|
TR/Crypt.ZPACK.Gen trotz combofix aktiv Morjen ! Ich krieg einfach den Crypt.ZPACK nicht weg. Habe die hier vorgeschlagenen Programme: CCleaner, ComboFix, RSIT ausgeführt aber ohne Erfolg. Der Crypt befällt weiterhin die punkbuster-dateien, obwohl ich diese gelöscht und neu installiert habe. Achso: nach cc und combo ließ sich kein Programm mehr starten: diese waren in der Reg zum löschen vorgemerkt; nach einem Neustart gabs aber keine Probleme mehr. Hier mal die Logs von Combo und RSIT: vielleicht hat ja einer der Experten einen Rat ? Was habe ich falsch gemacht ? RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by GMI at 2009-07-15 01:23:40 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 26 GB (6%) free of 456 GB Total RAM: 3069 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:23:57, on 15.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HomeCinema\TV Enhance\TVEService.exe C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\phonostar\ps_timer.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Users\GMI\Desktop\PunkBuster\pbsetup.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\GMI\Desktop\RSIT.exe C:\Program Files\trend micro\GMI.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-21-716375991-3775272090-3900088441-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-716375991-3775272090-3900088441-1003\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\Windows\system32\lxbycoms.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10447 bytes |
Weiter gehts mit RSIT: ======Scheduled tasks folder====== C:\Windows\tasks\1-Klick-Wartung.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-24 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-09 178712] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "TVEService"=C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [2007-10-19 155648] "TVBroadcast"=C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [2007-08-08 797696] "NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2007-06-27 439512] "CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2007-06-27 215256] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-11-14 4706304] "NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-29 92704] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-29 8530464] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-29 88608] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-24 185896] "SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-04-26 111928] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "PhonostarTimer"=C:\Program Files\phonostar\ps_timer.exe [2007-12-05 126976] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-15 202024] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-07-15 01:23:40 ----D---- C:\rsit 2009-07-15 01:23:40 ----D---- C:\Program Files\trend micro 2009-07-15 01:02:41 ----A---- C:\Windows\system32\PnkBstrB.exe 2009-07-15 01:01:18 ----A---- C:\Windows\system32\PnkBstrA.exe 2009-07-15 00:46:41 ----A---- C:\ComboFix.txt 2009-07-15 00:46:16 ----SHD---- C:\$RECYCLE.BIN 2009-07-15 00:40:49 ----SD---- C:\ComboFix 2009-07-15 00:09:53 ----A---- C:\Windows\system32\pbsvc.exe 2009-07-14 23:30:54 ----A---- C:\Windows\zip.exe 2009-07-14 23:30:54 ----A---- C:\Windows\SWXCACLS.exe 2009-07-14 23:30:54 ----A---- C:\Windows\SWSC.exe 2009-07-14 23:30:54 ----A---- C:\Windows\SWREG.exe 2009-07-14 23:30:54 ----A---- C:\Windows\sed.exe 2009-07-14 23:30:54 ----A---- C:\Windows\PEV.exe 2009-07-14 23:30:54 ----A---- C:\Windows\NIRCMD.exe 2009-07-14 23:30:54 ----A---- C:\Windows\grep.exe 2009-07-14 23:26:13 ----D---- C:\Program Files\CCleaner 2009-07-14 23:24:35 ----D---- C:\Windows\ERDNT 2009-07-14 23:24:31 ----D---- C:\Qoobox 2009-07-14 22:33:40 ----AD---- C:\ProgramData\TEMP 2009-07-13 22:05:16 ----D---- C:\Program Files\Atari 2009-06-17 01:40:48 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE |
Und dann noch das ComboFix Logfile: ComboFix 09-07-13.01 - GMI 15.07.2009 0:41.4.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2005 [GMT 2:00] ausgeführt von:: c:\users\GMI\Desktop\ComboFix.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2009-06-14 bis 2009-07-14 )))))))))))))))))))))))))))))) . 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\GMI\AppData\Local\temp 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\SpezialGast\AppData\Local\temp 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\Gast\AppData\Local\temp 2009-07-14 20:20 . 2009-07-14 22:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-14 20:20 . 2009-07-14 22:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-07-14 20:20 . 2009-07-14 22:13 189672 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-13 20:11 . 2009-07-13 20:11 -------- d-----w- c:\users\GMI\AppData\Local\GHOSTBUSTERS (tm) 2009-07-13 20:05 . 2009-07-13 20:05 -------- d-----w- c:\program files\Atari 2009-06-16 23:40 . 2009-06-16 23:41 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-14 22:40 . 2008-01-21 07:15 664044 ----a-w- c:\windows\system32\perfh007.dat 2009-07-14 22:40 . 2008-01-21 07:15 142416 ----a-w- c:\windows\system32\perfc007.dat 2009-07-14 22:10 . 2008-03-06 21:21 22328 ----a-w- c:\users\GMI\AppData\Roaming\PnkBstrK.sys 2009-07-14 22:10 . 2008-03-06 21:21 22328 ----a-w- c:\users\GMI\AppData\Roaming\PnkBstrK.sys 2009-07-14 22:09 . 2009-07-14 22:09 674600 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-14 22:04 . 2008-03-06 21:25 7592 ----a-w- c:\users\GMI\AppData\Local\d3d9caps.dat 2009-07-14 21:26 . 2009-07-14 21:26 -------- d-----w- c:\program files\CCleaner 2009-07-14 20:34 . 2009-04-04 19:07 -------- d-----w- c:\program files\Trojan Remover 2009-07-12 06:19 . 2008-10-10 22:53 98800 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-28 22:38 . 2009-04-25 15:48 -------- d-----w- c:\users\GMI\AppData\Roaming\Grand Ages Rome 2009-06-26 21:40 . 2009-06-26 21:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-06-12 01:13 . 2008-03-06 20:01 98800 ----a-w- c:\users\GMI\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-11 20:16 . 2008-02-19 14:27 -------- d-----w- c:\programdata\Microsoft Help 2009-06-10 01:06 . 2008-02-19 13:41 -------- d-----w- c:\program files\Microsoft Works 2009-06-05 19:07 . 2009-06-04 19:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-05 19:07 . 2009-06-04 19:06 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-04 19:06 . 2009-06-04 19:06 -------- d-----w- c:\programdata\Avira 2009-06-04 19:06 . 2009-06-04 19:06 -------- d-----w- c:\program files\Avira 2009-05-18 06:23 . 2009-05-18 06:23 -------- d-----w- c:\program files\SweetIM 2009-05-18 06:23 . 2009-05-18 06:23 -------- d-----w- c:\programdata\SweetIM 2009-05-18 06:15 . 2009-05-18 06:15 0 ----a-w- c:\windows\nsreg.dat 2009-05-18 04:49 . 2009-04-30 19:09 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-05-18 04:47 . 2009-04-30 19:09 -------- d-----w- c:\programdata\Logishrd 2009-04-30 12:37 . 2009-06-11 19:29 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-11 19:29 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-04-24 16:05 . 2009-06-09 20:36 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-09 20:36 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-09 20:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-09 20:36 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-09 20:36 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll 2009-04-21 11:55 . 2009-06-09 20:36 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-18 19:53 . 2008-08-31 21:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . |
ComboFix Teil2: ((((((((((((((((((((((((((((( SnapShot@2009-07-14_21.36.24 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-07-14 22:41 52344 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-03-06 20:24 . 2009-07-14 22:41 13776 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-716375991-3775272090-3900088441-1004_UserData.bin - 2008-02-19 12:59 . 2009-07-14 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-02-19 12:59 . 2009-07-14 22:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-02-19 12:59 . 2009-07-14 21:26 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-02-19 12:59 . 2009-07-14 22:34 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-02-19 12:59 . 2009-07-14 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-02-19 12:59 . 2009-07-14 22:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 22:33 . 2009-07-14 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-14 19:35 . 2009-07-14 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-14 19:35 . 2009-07-14 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 22:33 . 