Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
System Security 2009 erfolgreich abgeblockt?

System Security 2009 erfolgreich abgeblockt?


Plagegeister aller Art und deren Bekämpfung: System Security 2009 erfolgreich abgeblockt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.08.2009, 15:08   #1
tuxfan283
 
System Security 2009 erfolgreich abgeblockt? - Standard

System Security 2009 erfolgreich abgeblockt?


Hi,

ich war gestern auf einer Seite, wo man Anime Serien gucken kann. Auf einmal hat mein Antivir verrückt gespielt. Ich habe alles was Antivir gemelder hatte in die Quarantänge geschoben. So wie andere im Internet berichtet haben, dass unten immer so ein Balken kommt mit "you are infected" kam nie. Also ich denke die Suite ist nie aktiv geworden.

Hier mein ComboFix

Code:
ATTFilter
ComboFix 09-08-03.04 - Renate & Wolfgang 04.08.2009  0:03.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1835 [GMT 2:00]
ausgeführt von:: c:\users\Renate & Wolfgang\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\55c64.msi

.
(((((((((((((((((((((((   Dateien erstellt von 2009-07-03 bis 2009-08-03  ))))))))))))))))))))))))))))))
.

2009-08-03 21:51 . 2009-08-03 21:51	3942048	----a-w-	c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-03 19:12 . 2009-08-03 19:12	5550	----a-r-	c:\users\Renate & Wolfgang\AppData\Roaming\Microsoft\Installer\{F1BFD15D-9EEC-4072-942D-240BA0B99467}\_6FEFF9B68218417F98F549.exe
2009-08-03 19:12 . 2009-08-03 19:12	--------	d-----w-	c:\program files\COMPUTERBILD-Abzockschutz
2009-07-31 08:12 . 2009-07-31 08:12	--------	d-----w-	c:\windows\system32\ca-ES
2009-07-31 08:12 . 2009-07-31 08:12	--------	d-----w-	c:\windows\system32\eu-ES
2009-07-31 08:12 . 2009-07-31 08:12	--------	d-----w-	c:\windows\system32\vi-VN
2009-07-31 08:09 . 2009-07-31 08:09	--------	d-----w-	c:\windows\system32\SPReview
2009-07-31 08:00 . 2009-04-10 21:28	928768	----a-w-	c:\windows\system32\scavenge.dll
2009-07-31 08:00 . 2009-04-10 21:27	57856	----a-w-	c:\windows\system32\compcln.exe
2009-07-31 07:58 . 2009-04-10 21:32	245736	----a-w-	c:\windows\system32\clfs.sys
2009-07-31 07:56 . 2009-07-31 07:56	--------	d-----w-	c:\windows\system32\EventProviders
2009-07-29 15:30 . 2009-07-29 15:30	--------	d-----w-	c:\programdata\F-Secure
2009-07-27 20:11 . 2009-08-03 16:53	--------	d-----w-	c:\users\Renate & Wolfgang\Tracing
2009-07-27 20:01 . 2009-07-27 20:01	--------	d-----w-	c:\program files\Microsoft
2009-07-27 20:00 . 2009-07-27 20:00	--------	d-----w-	c:\program files\Windows Live SkyDrive
2009-07-27 19:58 . 2009-07-27 19:58	--------	d-----w-	c:\program files\Common Files\Windows Live
2009-07-27 19:56 . 2008-07-27 18:03	41984	----a-w-	c:\windows\system32\netfxperf.dll
2009-07-27 19:54 . 2009-03-08 11:32	72704	----a-w-	c:\windows\system32\admparse.dll
2009-07-27 19:54 . 2009-03-08 11:31	48128	----a-w-	c:\windows\system32\mshtmler.dll
2009-07-26 13:30 . 2009-07-26 13:30	--------	d-----w-	c:\users\Renate & Wolfgang\AppData\Roaming\Malwarebytes
2009-07-26 13:30 . 2009-08-03 11:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 13:30 . 2009-08-03 11:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-26 13:30 . 2009-07-26 13:30	--------	d-----w-	c:\programdata\Malwarebytes
2009-07-26 13:30 . 2009-08-03 21:51	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-07-26 08:03 . 2009-07-26 08:03	1080072	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-19 15:58 . 2009-07-19 15:58	--------	d-----w-	c:\program files\Microsoft.NET
2009-07-19 15:56 . 2009-07-19 15:56	--------	d-----w-	c:\users\Renate & Wolfgang\AppData\Local\Microsoft Help
2009-07-19 15:55 . 2009-07-19 15:55	--------	d--h--r-	C:\MSOCache
2009-07-19 15:52 . 2009-07-19 15:52	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2009-07-19 15:52 . 2009-07-19 15:52	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2009-07-19 15:52 . 2009-07-19 15:52	--------	d-----w-	c:\program files\DAEMON Tools Lite
2009-07-19 15:51 . 2009-07-26 14:44	680	----a-w-	c:\users\Renate & Wolfgang\AppData\Local\d3d9caps.dat
2009-07-19 15:48 . 2009-07-19 15:48	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-07-19 15:48 . 2009-07-19 15:53	--------	d-----w-	c:\users\Renate & Wolfgang\AppData\Roaming\DAEMON Tools Lite
2009-07-19 14:40 . 2009-06-15 14:53	156672	----a-w-	c:\windows\system32\t2embed.dll
2009-07-19 14:40 . 2009-06-15 14:52	72704	----a-w-	c:\windows\system32\fontsub.dll
2009-07-19 14:40 . 2009-06-15 12:42	289792	----a-w-	c:\windows\system32\atmfd.dll
2009-07-19 14:40 . 2009-06-15 14:52	23552	----a-w-	c:\windows\system32\lpk.dll
2009-07-19 14:40 . 2009-06-15 14:51	10240	----a-w-	c:\windows\system32\dciman32.dll
2009-07-19 14:40 . 2009-04-11 06:28	34304	----a-w-	c:\windows\system32\atmlib.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 17:00 . 2008-01-21 07:15	664282	----a-w-	c:\windows\system32\perfh007.dat
2009-08-03 17:00 . 2008-01-21 07:15	142622	----a-w-	c:\windows\system32\perfc007.dat
2009-08-03 16:53 . 2008-05-11 11:17	--------	d-----w-	c:\programdata\Google Updater
2009-08-03 09:03 . 2008-02-26 04:21	12	----a-w-	c:\windows\bthservsdp.dat
2009-08-01 08:32 . 2008-06-15 10:18	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-07-31 08:12 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2009-07-31 08:12 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-07-31 08:12 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2009-07-31 08:12 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2009-07-31 08:12 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2009-07-31 08:12 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-07-31 08:12 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2009-07-31 08:12 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-07-31 08:08 . 2006-11-02 12:37	37665	----a-w-	c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-27 20:00 . 2008-05-06 20:22	--------	d-----w-	c:\program files\Windows Live
2009-07-26 20:11 . 2008-05-07 18:35	--------	d-----w-	c:\users\Renate & Wolfgang\AppData\Roaming\Skype
2009-07-21 21:52 . 2009-07-28 19:09	915456	----a-w-	c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:09	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:09	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:09	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-21 17:58 . 2008-02-26 05:32	--------	d-----w-	c:\programdata\Microsoft Help
2009-07-21 17:05 . 2008-04-28 10:07	120416	----a-w-	c:\users\Renate & Wolfgang\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-19 15:58 . 2008-02-26 05:27	--------	d-----w-	c:\program files\Microsoft Works
2009-08-02 19:42 . 2008-06-17 19:33	137208	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{353e2a48-6254-4bd3-88f4-3b51a0ca7870}"= "mscoree.dll" [2009-03-29 278848]

