Huhu,
habe jetzt gemacht was du mir gesagt hast. hoffe es hat alles so geklappt wie es sollte Code:
Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1313
Windows 6.0.6001 Service Pack 1
24.10.2008 21:07:21
mbam-log-2008-10-24 (21-07-21).txt
Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 179540
Laufzeit: 1 hour(s), 49 minute(s), 24 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\4346\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. Code:
ComboFix 08-10-23.08 - Besitzer 2008-10-24 21:25:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.262 [GMT 2:00]
ausgeführt von:: C:\Users\Besitzer\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
Error: Cfiles.dat
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Besitzer\AppData\Local\eekyyyc.dat
C:\Users\Besitzer\AppData\Local\eekyyyc_nav.dat
C:\Users\Besitzer\AppData\Local\eekyyyc_navps.dat
C:\Windows\system32\x64
.
((((((((((((((((((((((( Dateien erstellt von 2008-09-24 bis 2008-10-24 ))))))))))))))))))))))))))))))
.
2008-10-24 18:00 . 2008-10-24 18:00 <DIR> d-------- C:\Users\Besitzer\AppData\Roaming\Malwarebytes
2008-10-24 18:00 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-24 17:59 . 2008-10-24 17:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-24 17:59 . 2008-10-24 17:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-24 17:59 . 2008-10-24 18:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 17:59 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-24 11:05 . 2008-10-24 11:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-24 02:22 . 2008-10-24 02:22 <DIR> d-------- C:\ICQ Toolbar
2008-10-17 01:50 . 2008-10-17 01:55 <DIR> d-------- C:\Users\Besitzer\.tkabber
2008-10-15 23:54 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 23:54 . 2008-08-05 11:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-15 23:54 . 2008-08-05 11:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-15 23:53 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 23:53 . 2008-08-05 11:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-15 23:53 . 2008-08-05 11:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-15 23:53 . 2008-08-05 11:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-15 23:52 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 23:52 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 23:51 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 23:51 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-09-28 05:29 . 2007-10-04 09:53 <DIR> d-------- C:\Users\Besitzer\bananenkoenig
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 10:37 --------- d-----w C:\ProgramData\Google Updater
2008-10-24 08:43 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-24 00:56 --------- d-----w C:\Users\Besitzer\AppData\Roaming\Skype
2008-10-23 22:04 --------- d-----w C:\Users\Besitzer\AppData\Roaming\skypePM
2008-10-22 01:31 --------- d-----w C:\Users\Besitzer\AppData\Roaming\K-Meleon
2008-10-22 01:31 --------- d-----w C:\Program Files\K-Meleon
2008-10-15 22:20 --------- d-----w C:\Program Files\Windows Mail
2008-10-14 20:49 --------- d-----w C:\Users\Besitzer\AppData\Roaming\OpenOffice.org2
2008-10-14 11:45 --------- d-----w C:\Users\Besitzer\AppData\Roaming\teamspeak2
2008-09-28 00:25 --------- d-----w C:\Program Files\ICQ6
2008-09-27 03:40 --------- d-----w C:\Program Files\CryptLoad_1.0.4
2008-09-26 23:05 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-09-23 20:35 72,748 ----a-w C:\Windows\unins000.exe
2008-09-17 09:54 --------- d-----w C:\Program Files\Kill-ID für Chrome
2008-09-12 10:45 --------- d-----w C:\Program Files\Panda Security
2008-09-08 17:53 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 01:00 --------- d-----w C:\Program Files\Opera
2008-08-26 14:28 --------- d-----w C:\Users\Besitzer\AppData\Roaming\TeamViewer
2008-08-25 23:32 --------- d-----w C:\Users\Besitzer\AppData\Roaming\TuneUp Software
2008-08-25 23:31 306,432 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-08-25 23:31 --------- d-----w C:\ProgramData\TuneUp Software
2008-08-25 23:31 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-25 23:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-12 13:59 6,702,614 ----a-w C:\Users\Besitzer\setup_dictionary.exe
2008-03-19 08:16 174 --sha-w C:\Program Files\desktop.ini
2008-02-04 05:21 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-04 05:21 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-24 19:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-24 19:16 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-24 19:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-13 22:15 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-13 22:15 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-13 22:15 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-19 06:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031920080320\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2008-04-24 61440]