2009-07-14 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 13:05 . 2009-07-14 22:41 121408 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2006-11-02 10:33 . 2009-07-14 19:42 625384 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-07-14 22:40 625384 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-14 19:42 116946 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-07-14 22:40 116946 c:\windows\System32\perfc009.dat - 2006-11-02 10:22 . 2009-07-14 19:40 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2006-11-02 10:22 . 2009-07-14 21:47 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2007-12-05 126976] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 155648] "TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696] "NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512] "CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-29 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-29 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-29 88608] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-24 185896] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-11-14 4706304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{FB0CBA55-13A8-40B5-8221-598E452745FE}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc "{73C75508-F1BD-4A28-BB67-56C57C79A573}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector "{20028EB4-015E-45BB-9BF4-0FA2400C87E5}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{700753F8-0BC6-469F-8CAE-6069CDCC0371}"= c:\program files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance "{F16DA657-8928-4778-8937-BB90910F5002}"= c:\program files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program "{65ECE68D-C836-4729-888B-BA24EF75C71B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1190CFDC-5B6F-4E95-BE59-A322F2877102}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F3ECBA52-9DCC-47F6-A021-9E923C2C2B01}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C6812261-0A3C-43C2-8949-9AE5157D671F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{850CBDDC-B319-41D0-828D-5B182D38EBCB}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{A96BB2BD-409A-42B9-A526-2B3717225E15}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{9D595453-CD4A-4CFF-9FFD-136623996ED8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{7BF2D859-36AA-4EB2-B71E-A471BCEF5539}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{8F2DF4FC-FD1C-4C40-8622-BE3D64349693}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{16DA6AE4-DBA7-4F58-91FD-C8AACA268B63}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{0AD3A5BA-ED65-4F3D-A796-50DD8A471722}"= UDP:c:\spiele\Battlefield 2\BF2.exe:Battlefield 2 "{E56A0E35-2723-4833-B132-AF416D9B8FD2}"= TCP:c:\spiele\Battlefield 2\BF2.exe:Battlefield 2 "{434AF4EC-CDD2-4791-9CAB-7B3225323F2E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{3BAF419C-2331-4751-8386-142AA6449428}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{11191B2D-7403-4D78-A62E-93A46D75BE76}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{F35E59C9-ED11-46C1-83A2-58E76FAA0728}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{47AEF931-2955-4BF1-813A-707A795F0DE1}"= UDP:c:\spiele\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{641A4DBD-3952-4884-8E34-1D726B5AD25F}"= TCP:c:\spiele\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{D391A3BA-E53E-4266-A498-E7803A7F30CC}"= UDP:c:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{3DF1E111-93F2-40E9-8631-217B09DA572D}"= TCP:c:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{3733F27C-31BD-4E2A-A6C9-11BBF0F05EF6}"= UDP:c:\spiele\Crysis\Bin32\Crysis.exe:Crysis_32 "{33822369-92FB-4170-91E2-B7A75D92EC81}"= TCP:c:\spiele\Crysis\Bin32\Crysis.exe:Crysis_32 "{D72640A4-2A2A-43C1-9F63-D1B39EBDA022}"= UDP:c:\spiele\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{A338C6E0-92A5-4ECE-92FE-1529C50A37BF}"= TCP:c:\spiele\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{D83E3303-E345-45B6-B59F-01EB30A5B241}"= UDP:c:\spiele\Assasins\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{CF141010-90C0-4905-9666-F2D2DCE03D0A}"= TCP:c:\spiele\Assasins\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{1722D684-12D5-44CB-AA25-35867D2D4B40}"= UDP:c:\spiele\Assasins\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{F50C219C-F4DD-4889-8E9D-125B316D7D86}"= TCP:c:\spiele\Assasins\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{00C02A76-2B2A-4767-B650-A5127D462E14}"= UDP:c:\spiele\Assasins\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{CA4185AA-FABB-4596-A497-CEB2A9561943}"= TCP:c:\spiele\Assasins\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{DC121801-92FC-4420-BF3D-6981996001AF}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{CBD353C5-33A3-4836-8A4A-4D0606FB179D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{BBC2D56A-32A2-43A8-B470-22DB4E173F8A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{B9F85F6C-5620-43D6-A25A-EE357C45DB85}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{E10C6888-17D8-4290-8391-79ECC162075E}"= UDP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{FBA592A8-548E-4E35-ADFD-ED0C68DEB563}"= TCP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{34E2D115-FEEC-43B6-AEF3-C24D51AD8349}"= UDP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{246CFF7E-251D-4612-8B41-E03D663D423F}"= TCP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{7A39F28A-90CE-4D5F-A0E2-28E4E7C07009}"= UDP:c:\spiele\WiC\wic.exe:WORLD IN CONFLICT "{75FF97AD-4417-42C5-9CA8-E68A6D69CC36}"= TCP:c:\spiele\WiC\wic.exe:WORLD IN CONFLICT "{1BD96B6F-17B0-4F1B-BA9A-2B90E9B80A39}"= UDP:c:\spiele\WiC\wic_online.exe:WORLD IN CONFLICT - Nur Online "{AA201D48-A9D0-4AA1-A246-81CB95278E82}"= TCP:c:\spiele\WiC\wic_online.exe:WORLD IN CONFLICT - Nur Online "{1E6DFB2D-EFD8-47F5-8BE6-F05A50ABCC59}"= UDP:c:\spiele\WiC\wic_ds.exe:WORLD IN CONFLICT - Dedizierter Server "{C8AB2FFB-C02A-4888-85CD-18F5C2F450C6}"= TCP:c:\spiele\WiC\wic_ds.exe:WORLD IN CONFLICT - Dedizierter Server "TCP Query User{E6588DCE-F0DC-48DF-93F4-EFF8012196F2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{834BF720-9FC8-49DD-A6DF-54BF5B3169B1}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{598B4DAC-1605-4B62-A5FB-4C9D97BD92D7}c:\\program files\\torrent\\utorrent.exe"= UDP:c:\program files\torrent\utorrent.exe:utorrent "UDP Query User{9DC14E74-8C6E-4EF5-900F-DC068C562713}c:\\program files\\torrent\\utorrent.exe"= TCP:c:\program files\torrent\utorrent.exe:utorrent "TCP Query User{733EC402-A205-4600-AA0B-4BC7894974BF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{C51286CD-62DA-4FAA-912E-093AD8BEC882}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{3FC1A814-3DCE-45CE-A1B6-DA2B53A15155}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator "{83FF9E94-2571-4043-95E8-9DA1D6941775}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator "TCP Query User{9CBCFED2-71F5-4D48-9D79-56E3BB3F6336}c:\\program files\\winscp\\winscp.exe"= UDP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client "UDP Query User{48B983D7-96ED-4133-85D4-C2F1A4FB4DDF}c:\\program files\\winscp\\winscp.exe"= TCP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client "TCP Query User{BC96106C-CDB8-423C-B8A2-6215D69099A7}c:\\spiele\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\spiele\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "UDP Query User{BCF2D20D-C4E4-41B1-97E3-A63F1533CC5E}c:\\spiele\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\spiele\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "{F0F0FAE2-16C0-4643-90B5-F7AB38A82BAC}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{DFFB84F5-5A83-436E-AF00-7E08D7D071CF}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{44E2C64E-0110-41BD-99D1-10A583DB67CD}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{0DC0C4B5-17B1-4ABA-8069-2AE782CA4E5C}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{DA74B066-8ED8-493C-8850-25E5651FB7E8}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FC2Editor.exe:Editor "{D93421DA-13B9-403F-9EAA-DAAC10E48D99}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FC2Editor.exe:Editor "{1CA68054-33E9-4026-8687-D81B812FAEC1}"= UDP:c:\spiele\endwar\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar "{2DD00D91-2C1B-4E06-893D-CD3DF44A3E55}"= TCP:c:\spiele\endwar\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar "{8DEBE988-6D26-48F2-8D74-6D2F4F274B2F}"= UDP:c:\spiele\endwar\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher "{7C5910A7-FCBF-4FEF-8C97-6A9568192C69}"= TCP:c:\spiele\endwar\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher "{B67D0282-8029-4056-B051-1AED70B5A6FF}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{7AF95326-01BF-4B39-856B-EB837EB119F1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{5EC9F2FA-1E49-4D58-B80B-F8E8D7D48F23}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{A515D09C-6557-44E8-B622-9C484047484B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{D95D3124-5348-46E9-AFCC-6D0A57F5199E}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{F6071593-A99A-47A5-BCD7-9F535139A869}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "TCP Query User{FB4F130F-1100-4DB1-A92E-2D4135562EA3}c:\\spiele\\pacific\\bsp.exe"= UDP:c:\spiele\pacific\bsp.exe:Battlestations: Pacific "UDP Query User{6E36D3FE-C9B5-4D28-B492-8C585CAC0AF1}c:\\spiele\\pacific\\bsp.exe"= TCP:c:\spiele\pacific\bsp.exe:Battlestations: Pacific [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [04.06.2009 21:06 108289] R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12.02.2007 12:46 208896] R2 GnabService;GnabService;c:\program files\Common Files\Gnab\Service\ServiceController.exe [19.02.2008 15:14 36864] R2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [27.06.2007 11:14 317656] R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18.02.2007 21:34 5376] R2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [27.06.2007 11:17 272600] R2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [19.02.2008 16:49 1681408] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [19.02.2008 15:33 290909] R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [19.02.2008 15:33 114779] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [19.02.2008 11:28 1302368] R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [20.02.2008 14:05 5632] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [19.02.2008 11:28 554496] R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [19.02.2008 13:39 13976] S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [27.06.2007 11:15 39640] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [19.02.2008 15:07 1527900] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2009-03-13 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 11:17] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.yahoo.de/ mSearch Bar = hxxp://www.google.com/ie IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\GMI\AppData\Roaming\Mozilla\Firefox\Profiles\0ylfsh8v.default\ FF - prefs.js: browser.startup.homepage - Yahoo! Deutschland FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-15 00:45 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\users\GMI\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-716375991-3775272090-3900088441-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:fc,78,83,ca,28,3b,b2,fc,35,d7,6b,9a,9e,50,f9,ec,12,0b,47,dc,17,87,92, 8d,b0,c1,62,b0,c9,12,a8,b6,9e,3a,eb,53,62,04,ef,63,04,37,2d,ec,7d,f7,16,af,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-716375991-3775272090-3900088441-1004\Software\SecuROM\License information*] "datasecu"=hex:52,af,34,92,19,40,95,dd,68,7d,26,99,c4,7f,d5,9c,50,ac,80,01,e8, 4b,84,09,f6,e2,1f,fa,92,e7,c7,c5,cd,cd,4b,99,5a,1c,60,c7,d8,cd,5a,10,4a,82,\ "rkeysecu"=hex:80,f1,2d,bc,7b,6a,c4,33,9e,a6,66,8b,1e,d3,1b,fb . Zeit der Fertigstellung: 2009-07-14 0:46 ComboFix-quarantined-files.txt 2009-07-14 22:46 ComboFix2.txt 2009-07-14 21:57 ComboFix3.txt 2009-07-14 21:37 Vor Suchlauf: 14 Verzeichnis(se), 27.598.749.696 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 27.570.884.608 Bytes frei 284 --- E O F --- 2009-07-13 18:59 |
Hallo GEMI Dann lade die Datei, die Avira bemängelt mal bei Virustotal.com hoch. Poste bitte das gesamte Ergebnis hier. mfg, Kaos |
*klinkt* da ich das gleiche prob hab, und wohl gerade im netz ne welle los geht: es gibt mehrmals diese meldung. siehe hier. zusammenhang zu mir. gruss, cotton |
UPDATE: FORUM ANTIVIR |
Huhu !!! Mein Kumpel hat gestern noch gelacht, heute hat er denselben Mist. Alle Aufregung umsonst. Scheint ein Fehler von Avira zu sein. Ich hab nochmal n scan gemacht und ein avira update. Ausserdem hab ich bei avira alle pb-dateien und prozesse aus dem scan und guard rausgenommen. PB funzt, ich kann bf2 zocken :aplaus: Ich hoff mal das wars DANKE für die schnelle Hilfe |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:24 Uhr. |
Copyright ©2000-2025, Trojaner-Board