Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Vundo.gen problem (https://www.trojaner-board.de/57065-tr-vundo-gen-problem.html)

Metamix 12.08.2008 08:41
oh man ey ich mach auch wirklich alles falsch :( tut mir leid. Na ja iwie funz mein Combo fix wieder :) ich werde es nu durchlaufen lassen nach dem plan vom ersten post hier dann poste ich euch ein log file.

Metamix 12.08.2008 08:56
So hier also mal mein Log´s nachdem ich combo fix durchgelaufen habe und die sachen ausm ersten post bearbeitet habe so hoffe ihc poste es diemals richtig und ihr habt noch bock mir zu helfen :)

Code:
ComboFix 08-08-11.01 - Metamix 2008-08-12  9:48:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1031.18.1276 [GMT 2:00]
ausgeführt von:: C:\Users\Metamix\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Metamix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Windows\system32\x64
D:\install.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2008-07-12 bis 2008-08-12  ))))))))))))))))))))))))))))))
.

2008-08-07 08:27 . 2008-08-07 08:27        <DIR>        d--------        C:\Program Files\CCleaner
2008-08-04 00:05 . 2003-03-02 17:44        7,552        --a------        C:\Windows\System32\drivers\enodpl.sys
2008-08-04 00:05 . 2003-04-19 00:39        6,659        --a------        C:\Windows\System32\TANDPL.VXD
2008-08-04 00:05 . 2001-08-31 15:16        6,532        --a------        C:\Windows\System32\ENODPL.VXD
2008-08-04 00:05 . 2003-04-19 00:32        4,736        --a------        C:\Windows\System32\drivers\tandpl.sys
2008-08-03 18:26 . 2008-08-03 18:28        <DIR>        d--------        C:\Users\Metamix\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-08-03 18:03 . 2008-08-03 18:03        <DIR>        d--------        C:\Program Files\Electronic Arts
2008-08-01 15:04 . 2008-08-01 15:04        33,832        --a------        C:\Windows\System32\qbzxhnrm.exe
2008-08-01 15:04 . 2008-08-01 15:04        33,832        --a------        C:\Windows\System32\mlqbenig.exe
2008-08-01 14:12 . 2008-08-01 14:12        <DIR>        d--------        C:\PerfLogs
2008-08-01 13:29 . 2008-08-01 13:29        <DIR>        d--------        C:\Program Files\Secunia
2008-08-01 13:17 . 2008-08-01 13:17        <DIR>        d--------        C:\Program Files\Trend Micro
2008-08-01 13:16 . 2008-08-01 13:16        <DIR>        d--------        C:\Program Files\HJT
2008-07-30 17:56 . 2008-07-30 17:59        <DIR>        d--------        C:\Program Files\cfg
2008-07-30 12:09 . 2008-07-30 12:14        <DIR>        d--------        C:\Program Files\Counter-Strike Source
2008-07-29 11:04 . 2008-07-29 11:04        <DIR>        d--------        C:\VundoFix Backups
2008-07-28 17:08 . 2008-07-28 17:08        <DIR>        d--------        C:\Users\All Users\Avira
2008-07-28 17:08 . 2008-07-28 17:08        <DIR>        d--------        C:\ProgramData\Avira
2008-07-28 17:08 . 2008-07-28 17:08        <DIR>        d--------        C:\Program Files\Avira
2008-07-28 16:35 . 2008-07-30 17:42        23,888        --a------        C:\Windows\System32\drivers\COH_Mon.sys
2008-07-28 16:35 . 2008-07-30 17:28        10,537        --a------        C:\Windows\System32\drivers\COH_Mon.cat
2008-07-28 16:35 . 2008-07-30 17:28        706        --a------        C:\Windows\System32\drivers\COH_Mon.inf
2008-07-22 02:42 . 2008-07-22 02:42        42,320        --a------        C:\Windows\System32\xfcodec.dll
2008-07-18 12:46 . 2008-01-19 09:35        4,497,408        --a------        C:\Windows\System32\NlsData0019.dll
2008-07-18 12:46 . 2008-01-19 09:35        4,495,360        --a------        C:\Windows\System32\NlsData0816.dll
2008-07-18 12:46 . 2008-01-19 09:35        4,495,360        --a------        C:\Windows\System32\NlsData0416.dll
2008-07-18 12:46 . 2008-01-19 09:35        4,495,360        --a------        C:\Windows\System32\NlsData0414.dll
2008-07-18 12:46 . 2008-01-19 09:35        4,495,360        --a------        C:\Windows\System32\NlsData001d.dll
2008-07-18 12:46 . 2008-01-19 09:35        4,495,360        --a------        C:\Windows\System32\NlsData0010.dll
2008-07-18 12:46 . 2008-01-19 09:35        3,466,752        --a------        C:\Windows\System32\NlsData0013.dll
2008-07-18 12:46 . 2008-01-19 09:35        2,599,936        --a------        C:\Windows\System32\NlsData0001.dll
2008-07-18 12:46 . 2008-01-19 09:35        1,523,712        --a------        C:\Windows\System32\NlsData0000.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 14:53        ---------        d-----w        C:\Users\Metamix\AppData\Roaming\dvdcss
2008-08-11 10:37        ---------        d-----w        C:\ProgramData\Symantec
2008-08-11 10:37        ---------        d-----w        C:\Program Files\Common Files\Symantec Shared
2008-08-09 18:26        ---------        d-----w        C:\Users\Metamix\AppData\Roaming\teamspeak2
2008-08-03 22:03        ---------        d--h--w        C:\Program Files\InstallShield Installation Information
