So hier also mal mein Log´s nachdem ich combo fix durchgelaufen habe und die sachen ausm ersten post bearbeitet habe so hoffe ihc poste es diemals richtig und ihr habt noch bock mir zu helfen :) Code:
ComboFix 08-08-11.01 - Metamix 2008-08-12 9:48:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1276 [GMT 2:00]
ausgeführt von:: C:\Users\Metamix\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Metamix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Windows\system32\x64
D:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2008-07-12 bis 2008-08-12 ))))))))))))))))))))))))))))))
.
2008-08-07 08:27 . 2008-08-07 08:27 <DIR> d-------- C:\Program Files\CCleaner
2008-08-04 00:05 . 2003-03-02 17:44 7,552 --a------ C:\Windows\System32\drivers\enodpl.sys
2008-08-04 00:05 . 2003-04-19 00:39 6,659 --a------ C:\Windows\System32\TANDPL.VXD
2008-08-04 00:05 . 2001-08-31 15:16 6,532 --a------ C:\Windows\System32\ENODPL.VXD
2008-08-04 00:05 . 2003-04-19 00:32 4,736 --a------ C:\Windows\System32\drivers\tandpl.sys
2008-08-03 18:26 . 2008-08-03 18:28 <DIR> d-------- C:\Users\Metamix\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-08-03 18:03 . 2008-08-03 18:03 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-01 15:04 . 2008-08-01 15:04 33,832 --a------ C:\Windows\System32\qbzxhnrm.exe
2008-08-01 15:04 . 2008-08-01 15:04 33,832 --a------ C:\Windows\System32\mlqbenig.exe
2008-08-01 14:12 . 2008-08-01 14:12 <DIR> d-------- C:\PerfLogs
2008-08-01 13:29 . 2008-08-01 13:29 <DIR> d-------- C:\Program Files\Secunia
2008-08-01 13:17 . 2008-08-01 13:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 13:16 . 2008-08-01 13:16 <DIR> d-------- C:\Program Files\HJT
2008-07-30 17:56 . 2008-07-30 17:59 <DIR> d-------- C:\Program Files\cfg
2008-07-30 12:09 . 2008-07-30 12:14 <DIR> d-------- C:\Program Files\Counter-Strike Source
2008-07-29 11:04 . 2008-07-29 11:04 <DIR> d-------- C:\VundoFix Backups
2008-07-28 17:08 . 2008-07-28 17:08 <DIR> d-------- C:\Users\All Users\Avira
2008-07-28 17:08 . 2008-07-28 17:08 <DIR> d-------- C:\ProgramData\Avira
2008-07-28 17:08 . 2008-07-28 17:08 <DIR> d-------- C:\Program Files\Avira
2008-07-28 16:35 . 2008-07-30 17:42 23,888 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-07-28 16:35 . 2008-07-30 17:28 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-07-28 16:35 . 2008-07-30 17:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-07-18 12:46 . 2008-01-19 09:35 4,497,408 --a------ C:\Windows\System32\NlsData0019.dll
2008-07-18 12:46 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0816.dll
2008-07-18 12:46 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0416.dll
2008-07-18 12:46 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0414.dll
2008-07-18 12:46 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData001d.dll
2008-07-18 12:46 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0010.dll
2008-07-18 12:46 . 2008-01-19 09:35 3,466,752 --a------ C:\Windows\System32\NlsData0013.dll
2008-07-18 12:46 . 2008-01-19 09:35 2,599,936 --a------ C:\Windows\System32\NlsData0001.dll
2008-07-18 12:46 . 2008-01-19 09:35 1,523,712 --a------ C:\Windows\System32\NlsData0000.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 14:53 --------- d-----w C:\Users\Metamix\AppData\Roaming\dvdcss
2008-08-11 10:37 --------- d-----w C:\ProgramData\Symantec
2008-08-11 10:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-09 18:26 --------- d-----w C:\Users\Metamix\AppData\Roaming\teamspeak2
2008-08-03 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 11:40 --------- d-----w C:\ProgramData\Xfire
2008-08-01 19:41 --------- d-----w C:\Users\Metamix\AppData\Roaming\Xfire
2008-08-01 18:43 --------- d-----w C:\Program Files\Xfire
2008-08-01 17:55 --------- d-----w C:\Users\Metamix\AppData\Roaming\Hamachi
2008-08-01 12:22 174 --sha-w C:\Program Files\desktop.ini
2008-08-01 12:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-01 12:13 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-01 12:13 --------- d-----w C:\Program Files\Windows Mail
2008-08-01 12:13 --------- d-----w C:\Program Files\Windows Journal
2008-08-01 12:13 --------- d-----w C:\Program Files\Windows Defender
2008-08-01 12:13 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-01 12:13 --------- d-----w C:\Program Files\Windows Calendar
2008-08-01 11:47 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-01 11:47 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-28 14:38 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-28 14:35 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-07-28 14:35 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-07-28 14:35 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-28 14:35 --------- d-----w C:\Program Files\Symantec
2008-06-30 19:47 --------- d-----w C:\Program Files\Ubisoft
2008-06-30 14:21 --------- d-----w C:\Users\Metamix\AppData\Roaming\Ubisoft
2008-06-30 14:07 --------- d-----w C:\ProgramData\Ubisoft
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-21 09:13 --------- d-----w C:\Program Files\Game Cam V2
2008-06-16 08:31 7,808 ----a-w C:\Windows\system32\drivers\psi_mf.sys
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-02-15 15:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-15 15:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-15 15:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-10 12:00 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-06-15 16:48 326440]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 18:33 204908]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:39 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:36 22696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 22:41 178280]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-10 12:00 1838592]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 10:56 4493312 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
