Hallo allerseits,
ich hab die Registrierungsdef. gelesen bin mir aber nicht sicher ob ich hierzu ein neues Thema erstellen soll!
Da es sich bei mir um fast das gleiche Problem handelt, ich werde auch immer zu ebay umgeleitet, des weiteren habe ich aber noch ein Problem: Mein Firefox hängt sich ab u zu auf, dh. er reagiert nicht mehr. ich muss dann den Prozess mit dem Task MAnager schließen, dann erst kann ich Firefoxneu öffnen!
hab schon die Anleitung bis zum Combofix gemacht mit folgendem Ergebnis : Code:
ComboFix 09-02-05.02 - Sebastian Liegl 2009-02-06 11:24:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3070.1955 [GMT 1:00]
ausgeführt von:: c:\users\Sebastian Liegl\Desktop\Downloads\antivirensoftware\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Neuer Wiederherstellungspunkt wurde erstellt
. ADS - Windows: deleted 48 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((( Dateien erstellt von 2009-01-06 bis 2009-02-06 ))))))))))))))))))))))))))))))
.
2009-02-06 08:20 . 2009-02-06 08:20 <DIR> d-------- c:\program files\Avira GmbH
2009-02-06 08:17 . 2009-02-06 08:17 69 --a------ c:\windows\wininit.ini
2009-02-06 07:34 . 2009-02-06 07:34 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 14:39 . 2009-02-05 14:39 <DIR> d-------- c:\program files\Common Files\Autodesk
2009-02-05 14:37 . 2009-02-05 14:38 <DIR> d-------- c:\program files\DWG TrueView 2009
2009-02-05 14:15 . 2009-02-05 14:15 <DIR> d-------- c:\program files\Microsoft WSE
2009-02-05 14:15 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2009-02-05 12:58 . 2009-02-05 14:20 <DIR> dr------- c:\users\Public\Documents
2009-02-05 11:56 . 2009-02-05 11:56 <DIR> d-------- c:\program files\Autodesk Student Community Download Tool
2009-02-03 11:03 . 2009-02-03 11:03 <DIR> d-------- c:\users\Public\Pictures
2009-02-02 18:31 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-02-01 14:46 . 2009-02-01 14:46 <DIR> d-------- c:\programdata\Nero
2009-02-01 14:46 . 2009-02-01 14:47 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-25 12:39 . 2009-01-25 12:39 <DIR> d-------- c:\windows\AiOTemp
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 10:12 --------- d-----w c:\users\Sebastian Liegl\AppData\Roaming\Skype
2009-02-06 07:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 07:43 --------- d-----w c:\users\Sebastian Liegl\AppData\Roaming\skypePM
2009-02-06 07:39 --------- d-----w c:\users\Sebastian Liegl\AppData\Roaming\Autodesk
2009-02-05 14:06 --------- d-----w c:\programdata\Microsoft Help
2009-02-05 14:05 --------- d-----w c:\program files\National Instruments
2009-02-05 14:04 --------- d-----w c:\programdata\National Instruments
2009-02-05 13:51 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-02-05 13:39 --------- d-----w c:\program files\Autodesk
2009-02-05 13:38 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-05 13:37 --------- d-----w c:\programdata\Autodesk
2009-02-05 07:09 166,929 ----a-w c:\users\Sebastian Liegl\AppData\Roaming\nvModes.dat
2009-02-02 14:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-03 19:30 --------- d-----w c:\users\Sebastian Liegl\AppData\Roaming\Malwarebytes
2009-01-03 19:30 --------- d-----w c:\programdata\Malwarebytes
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-13 10:33 --------- d-----w c:\program files\Audacity
2008-12-12 09:22 --------- d-----w c:\program files\avmwlanstick
2008-12-09 15:15 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-09 12:28 --------- d-----w c:\users\Sebastian Liegl\AppData\Roaming\.purple
2008-12-09 12:27 --------- d-----w c:\users\Sebastian Liegl\AppData\Roaming\ICQ
2008-12-09 12:27 --------- d-----w c:\program files\ICQ6.5
2008-12-08 12:45 --------- d-----w c:\programdata\FLEXnet
2008-12-08 12:42 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 12:42 --------- d-----w c:\program files\Bonjour
2008-12-08 12:31 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-08-13 07:59 174 --sha-w c:\program files\desktop.ini
2008-03-28 16:23 32 ----a-w c:\programdata\ezsid.dat
2008-07-08 06:45 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-08 06:45 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-08 06:35 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
2008-07-08 06:35 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
2008-07-08 06:35 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
2008-07-08 06:45 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-09 19:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040920080410\index.dat
2008-04-16 19:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041620080417\index.dat
2008-04-28 06:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042120080428\index.dat
2008-05-12 11:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050520080512\index.dat
2008-05-12 18:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051220080513\index.dat
2008-05-13 07:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051320080514\index.dat
2008-05-14 17:19 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051420080515\index.dat
2008-05-15 19:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051520080516\index.dat
2008-05-16 11:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051620080517\index.dat
2008-05-17 16:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051720080518\index.dat
2008-05-26 06:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051920080526\index.dat
2008-05-26 18:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052620080527\index.dat
2008-05-27 19:02 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052720080528\index.dat
2008-05-28 21:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052820080529\index.dat
2008-05-29 19:54 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052920080530\index.dat
2008-05-30 14:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat
2008-06-16 06:44 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060920080616\index.dat
2008-06-16 14:32 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061620080617\index.dat
2008-06-17 20:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061720080618\index.dat
2008-06-18 11:20 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061820080619\index.dat
2008-06-19 12:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008061920080620\index.dat