2008-08-02 11:40        ---------        d-----w        C:\ProgramData\Xfire
2008-08-01 19:41        ---------        d-----w        C:\Users\Metamix\AppData\Roaming\Xfire
2008-08-01 18:43        ---------        d-----w        C:\Program Files\Xfire
2008-08-01 17:55        ---------        d-----w        C:\Users\Metamix\AppData\Roaming\Hamachi
2008-08-01 12:22        174        --sha-w        C:\Program Files\desktop.ini
2008-08-01 12:13        ---------        d-----w        C:\Program Files\Windows Sidebar
2008-08-01 12:13        ---------        d-----w        C:\Program Files\Windows Photo Gallery
2008-08-01 12:13        ---------        d-----w        C:\Program Files\Windows Mail
2008-08-01 12:13        ---------        d-----w        C:\Program Files\Windows Journal
2008-08-01 12:13        ---------        d-----w        C:\Program Files\Windows Defender
2008-08-01 12:13        ---------        d-----w        C:\Program Files\Windows Collaboration
2008-08-01 12:13        ---------        d-----w        C:\Program Files\Windows Calendar
2008-08-01 11:47        82,432        ----a-w        C:\Windows\System32\axaltocm.dll
2008-08-01 11:47        101,888        ----a-w        C:\Windows\System32\ifxcardm.dll
2008-07-28 14:38        ---------        d-----w        C:\Program Files\Norton Internet Security
2008-07-28 14:35        805        ----a-w        C:\Windows\system32\drivers\SYMEVENT.INF
2008-07-28 14:35        123,952        ----a-w        C:\Windows\system32\drivers\SYMEVENT.SYS
2008-07-28 14:35        10,671        ----a-w        C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-28 14:35        ---------        d-----w        C:\Program Files\Symantec
2008-06-30 19:47        ---------        d-----w        C:\Program Files\Ubisoft
2008-06-30 14:21        ---------        d-----w        C:\Users\Metamix\AppData\Roaming\Ubisoft
2008-06-30 14:07        ---------        d-----w        C:\ProgramData\Ubisoft
2008-06-26 03:29        801,280        ----a-w        C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45        2,644,480        ----a-w        C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45        12,240,896        ----a-w        C:\Windows\System32\NlsLexicons0007.dll
2008-06-21 09:13        ---------        d-----w        C:\Program Files\Game Cam V2
2008-06-16 08:31        7,808        ----a-w        C:\Windows\system32\drivers\psi_mf.sys
2008-05-27 05:21        1,582,592        ----a-w        C:\Windows\System32\tquery.dll
2008-05-27 05:21        1,418,240        ----a-w        C:\Windows\System32\mssrch.dll
2008-05-27 05:17        87,552        ----a-w        C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17        87,552        ----a-w        C:\Windows\System32\mssitlb.dll
2008-05-27 05:17        754,176        ----a-w        C:\Windows\System32\propsys.dll
2008-05-27 05:17        60,416        ----a-w        C:\Windows\System32\msscntrs.dll
2008-05-27 05:17        6,103,040        ----a-w        C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17        34,816        ----a-w        C:\Windows\System32\msscb.dll
2008-05-27 05:17        32,768        ----a-w        C:\Windows\System32\mssprxy.dll
2008-05-27 05:17        313,344        ----a-w        C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17        301,568        ----a-w        C:\Windows\System32\srchadmin.dll
2008-05-27 05:17        194,560        ----a-w        C:\Windows\System32\offfilt.dll
2008-05-27 05:17        143,872        ----a-w        C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17        11,776        ----a-w        C:\Windows\System32\msshooks.dll
2008-05-27 05:17        1,671,680        ----a-w        C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59        18,904        ----a-w        C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59        106,605        ----a-w        C:\Windows\System32\StructuredQuerySchema.bin
2008-02-15 15:10        16,384        --sha-w        C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-15 15:10        32,768        --sha-w        C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-15 15:10        16,384        --sha-w        C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((  Autostart Punkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-10 12:00 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-06-15 16:48 326440]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 18:33 204908]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:39 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:36 22696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 22:41 178280]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-10 12:00 1838592]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 10:56 4493312 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]

