und hier nochmal das ganz neue logfile :
Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1828
Windows 6.0.6001 Service Pack 1
09.03.2009 17:41:48
mbam-log-2009-03-09 (17-41-48).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 61065
Laufzeit: 2 minute(s), 58 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
..das Ergebnis ist jetzt schon ok und da wird sich nun nach einem Neustart und neu scan auch nichts mehr daran ändern...
Was ist mit den Spielen, ist es etwas besser geworden?
..um das zu testen würde ich ihn aber schon neu starten!
Ich konnt wieder etwas länger spielen als sonst aber erst stürzt immernoch ab... :'(
ComboFix 09-03-06.02 - Alpacino 2009-03-09 20:40:56.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1031.18.2046.1364 [GMT 1:00]
ausgeführt von:: c:\users\Alpacino\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090227-0] *On-access scanning enabled* (Updated)
* Neuer Wiederherstellungspunkt wurde erstellt
.
((((((((((((((((((((((( Dateien erstellt von 2009-02-09 bis 2009-03-09 ))))))))))))))))))))))))))))))
.
2009-03-09 17:22 . 2009-03-09 17:22 <DIR> d-------- c:\program files\DVDTS
2009-03-09 16:07 . 2009-03-09 16:07 <DIR> d-------- c:\users\Alpacino\AppData\Roaming\Malwarebytes
2009-03-09 16:07 . 2009-03-09 16:07 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-09 16:07 . 2009-03-09 16:07 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-09 16:07 . 2009-03-09 16:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-09 16:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-09 16:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-08 11:21 . 2009-03-08 12:25 <DIR> d-------- c:\program files\Saints Row 2
2009-03-07 22:38 . 2009-03-07 22:38 <DIR> d-------- c:\program files\Trend Micro
2009-03-07 15:36 . 2009-03-07 15:36 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-07 15:08 . 2008-12-12 09:25 <DIR> d-------- c:\windows\System32\06 - Dot Net Framework
2009-03-07 15:08 . 2008-12-12 09:22 <DIR> d-------- c:\windows\System32\05 - C++ Redist
2009-03-07 15:08 . 2008-12-12 09:19 <DIR> d-------- c:\windows\System32\04 - Adobe Flash
2009-03-07 15:08 . 2008-12-12 09:16 <DIR> d-------- c:\windows\System32\03 - Games for Windows Live Update
2009-03-07 15:08 . 2008-12-12 09:09 <DIR> d-------- c:\windows\System32\02 - DirectX Auto Updater
2009-03-07 15:08 . 2008-12-12 09:18 <DIR> d-------- c:\windows\System32\01 - Maintenance
2009-03-07 15:08 . 2008-12-12 09:12 <DIR> d-------- c:\windows\System32\00 - System Diagnostics
2009-03-07 13:20 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2009-03-07 12:49 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2009-03-07 12:47 . 2009-03-07 12:47 <DIR> d-------- c:\program files\Microsoft Works
2009-03-07 12:44 . 2009-03-07 12:44 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-07 12:41 . 2009-03-07 12:41 <DIR> dr-h----- C:\MSOCache
2009-03-07 12:36 . 2009-03-07 12:36 <DIR> d-------- c:\program files\Smart Projects
2009-03-06 14:56 . 2009-03-06 14:56 <DIR> dr-h----- c:\users\Alpacino\AppData\Roaming\SecuROM
2009-03-06 14:52 . 2009-03-06 14:52 107,888 --a------ c:\windows\System32\CmdLineExt.dll
2009-03-06 14:50 . 2009-03-06 14:50 <DIR> d-------- c:\windows\System32\xlive
2009-03-06 14:50 . 2009-03-06 15:01 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-06 13:35 . 2009-03-06 13:36 <DIR> d-------- c:\program files\Rockstar Games
2009-03-06 13:12 . 2009-03-06 13:12 <DIR> d-------- c:\users\Alpacino\AppData\Roaming\MAGIX
2009-03-06 13:10 . 2009-03-06 13:11 <DIR> d-------- c:\users\All Users\MAGIX
2009-03-06 13:10 . 2009-03-06 13:11 <DIR> d-------- c:\programdata\MAGIX
2009-03-06 13:10 . 2009-03-06 13:11 <DIR> d-------- c:\program files\MAGIX
2009-03-06 13:10 . 2007-04-27 10:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll
2009-03-06 13:09 . 2009-03-06 13:15 <DIR> d-------- c:\windows\System32\MAGIX
2009-03-06 13:09 . 2008-04-15 16:14 700,416 --a------ c:\windows\System32\mgxoschk.dll
2009-03-06 13:09 . 2009-03-06 13:15 5,937 --a------ c:\windows\mgxoschk.ini
2009-03-01 16:40 . 2009-03-01 16:40 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-01 15:23 . 2009-03-01 15:59 <DIR> d-------- c:\program files\Cheat Engine
2009-03-01 15:23 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\System32\d3dx9.dll
2009-03-01 15:23 . 2007-12-26 17:30 679,936 --a------ c:\windows\System32\D3DX81ab.dll
2009-03-01 11:15 . 2009-03-01 11:15 <DIR> d-------- c:\program files\Install Creator
2009-02-28 17:06 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-28 15:26 . 2009-02-28 15:26 <DIR> d-------- c:\program files\FreeCap