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 68856]
"Google Update"="C:\Users\Besitzer\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-03-30 69632]
Ulead Kalendar Checker 4.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-03-16 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.IV41"= ir41_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 12:15 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-02 16:43 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D932E384-38EC-4B26-A09C-CE35E7012EBF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{41C99350-3782-451A-AC98-560514A53FE1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{62F28CD3-88D9-4B46-9F7E-89D684E989BD}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4027C6FE-A545-4AE4-8A84-0B89E595FCE6}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C52AB422-1D58-4C47-ADDE-4B51755BDF7D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{8793F8B8-6394-4931-BFAF-E291AD2DD7EA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{651D55BE-D784-4572-821B-E589F88C2F12}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{81258A04-C6ED-4BD9-A648-21B3F072D03E}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{CD6D0206-50B2-4776-BEE6-0F2544EDDE2B}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{F57773D4-7B03-4B0E-B0C2-31ABF53D369B}C:\\program files\\icq6\\icq.exe"= Disabled:UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{84238B35-762B-4B88-AC33-E7E32C9B61D2}C:\\program files\\icq6\\icq.exe"= Disabled:TCP:C:\program files\icq6\icq.exe:ICQ Library
"{3886570A-CDE1-4965-B577-1B4848B4FE82}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CA1BCF6E-6AF7-491A-9A40-811CFD54711E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{14CDE20F-6115-4195-AE7D-B42A3D99DC59}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{894A0FBE-A1DC-4D42-815B-92A1B42B8C20}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{2AEC6965-D450-43FE-83A8-23397CF4C4B8}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{BF269C9E-D182-4A95-B59A-8A4FC4DE27C5}C:\\program files\\qip infium\\infium.exe"= UDP:C:\program files\qip infium\infium.exe:QIP Infium Beta
"UDP Query User{BA94EB17-E45D-4EBC-B0F7-C7CAEB7E1D0C}C:\\program files\\qip infium\\infium.exe"= TCP:C:\program files\qip infium\infium.exe:QIP Infium Beta
"TCP Query User{5C349311-8150-44EF-9833-B2BFBA067F3D}C:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox
"UDP Query User{4D9A4783-8BA5-4390-8739-B4016E8440D6}C:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox
"TCP Query User{1A4FF0E8-CE60-4804-83AC-7CF69A916419}C:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"UDP Query User{8AC6E53C-6EC6-4FAC-9489-EA411AEC15DB}C:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"{59FC9CCD-BC98-4E28-9879-7075BD290DCF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{86DF582C-8D1B-4FF1-A3D4-45F84D84C943}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{50374E2B-E19C-46F3-B525-3CC82B64117A}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"TCP Query User{7B84A639-E8E6-4201-93BD-95E30FAD7ECB}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{0523B270-443F-44B6-B2FA-0429836F14C7}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-08-26 306432]
R3 WDMWANMP;NDIS WAN miniport;C:\Windows\system32\DRIVERS\wdmwanmp.sys [2004-02-18 29312]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 ISDN_u;ISDN USB CAPI;C:\Windows\system32\DRIVERS\ISDN_u.sys [2004-04-01 755697]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
2008-10-24 C:\Windows\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 13:17]
2007-12-27 C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-10-24 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\Besitzer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 21:22]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\0c18bezw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\np-mswmp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\NpFv415.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\nppdf32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NpFv415.dll
FF -: plugin - C:\Users\Besitzer\AppData\Local\Google\Update\1.2.131.25\npGoogleOneClick6.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 21:29:38
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-10-24 21:31:41
ComboFix-quarantined-files.txt 2008-10-24 19:31:11
Vor Suchlauf: 22 Verzeichnis(se), 11.034.230.784 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 11,000,475,648 Bytes frei
227 --- E O F --- 2008-10-23 11:08:23 |