C:\Users\Metamix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 11:03:08 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F35FFAAB-B4E3-461F-880D-F1B970A88472}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA50C69F-0CE1-49FD-BF3B-60D62A206C97}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{BDD016F8-3150-4A59-A93B-212323926AEC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{38069790-6671-4260-885A-9116A5A0E4A5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer Play Movie
"{53D3EC7E-C15D-4AFE-81D3-392347A629AC}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"TCP Query User{16011576-5C3B-443F-85A4-F2DB3E182CF3}C:\\games\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\games\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{7B728EE8-C6A6-4AE7-B28E-39D2D9F42B4D}C:\\games\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\games\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{DCF02145-4CF5-498D-871B-AC2444FB8E73}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A3CC37E3-0C3F-4A50-AE6A-22B250647738}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{51925114-09DA-467E-B707-7E185D6141DC}C:\\games\\cod 2\\cod2mp_s.exe"= UDP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{6F10CD0E-1E33-4F8D-95F2-53B3AF562989}C:\\games\\cod 2\\cod2mp_s.exe"= TCP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"{916A530A-2C78-4AB7-B037-81205F1FAAB6}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9E6EC27C-2958-4865-B511-FFEAA556C4EB}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0F897677-01BB-4B7E-9A4E-732C64394C30}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{816F541E-749D-4F8C-B59E-A6599C30F34F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{8690F1B8-8F68-473D-8AE3-FE221EC0E4F4}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{3651232E-AD72-4139-B961-DFE11F0280DF}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{052513AF-E57F-4841-8317-EA52962CC544}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{EAAEAC27-6F3F-41A8-A918-A6EEE9649E44}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{7968A569-C41E-4BE8-B6DF-2C354E7D1E5D}C:\\games\\cod 2\\cod2mp_s.exe"= UDP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{8F249620-3297-4BAA-B146-AA58B86B13FD}C:\\games\\cod 2\\cod2mp_s.exe"= TCP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{10AE2ED0-5DB3-456B-A3B0-1DAB580D6332}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{18231FE4-6C83-42E5-AAD9-FFBDE43586D9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{D545C315-A374-48CD-B523-69C5D229CE69}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{6326DB66-373A-4ED9-97A6-4F7CDE6AC863}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{EB3D459D-B58A-4373-936B-9C33B047A537}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{89339EE1-F604-4D6A-972B-4B6E3D8374D6}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"{24B1420E-1683-43B2-A9A7-F8F5B2DE437D}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{35093D07-9A8B-4E3B-8E65-3EE3021E047E}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{AEA2453E-9722-46DC-9DC6-2F5F7182434A}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{0EDD73F8-F3CB-4EB6-A243-AA2444FCBFC7}C:\\games\\wc 3 gepatcht\\war3.exe"= UDP:C:\games\wc 3 gepatcht\war3.exe:Warcraft III
"UDP Query User{CAFF0678-0BA3-48D5-A91F-5C8946A3FAFD}C:\\games\\wc 3 gepatcht\\war3.exe"= TCP:C:\games\wc 3 gepatcht\war3.exe:Warcraft III
"TCP Query User{F814FE61-9476-4EB9-BE6D-CF3F836C1DCA}C:\\games\\xiii\\system\\xiii.exe"= UDP:C:\games\xiii\system\xiii.exe:XIII
"UDP Query User{5B21A32D-7190-4672-8691-F3788AAC9675}C:\\games\\xiii\\system\\xiii.exe"= TCP:C:\games\xiii\system\xiii.exe:XIII
"TCP Query User{79D75DB9-13CA-49BD-BE3C-F2D36D20A1EB}C:\\games\\cod 2 (1)\\cod2mp_s.exe"= UDP:C:\games\cod 2 (1)\cod2mp_s.exe:CoD2MP_s
"UDP Query User{6C6BFA0F-1749-4D45-A67F-C76B70AB53C5}C:\\games\\cod 2 (1)\\cod2mp_s.exe"= TCP:C:\games\cod 2 (1)\cod2mp_s.exe:CoD2MP_s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 16:51]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 18:33]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 11:53]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-06-16 10:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aef5cdb-7edd-11dc-a9d3-806e6f6e6963}]
\shell\AutoRun\command - E:\Start.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-08-01 C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Metamix.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 06:35]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Zusätzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.quenya-germany.de/forum/index.php?sid=ad69b41bddffbde91bf619257fa78544
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://de.intl.acer.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
O8 -: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1
C:\Windows\Downloaded Program Files\ImageUploader5.inf
C:\Windows\System32\unicows.dll
C:\Windows\Downloaded Program Files\ImageUploader5.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 09:51:41
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-08-12  9:53:11
ComboFix-quarantined-files.txt  2008-08-12 07:53:09

Pre-Run: 14 Verzeichnis(se), 98,766,340,096 Bytes frei
Post-Run: 22 Verzeichnis(se), 98,729,734,144 Bytes frei

246        --- E O F ---        2008-08-08 15:27:40


Ps: Mir ist gerade aufgefallen das ich wieder Bilder als desktop hintergrund nehmen kann also ich glaube der Virus ist weg :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:32 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131