2008-06-21 16:31 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008062120080622\index.dat
2008-06-22 08:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008062220080623\index.dat
2008-07-21 15:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072120080722\index.dat
2008-07-22 15:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072220080723\index.dat
2008-07-23 15:57 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072320080724\index.dat
2008-07-24 16:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072420080725\index.dat
2008-07-25 21:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072520080726\index.dat
2008-07-26 08:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072620080727\index.dat
2008-07-27 07:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072720080728\index.dat
2008-08-11 17:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008080420080811\index.dat
2008-08-24 09:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008081120080818\index.dat
2008-08-26 15:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008081820080825\index.dat
2008-08-26 15:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008082620080827\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 02:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-02-05 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-02-05 33136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-01 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-01 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{84A1FE4C-C8C5-4A67-9048-8ADD16D9C54C}c:\\program files\\pidgin\\pidgin.exe"= UDP:c:\program files\pidgin\pidgin.exe:Pidgin
"UDP Query User{8D41E844-00DE-49FB-9682-1E7672ECF9A2}c:\\program files\\pidgin\\pidgin.exe"= TCP:c:\program files\pidgin\pidgin.exe:Pidgin
"TCP Query User{408A7452-D640-4683-A885-E87134F60428}c:\\program files\\pidgin\\pidgin.exe"= UDP:c:\program files\pidgin\pidgin.exe:Pidgin
"UDP Query User{473106E1-BBD7-4C8E-982E-670FDC760906}c:\\program files\\pidgin\\pidgin.exe"= TCP:c:\program files\pidgin\pidgin.exe:Pidgin
"TCP Query User{5A1B16F6-6629-4C5D-9C51-A810893DA34E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{29A2487D-D665-4C2D-B343-912D15F81DEB}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{F88E3ACC-F6AF-48FA-99D6-168C978146D6}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DE9DF879-1C52-4A56-80B0-883F87EF5B04}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{2C76FD13-E817-4CE5-ADD9-E2E3646F0FD7}c:\\program files\\national instruments\\labview 8.2\\labview.exe"= UDP:c:\program files\national instruments\labview 8.2\labview.exe:LabVIEW 8.2.1 Development System
"UDP Query User{CCD555AC-8586-4218-9311-0AC8C2DE34BC}c:\\program files\\national instruments\\labview 8.2\\labview.exe"= TCP:c:\program files\national instruments\labview 8.2\labview.exe:LabVIEW 8.2.1 Development System
"TCP Query User{B418BE6B-61FE-4D0F-B233-388AC2C8E184}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{3B06541C-B6A0-4BA0-8FD0-6985B65EE4B8}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{93AE5721-3FC3-4924-BFF6-AB8AD252FBF1}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{514584C5-22B2-4B41-9F59-5DC099E29771}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{DB5022AC-6DF8-4BA3-8D47-6A3C93C373A8}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{10CDA368-85F3-4A7E-B0C0-E2CBFE6306C2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-02-05 15416]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2008-06-18 21504]
R3 AVMCOWAN;AVM ISDN CoNDIS WAN-CAPI-Treiber;c:\windows\System32\drivers\avmcowan.sys [2006-11-02 64000]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-02-05 49664]
S2 gupdate1c939c032c90586;Google Update Service (gupdate1c939c032c90586);c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 133104]
S3 avmeject;AVM Eject;c:\windows\System32\drivers\avmeject.sys [2008-12-12 4352]
S3 BthAudioHF;BthAudioHF-Dienst;c:\windows\System32\drivers\BthAudioHF.sys [2008-02-05 29184]
S3 bthav;Bluetooth-AV-Profil;c:\windows\System32\drivers\bthav.sys [2008-02-05 36352]
S3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\System32\drivers\BthAvrcp.sys [2008-02-05 12800]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\System32\drivers\fwlanusb.sys [2008-12-12 265088]
S3 FXUSBASE;AVM FRITZ!X USB;c:\windows\System32\drivers\fxusbase.sys [2006-11-02 588928]
S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\System32\drivers\modbda2.sys [2005-06-03 30464]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2008-10-29 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [2008-10-29 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [2008-10-29 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [2008-10-29 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [2008-10-29 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [2008-10-29 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [2008-10-29 115752]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - d3dsuy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21f53275-c50b-11dd-9ed2-00059a3c7800}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f969a08-c82c-11dd-8876-404e57434401}]
\shell\AutoRun\command - F:\pushinst.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdb426e5-2053-11dd-bc4f-001e8ce53ca4}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners
2009-02-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 13:16]
2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{36AECD7F-42E1-4938-8F8B-67B5361445CF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sebastian Liegl\AppData\Roaming\Mozilla\Firefox\Profiles\gm7ujgdp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ee.hm.edu/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 11:41:40
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
C:\ADSM_PData_0150
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
Zeit der Fertigstellung: 2009-02-06 11:43:24
ComboFix-quarantined-files.txt 2009-02-06 10:43:22
Vor Suchlauf: 19 Verzeichnis(se), 59.072.348.160 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 58,715,426,816 Bytes frei
227 --- E O F --- 2009-02-06 06:25:26 ich hoffe mir kann geholfen werden, ansonsten mach ich doch ein neues Thema für mich auf :)
Danke schon mal
Grüße Basti |