2009-02-28 15:23 . 2009-02-28 15:23 <DIR> d-------- c:\program files\SocksCapV2
2009-02-28 15:23 . 1998-02-06 22:37 299,520 --a------ c:\windows\uninst.exe
2009-02-28 14:32 . 2009-02-28 14:32 <DIR> d-------- c:\program files\Microsoft ASP.NET
2009-02-28 14:25 . 2009-02-28 14:31 <DIR> d-------- c:\program files\IIS
2009-02-28 14:24 . 2009-02-28 14:24 204,800 --a------ c:\windows\mswebdvd.dll
2009-02-28 14:23 . 2009-02-28 14:23 <DIR> d-------- C:\inetpub
2009-02-28 12:22 . 2008-04-18 06:30 2,241,536 --a------ c:\windows\System32\msi.dll
2009-02-28 12:22 . 2008-04-18 06:30 332,800 --a------ c:\windows\System32\msihnd.dll
2009-02-28 12:22 . 2008-04-18 03:33 73,216 --a------ c:\windows\System32\msiexec.exe
2009-02-28 12:22 . 2008-04-18 03:33 2,560 --a------ c:\windows\System32\msimsg.dll
2009-02-28 12:21 . 2009-02-28 12:21 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-02-28 12:21 . 2009-02-28 12:21 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-28 12:21 . 2009-02-28 12:21 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-28 12:21 . 2009-03-01 16:48 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-28 12:18 . 2009-03-08 03:10 <DIR> d-------- c:\users\All Users\Microsoft Help
2009-02-28 12:18 . 2009-03-08 03:10 <DIR> d-------- c:\programdata\Microsoft Help
2009-02-28 12:18 . 2009-02-28 12:18 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-28 12:18 . 2009-02-28 12:21 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2009-02-28 12:18 . 2009-02-28 12:18 <DIR> d-------- c:\program files\Microsoft SDKs
2009-02-27 22:23 . 2002-08-05 04:21 1,495,040 --a------ c:\windows\mixer.exe
2009-02-27 22:23 . 2002-08-05 04:21 765,952 --a------ c:\windows\system\crlds3d.dll
2009-02-27 22:23 . 2002-08-05 04:21 712,704 --a------ c:\windows\System32\Audio3D.dll
2009-02-27 22:23 . 2002-08-05 04:21 379,150 --a------ c:\windows\System32\drivers\cmaudio.sys
2009-02-27 22:23 . 2002-08-05 04:21 135,168 --a------ c:\windows\cmuninst.exe
2009-02-27 22:23 . 2002-08-05 04:21 135,168 --a------ c:\windows\cmuninst.dat
2009-02-27 22:23 . 2002-08-05 04:21 32,768 --a------ c:\windows\System32\cmnprop.dll
2009-02-27 21:53 . 2009-02-27 21:53 <DIR> d-------- C:\PerfLogs
2009-02-27 21:00 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-27 21:00 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-27 21:00 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-27 21:00 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-27 21:00 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-27 21:00 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-27 21:00 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-27 21:00 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-27 20:58 . 2009-02-27 21:00 43,581,440 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-27 20:58 . 2009-02-27 21:00 196,608 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-27 20:58 . 2009-02-27 21:00 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-27 20:53 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-27 20:53 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-27 20:53 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-27 20:52 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-27 20:52 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-27 20:10 . 2009-02-27 20:10 <DIR> d-------- c:\users\Alpacino\AppData\Roaming\Free Sound Recorder
2009-02-27 20:00 . 2009-02-27 20:01 <DIR> d-------- c:\program files\Free Sound Recorder
2009-02-27 20:00 . 2005-05-17 12:37 1,986,560 --a------ c:\windows\System32\NCTAudioFile2.dll
2009-02-27 20:00 . 2005-05-18 11:52 1,212,416 --a------ c:\windows\System32\NCTAudioInformation2.dll
2009-02-27 20:00 . 2005-04-15 12:08 880,640 --a------ c:\windows\System32\NCTAudioEditor2.dll
2009-02-27 20:00 . 2004-11-04 13:31 835,584 --a------ c:\windows\System32\NCTAudioCDGrabber2.dll
2009-02-27 20:00 . 2005-04-04 17:21 602,112 --a------ c:\windows\System32\NCTAudioTransform2.dll
2009-02-27 20:00 . 2005-03-28 15:54 479,232 --a------ c:\windows\System32\NCTAudioVisualization2.dll
2009-02-27 20:00 . 2005-04-25 13:01 458,752 --a------ c:\windows\System32\NCTAudioRecord2.dll
2009-02-27 20:00 . 2005-04-25 13:01 458,752 --a------ c:\windows\System32\NCTAudioPlayer2.dll
2009-02-27 20:00 . 2005-03-28 15:52 417,792 --a------ c:\windows\System32\NCTTextToAudio2.dll
2009-02-27 20:00 . 2005-02-24 11:51 348,160 --a------ c:\windows\System32\NCTWMAFile2.dll
2009-02-27 20:00 . 2006-03-23 12:56 113,486 --a------ c:\windows\System32\NCTWMAProfiles.prx