C:\Users\Metamix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 11:03:08 663552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F35FFAAB-B4E3-461F-880D-F1B970A88472}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA50C69F-0CE1-49FD-BF3B-60D62A206C97}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{BDD016F8-3150-4A59-A93B-212323926AEC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{38069790-6671-4260-885A-9116A5A0E4A5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer Play Movie
"{53D3EC7E-C15D-4AFE-81D3-392347A629AC}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"TCP Query User{16011576-5C3B-443F-85A4-F2DB3E182CF3}C:\\games\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\games\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{7B728EE8-C6A6-4AE7-B28E-39D2D9F42B4D}C:\\games\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\games\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{DCF02145-4CF5-498D-871B-AC2444FB8E73}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A3CC37E3-0C3F-4A50-AE6A-22B250647738}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{51925114-09DA-467E-B707-7E185D6141DC}C:\\games\\cod 2\\cod2mp_s.exe"= UDP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{6F10CD0E-1E33-4F8D-95F2-53B3AF562989}C:\\games\\cod 2\\cod2mp_s.exe"= TCP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"{916A530A-2C78-4AB7-B037-81205F1FAAB6}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9E6EC27C-2958-4865-B511-FFEAA556C4EB}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0F897677-01BB-4B7E-9A4E-732C64394C30}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{816F541E-749D-4F8C-B59E-A6599C30F34F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{8690F1B8-8F68-473D-8AE3-FE221EC0E4F4}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{3651232E-AD72-4139-B961-DFE11F0280DF}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{052513AF-E57F-4841-8317-EA52962CC544}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{EAAEAC27-6F3F-41A8-A918-A6EEE9649E44}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{7968A569-C41E-4BE8-B6DF-2C354E7D1E5D}C:\\games\\cod 2\\cod2mp_s.exe"= UDP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{8F249620-3297-4BAA-B146-AA58B86B13FD}C:\\games\\cod 2\\cod2mp_s.exe"= TCP:C:\games\cod 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{10AE2ED0-5DB3-456B-A3B0-1DAB580D6332}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{18231FE4-6C83-42E5-AAD9-FFBDE43586D9}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{D545C315-A374-48CD-B523-69C5D229CE69}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{6326DB66-373A-4ED9-97A6-4F7CDE6AC863}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{EB3D459D-B58A-4373-936B-9C33B047A537}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{89339EE1-F604-4D6A-972B-4B6E3D8374D6}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"{24B1420E-1683-43B2-A9A7-F8F5B2DE437D}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{35093D07-9A8B-4E3B-8E65-3EE3021E047E}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{AEA2453E-9722-46DC-9DC6-2F5F7182434A}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{0EDD73F8-F3CB-4EB6-A243-AA2444FCBFC7}C:\\games\\wc 3 gepatcht\\war3.exe"= UDP:C:\games\wc 3 gepatcht\war3.exe:Warcraft III
"UDP Query User{CAFF0678-0BA3-48D5-A91F-5C8946A3FAFD}C:\\games\\wc 3 gepatcht\\war3.exe"= TCP:C:\games\wc 3 gepatcht\war3.exe:Warcraft III
"TCP Query User{F814FE61-9476-4EB9-BE6D-CF3F836C1DCA}C:\\games\\xiii\\system\\xiii.exe"= UDP:C:\games\xiii\system\xiii.exe:XIII
"UDP Query User{5B21A32D-7190-4672-8691-F3788AAC9675}C:\\games\\xiii\\system\\xiii.exe"= TCP:C:\games\xiii\system\xiii.exe:XIII
"TCP Query User{79D75DB9-13CA-49BD-BE3C-F2D36D20A1EB}C:\\games\\cod 2 (1)\\cod2mp_s.exe"= UDP:C:\games\cod 2 (1)\cod2mp_s.exe:CoD2MP_s
"UDP Query User{6C6BFA0F-1749-4D45-A67F-C76B70AB53C5}C:\\games\\cod 2 (1)\\cod2mp_s.exe"= TCP:C:\games\cod 2 (1)\cod2mp_s.exe:CoD2MP_s
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 16:51]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 18:33]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 11:53]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-06-16 10:31]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aef5cdb-7edd-11dc-a9d3-806e6f6e6963}]
\shell\AutoRun\command - E:\Start.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
2008-08-01 C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Metamix.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 06:35]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Zusätzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.quenya-germany.de/forum/index.php?sid=ad69b41bddffbde91bf619257fa78544
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://de.intl.acer.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
O8 -: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1
C:\Windows\Downloaded Program Files\ImageUploader5.inf
C:\Windows\System32\unicows.dll
C:\Windows\Downloaded Program Files\ImageUploader5.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 09:51:41
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-12 9:53:11
ComboFix-quarantined-files.txt 2008-08-12 07:53:09
Pre-Run: 14 Verzeichnis(se), 98,766,340,096 Bytes frei
Post-Run: 22 Verzeichnis(se), 98,729,734,144 Bytes frei
246 --- E O F --- 2008-08-08 15:27:40
Ps: Mir ist gerade aufgefallen das ich wieder Bilder als desktop hintergrund nehmen kann also ich glaube der Virus ist weg :) |
