS\SYSTEM32\COMCTL32.OCX 2007-11-29 14:35 . 2002-09-23 13:44 57,344 --a------ C:\WINDOWS\SYSTEM32\Crypto.dll 2007-11-29 14:35 . 1997-06-25 15:24 40,448 --a------ C:\WINDOWS\SYSTEM32\regobj.dll 2007-11-29 14:35 . 2001-07-05 15:05 40,448 --a------ C:\WINDOWS\SYSTEM32\dsofile.dll 2007-11-29 13:59 . 2007-11-29 13:59 <DIR> d-------- C:\Programme\EPSON Speed Dial Utility 2007-11-29 13:50 . 2004-09-30 12:07 80,742 --a------ C:\WINDOWS\SYSTEM32\EBPMON2.DLL 2007-11-29 13:50 . 2003-05-21 11:27 64,000 --a------ C:\WINDOWS\SYSTEM32\ECBTEG.DLL 2007-11-29 13:50 . 2001-09-04 11:04 182 --a------ C:\WINDOWS\SYSTEM32\EBPPORT.DAT 2007-11-26 21:07 . 2007-11-26 21:07 <DIR> d-------- C:\Programme\Trend Micro 2007-11-26 21:05 . 2007-11-26 21:05 <DIR> d-------- C:\Deckard 2007-11-25 23:51 . 2007-11-25 23:51 <DIR> d-------- C:\VundoFix Backups 2007-11-25 12:45 . 2007-11-25 12:45 1,613,990 --a------ C:\Programme\ProcessExplorer.zip 2007-11-25 12:18 . 2007-11-26 19:57 <DIR> d-------- C:\Programme\Enigma Software Group 2007-11-23 09:05 . 2007-11-23 09:05 <DIR> d-------- C:\Programme\MSXML 4.0 2007-11-22 13:07 . 2007-11-22 13:07 <DIR> d-------- C:\Programme\Mindjet 2007-11-22 13:07 . 2007-11-22 13:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet 2007-11-22 10:35 . 2006-11-30 14:39 474,892 --a------ C:\WINDOWS\SYSTEM32\ensppmon.dll 2007-11-22 10:35 . 2006-11-30 14:40 457,611 --a------ C:\WINDOWS\SYSTEM32\ensppui.dll 2007-11-22 10:35 . 2006-12-26 15:27 247,296 --a------ C:\WINDOWS\SYSTEM32\enspres.dll 2007-11-22 10:28 . 2007-11-22 10:28 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InstallShield 2007-11-21 21:52 . 2007-11-21 21:52 876 --a------ C:\WINDOWS\$_hpcst$.hpc 2007-11-21 17:33 . 2007-11-29 14:00 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\EPSON 2007-11-21 17:33 . 2007-11-21 17:33 29 --a------ C:\WINDOWS\DEBUGSM.INI 2007-11-21 17:30 . 2007-11-21 17:30 <DIR> d-------- C:\Programme\BPPRINT 2007-11-21 17:29 . 2007-11-29 14:35 <DIR> d-------- C:\Programme\OfficeReady Essentials 2007-11-21 17:23 . 2007-11-29 14:31 <DIR> d-------- C:\Programme\NewSoft 2007-11-21 17:23 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\SYSTEM32\msjt4jlt.dll 2007-11-21 17:21 . 2007-11-21 17:21 25 --a------ C:\WINDOWS\CDEALCX11SWCD.ini 2007-11-21 17:00 . 2007-11-21 17:24 <DIR> d-------- C:\Programme\EPSON 2007-11-21 17:00 . 2005-02-08 00:00 32,768 --a------ C:\WINDOWS\SYSTEM32\esccm.dll 2007-11-21 17:00 . 2005-02-08 00:00 30,208 --a------ C:\WINDOWS\SYSTEM32\escwiab.dll 2007-11-21 17:00 . 2005-02-08 00:00 27,648 --a------ C:\WINDOWS\SYSTEM32\escimg.dll 2007-11-21 16:55 . 2007-11-21 16:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EPSON 2007-11-21 16:55 . 2007-11-29 13:51 <DIR> d-------- C:\Programme\EpsonNet 2007-11-21 16:54 . 2007-11-21 16:54 25 --a------ C:\WINDOWS\CDEALCX11Euro.ini 2007-11-11 19:23 . 2007-11-11 19:23 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm 2007-11-11 19:22 . 2007-12-03 11:01 <DIR> d-------- C:\Programme\Last.fm . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 06:55 --------- d-----w C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Skype 2007-12-03 23:19 --------- d-----w C:\Programme\Avery Zweckform Assistent 3.1 2007-12-03 14:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2007-12-03 09:58 --------- d-----w C:\Programme\iTunes 2007-11-29 13:35 --------- d--h--w C:\Programme\InstallShield Installation Information 2007-11-25 22:11 --------- d-----w C:\Programme\Axis Communications 2007-11-21 16:26 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2007-11-13 12:22 --------- d-----w C:\Programme\McAfee 2007-11-12 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\McAfee 2007-10-11 09:36 --------- d-----w C:\Programme\Google 2007-02-13 11:10 9,466,787 ----a-w C:\Programme\owbsetup-114.zip 2006-11-08 14:39 59,400,255 ----a-w C:\Programme\WinCmapTools_v4.07_10-10-06.exe 2006-07-03 11:57 13,640,684 ----a-w C:\Programme\PDFCreator-0_9_1_AFPLGhostscript_32bit.msi 2006-04-13 12:32 9,692,886 ----a-w C:\Programme\vlc-0.8.4a-win32.exe 2006-04-01 05:44 21,832,475 ----a-w C:\Programme\ptw06.exe 2005-08-20 13:07 10,958,640 ----a-w C:\Programme\GoogleEarth.exe 2005-02-19 11:46 10,479,136 ----a-w C:\Programme\RealPlayer10-5GOLD.