2009-02-27 19:35 . 2009-02-27 19:35 <DIR> d-------- c:\users\Alpacino\dwhelper
2009-02-27 18:53 . 2009-02-27 18:53 <DIR> d-------- c:\users\All Users\GRAW2
2009-02-27 18:53 . 2009-02-27 18:53 <DIR> d-------- c:\programdata\GRAW2
2009-02-27 18:50 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2009-02-27 18:49 . 2009-02-27 18:49 <DIR> d-------- c:\users\All Users\Media Center Programs
2009-02-27 18:49 . 2009-02-27 18:49 <DIR> d-------- c:\programdata\Media Center Programs
2009-02-27 18:45 . 2009-02-27 18:45 <DIR> d-------- c:\program files\UBISOFT
2009-02-27 18:44 . 2009-02-27 18:44 <DIR> d-------- c:\users\Alpacino\AppData\Roaming\InstallShield
2009-02-27 14:04 . 2009-02-27 14:04 368,640 --a------ c:\windows\System32\ReWire.dll
2009-02-27 14:04 . 2009-02-27 14:04 233,472 --a------ c:\windows\System32\REX Shared Library.dll
2009-02-27 13:58 . 2009-02-27 14:04 <DIR> d-------- c:\users\Alpacino\AppData\Roaming\Propellerhead Software
2009-02-27 13:58 . 2009-02-27 13:58 <DIR> d-------- c:\users\All Users\Propellerhead Software
2009-02-27 13:58 . 2009-02-27 13:58 <DIR> d-------- c:\programdata\Propellerhead Software
2009-02-27 13:57 . 2009-02-27 13:57 <DIR> d-------- c:\program files\Propellerhead
2009-02-26 21:32 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2009-02-26 21:31 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-26 21:30 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2009-02-26 21:30 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2009-02-26 21:30 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2009-02-26 21:30 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2009-02-26 21:30 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2009-02-26 21:30 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2009-02-26 21:30 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2009-02-26 21:30 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2009-02-26 21:30 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2009-02-26 21:30 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 11:47 --------- d-----w c:\program files\MSBuild
2009-02-27 21:18 174 --sha-w c:\program files\desktop.ini
2009-02-27 20:54 --------- d-----w c:\program files\Windows Sidebar
2009-02-27 20:54 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-27 20:54 --------- d-----w c:\program files\Windows Mail
2009-02-27 20:54 --------- d-----w c:\program files\Windows Journal
2009-02-27 20:54 --------- d-----w c:\program files\Windows Defender
2009-02-27 20:54 --------- d-----w c:\program files\Windows Collaboration
2009-02-27 20:54 --------- d-----w c:\program files\Windows Calendar
2009-02-27 20:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-27 20:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-23 09:32 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-02-23 09:32 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-02-23 09:32 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-02-23 09:32 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-02-23 09:32 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-02-23 09:32 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-02-22 00:54 --------- d-sh--w c:\programdata\Vorlagen
2009-02-22 00:54 --------- d-sh--w c:\programdata\Startmenü
2009-02-22 00:54 --------- d-sh--w c:\programdata\Favoriten
2009-02-22 00:54 --------- d-sh--w c:\programdata\Dokumente
2009-02-22 00:54 --------- d-sh--w c:\programdata\Anwendungsdaten
2009-02-22 00:54 --------- d-sh--w c:\program files\Gemeinsame Dateien
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-16 17:24 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2009-01-03 13:21 15,706 ----a-w c:\program files\changes.txt
2009-01-03 11:28 1,203,880 ----a-w c:\program files\fraps.exe
2009-01-03 11:27 74,920 ----a-w c:\program files\fraps64.dat
2009-01-03 11:24 81,920 ----a-w c:\windows\System32\frapsvid.dll
2009-01-03 11:24 176,128 ----a-w c:\program files\fraps.dll
2009-01-03 11:24 127,488 ----a-w c:\program files\fraps64.dll
2009-01-03 11:23 159,744 ----a-w c:\program files\frapslcd.dll
2009-01-01 12:58 1,852 ----a-w c:\program files\README.HTM
