Witam,
Aktualnie jestem u brata u ktorego na komputerze wykrywa wirusa: win32:cutwail.
Bardzo prosze o pomoc w usunieci go.
Oto log hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:22, on 2009-06-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\9129837.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MIREK\MIREK.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MIREK] C:\Documents and Settings\MIREK\MIREK.exe /i
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USLUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: rncsys32.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7114 bytes
ComboFix 09-06-18.02 - MIREK 2009-06-18 20:16.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1045.18.446.286 [GMT 2:00]
ausgeführt von:: C:\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090617-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycled\Recycled
c:\documents and settings\MIREK\Dane aplikacji\wiaserva.log
c:\documents and settings\MIREK\Menu Start\Programy\Autostart\rncsys32.exe
c:\documents and settings\MIREK\MIREK.exe
c:\windows\9129837.exe
c:\windows\system32\drivers\ksi32sk.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\zaponce52689.dat
c:\windows\zaponce53652.dat
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_glaide32
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_ws2_32sik
((((((((((((((((((((((( Dateien erstellt von 2009-05-18 bis 2009-06-18 ))))))))))))))))))))))))))))))
.
2009-06-18 18:04 . 2009-06-18 18:04 -------- d-----w- c:\program files\Trend Micro
2009-06-16 19:56 . 2009-06-16 19:56 -------- d-----w- c:\windows\system32\KB905474
2009-06-16 19:56 . 2009-03-10 20:26 1436544 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-06-16 19:56 . 2009-03-10 20:18 455048 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-06-16 19:53 . 2009-06-16 19:53 -------- d-----w- c:\program files\MSXML 4.0
2009-06-16 17:40 . 2009-06-16 17:57 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-16 17:38 . 2008-09-04 16:46 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-06-16 17:38 . 2008-06-14 18:01 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-16 17:36 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-16 17:36 . 2008-10-03 10:17 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-06-16 17:35 . 2008-10-15 17:00 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-16 17:35 . 2008-04-21 21:28 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-16 17:31 . 2009-06-16 19:57 -------- d--h--w- c:\windows\$hf_mig$
2009-06-15 15:11 . 2009-06-15 15:11 -------- d-----w- c:\program files\FLVPlayer
2009-06-15 14:09 . 2009-06-15 14:09 -------- d-----w- c:\documents and settings\MIREK\Ustawienia lokalne\Dane aplikacji\Opera
2009-06-15 14:09 . 2009-06-15 14:09 -------- d-----w- c:\program files\Opera
2009-06-15 14:04 . 2009-06-15 14:04 -------- d-----w- c:\program files\ToniArts
2009-06-01 09:09 . 2009-06-01 11:35 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-01 09:08 . 2009-06-01 09:08 -------- d-----w- c:\program files\Corel
2009-06-01 09:07 . 2009-06-01 09:07 -------- d-----w- c:\documents and settings\MIREK\Dane aplikacji\InstallShield
2009-05-31 21:37 . 2009-05-31 21:37 -------- d-----w- c:\program files\Photo!
2009-05-31 20:39 . 2009-05-31 20:39 -------- d-----w- c:\program files\Ashampoo
2009-05-24 21:43 . 2009-05-24 21:44 -------- d-----w- c:\documents and settings\MIREK\Dane aplikacji\Media Player Classic
2009-05-23 20:45 . 2009-05-23 20:45 -------- d-----w- c:\documents and settings\MIREK\Dane aplikacji\Ashampoo
2009-05-21 10:50 . 2004-08-03 23:44 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 18:03 . 2009-06-18 18:10 3028246 ----a-r- C:\ComboFix.exe
2009-06-16 20:04 . 2001-10-26 16:15 75486 ----a-w- c:\windows\system32\perfc015.dat
2009-06-16 20:04 . 2001-10-26 16:15 451326 ----a-w- c:\windows\system32\perfh015.dat
2009-06-15 20:26 . 2008-02-13 18:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-15 14:09 . 2008-02-13 19:15 -------- d-----w- c:\program files\Gadu-Gadu
2009-06-15 14:04 . 2008-02-13 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 14:00 . 2008-07-24 20:08 -------- d-----w- c:\program files\SweetIM
2009-06-15 13:57 . 2008-10-25 18:57 -------- d-----w- c:\program files\Spybot - Search Destroy
2009-06-15 13:56 . 2008-02-14 21:21 -------- d-----w- c:\program files\Google
2009-06-15 13:55 . 2008-10-25 18:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search Destroy
2009-06-15 13:52 . 2008-02-13 18:03 -------- d-----w- c:\documents and settings\MIREK\Dane aplikacji\Lavasoft
2009-05-17 21:06 . 2008-10-12 19:18 -------- d-----w- c:\documents and settings\MIREK\Dane aplikacji\Samsung
2009-05-17 20:57 . 2008-10-12 18:57 -------- d-----w- c:\program files\Samsung
2009-05-08 16:45 . 2008-10-03 15:03 -------- d-----w- c:\program files\7-Zip
2009-05-07 15:44 . 2001-10-26 17:29 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:53 . 2001-10-26 17:29 662016 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:53 . 2008-02-13 16:50 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-19 20:11 . 2001-10-26 16:59 1846912 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:18 . 2001-10-26 17:29 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-21 08:07 . 2009-03-21 08:07 41000 ---ha-w- c:\windows\system32\mlfcache.dat
2008-11-16 19:53 . 2008-11-16 19:51 24 --sh--w- c:\windows\SF20C76AF.tmp
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\MIREK\Menu Start\Programy\Autostart\AutorunsDisabled
Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe"=
"c:\\WINDOWS\\system32\\KB905474\\wgasetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-25 20560]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\4.tmp -- c:\windows\TEMP\4.tmp [?]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;\??\c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS -- c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [?]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;\??\c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS -- c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [?]
.
Inhalt des "geplante Tasks" Ordners
2009-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-16 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.pl/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 20:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\4.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
- - - - - - - 'explorer.exe'(1128)
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-06-18 20:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-06-18 18:26
Vor Suchlauf: 14 243 528 704 bajtów wolnych
Nach Suchlauf: 14 186 999 808 bajtów wolnych
195 --- E O F --- 2009-06-18 17:55
[/code]