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-01_23.20.29.73 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-08 15:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe + 2007-11-27 02:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe + 2006-08-24 07:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\as.dll + 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\ascontrol.dll + 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\asmdat.dll + 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\certdll.dll + 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\instlsp.dll + 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\memvfile.dll + 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\msvcr71.dll + 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavaleas.dll + 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavdr.exe + 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavexcom.dll + 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavinas.dll + 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavoe.dll + 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavpz.dll + 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pfdnnt.exe + 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\port32.dll + 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pscpu.dll + 2006-08-23 1208 1,388,544 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskahk.dll + 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskalloc.dll + 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskas.dll + 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskavs.dll + 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskcmp.dll + 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskfss.dll + 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskhtml.dll + 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmas.dll + 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmdfs.dll + 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskpack.dll + 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskscs.dll + 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskutil.dll + 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfile.dll + 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfs.dll + 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvm.dll + 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\psscan.dll + 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\rawvfile.dll + 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\sporder.dll + 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\tcpvfile.dll + 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\SYSTEM32\asuninst.exe - 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat - 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat + 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat - 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat + 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat - 2007-12-01 12:37:18 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT + 2007-12-04 06:58:09 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT - 2007-12-01 12:37:18 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT + 2007-12-04 06:58:09 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT - 2007-12-01 12:37:18 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT + 2007-12-04 06:58:09 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT - 2007-12-01 12:37:19 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT + 2007-12-04 06:58:09 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT + 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\SYSTEM32\ZPORT4AS.dll . -- Snapshot reset to current date -- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Hinweis leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [2006-11-24 17:16] "swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10] "SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33] "DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05] "UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 15:57] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2004-12-17 23:20] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36] "mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33] "EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-01-31 10:02] "pdfSaver3"="" [] "MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [2006-04-12 21:12] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R2 EpsonNet_Primitive_Service;EpsonNet Primitive Service;C:\Programme\EpsonNet\common\bin\ensrvmgr.exe . Inhalt des "geplante Tasks" Ordners "2007-03-15 0019 C:\WINDOWS\Tasks\McDefragTask.job" - c:\programme\mcafee\mqc\QcConsol.exe "2007-03-03 13:47:29 C:\WINDOWS\Tasks\McQcTask.job" - c:\programme\mcafee\mqc\QcConsol.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 08:05:40 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************ . Zeit der Fertigstellung: 2007-12-04 845 - machine was rebooted C:\ComboFix2.txt ... 2007-12-03 09:45 C:\ComboFix3.txt ... 2007-12-01 23:21 . --- E O F ---