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"C-Media Mixer"="Mixer.exe" [2002-08-05 c:\windows\mixer.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-02-22 02:27 1410296 c:\program files\Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{51E368D6-6508-4664-92FC-B8976A7B2587}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{D93BEE9D-B543-44A3-BE18-378E4B497672}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{FD9A04CB-AFBE-4C04-9E99-DF79F88A0395}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{733B1B44-E777-4D9F-81F3-CB421A39CD92}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"TCP Query User{8089D2AC-3DDA-4F38-B331-6DAC46991AFC}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{C1DA3FD8-7423-46DC-B9FD-F8AD86F3FBE4}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{7C41DBC8-9251-43A5-A6C3-19251D3296FB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9CBE1FF4-D754-400C-93B8-7D42C633E427}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{3B2DEAC6-D98A-4525-B3F1-A30E0ED1EFC3}"= UDP:c:\program files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:Tom Clancy's H.A.W.X - Demo
"{E50B860A-1225-4100-930C-4E58C5D44F6D}"= TCP:c:\program files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:Tom Clancy's H.A.W.X - Demo
"{63682243-372F-446C-89DE-798F9F95C4FA}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F4DF9AC3-C149-41E9-B6E1-D49DA254BD49}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FB492934-F1A7-4A50-8641-156749B64D06}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{D679648A-C2CA-4B69-A9F6-E70E6345C3CB}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{42C626C7-AAA8-4D52-BAA9-3756EC811289}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{08AD981B-6C1F-42D1-BBDD-497A079DFD60}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2521389B-7D22-4C0D-8D5A-A312FBA8D75E}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{55D2432E-4737-428A-86BD-660A22D2DD7F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0A4C7506-ACDD-479C-B88F-94C0B94D6F9C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-22 51792]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-02-26 21504]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-02-22 222456]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2009-02-22 240128]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\System32\drivers\c6501.sys [2009-02-22 1298944]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-03-06 1527900]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2009-02-22 13224]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2008-10-27 22408]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [2007-04-23 98568]
S3 WMSvc;Webverwaltungsdienst;c:\windows\System32\inetsrv\WMSvc.exe [2009-02-26 11264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc REG_MULTI_SZ ftpsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{677ce085-007a-11de-aaab-806e6f6e6963}]
\shell\AutoRun\command - D:\Autorun.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Run-C6501Sound - c6501.cpl
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {7043B7A7-2C44-4B79-A2E4-7045BA865F3C} = 62.220.18.8 89.246.64.8
FF - ProfilePath - c:\users\Alpacino\AppData\Roaming\Mozilla\Firefox\Profiles\y9ikn5lh.default\
FF - plugin: c:\users\Alpacino\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 20:43:53
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2009-03-09 20:45:33
ComboFix-quarantined-files.txt 2009-03-09 19:45:30
Vor Suchlauf: 17 Verzeichnis(se), 230.374.449.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 230,359,699,456 Bytes frei
265 --- E O F --- 2009-03-08 02:10:49
Combofix Logfile ist sauber:
Start -> Ausführen -> Combofix /U (eintippen)
Filesharing ist gefährlich und bringt sehr oft Malware mit aufs System, würde dir empfehlen bittorrent zu entfernen!!
Bitte Smitfraudfix runterladen und wie auf der Seite anwenden, Logfile Posten.
http://siri.urz.free.fr/Fix/SmitfraudFix_De.php
Außerdem neues Hijackthis Logfile posten.
A-squared free runterladen -> installieren -> Updaten und Detail Scan machen -> Funde löschen lassen und Report posten.
http://www.emsisoft.de/de/software/free/
Gruß Deniz
Combofix - Deinstalliert
BitTorrent - Deinstalliert
SmitFraudFix Logfile(alles genau so gemacht wie auf der seite steht, auch mit dem registry clean):
SmitFraudFix v2.400
Scan done at 21:25:45,53, 09.03.2009
Run from C:\Users\Alpacino\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Hijackthis neuer scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:41, on 09.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\mixer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235325778396&h=ec3b90e2b8e6bb3931bcec8f76236775/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7043B7A7-2C44-4B79-A2E4-7045BA865F3C}: NameServer = 62.220.18.8 89.246.64.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5108 bytes
« Komme bei Yugioh GX Spirit Caller nicht weiter??? | Xbox 360 » | ||