[HKEY_CLASSES_ROOT\clsid\{353e2a48-6254-4bd3-88f4-3b51a0ca7870}]
[HKEY_CLASSES_ROOT\CBAbzockschutz.CBAbzockschutz]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-20 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-20 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-17 4718592]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\users\Renate & Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
milch.vbs [2009-8-2 186]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d3,d7,0c,42,b7,11,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01A165AB-D9A5-41CB-A196-1709CEC1537C}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{687B5CEF-BC5F-4893-A514-A606B79C2497}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{CC62E603-FA70-43F0-916F-B22ABF1ED8FC}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{1E353877-3252-4D17-B1FC-9A03929001D4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{53387E2B-488B-4BBD-AC0A-EAF6CAC50264}c:\\program files\\team6 game studios\\fsr demo\\game.exe"= UDP:c:\program files\team6 game studios\fsr demo\game.exe:Game
"UDP Query User{408EDF4B-6C87-442D-8F85-9CBD3ADFDAB0}c:\\program files\\team6 game studios\\fsr demo\\game.exe"= TCP:c:\program files\team6 game studios\fsr demo\game.exe:Game
"TCP Query User{A6F7B843-19FB-4014-9CDE-35999C91EFC4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{74F92334-DA59-4C96-8A83-83B9FF0D7BAF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [08.02.2008 16:33 210736]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.03.2009 13:18 108289]
R2 GnabService;GnabService;c:\program files\Common Files\Gnab\Service\ServiceController.exe [26.02.2008 08:17 36864]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [19.06.2008 23:09 809296]
R2 SmartSurferManager;SmartSurfer Manager;c:\program files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe [18.12.2007 11:13 132560]
R2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [29.02.2008 07:19 1681408]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [26.02.2008 05:54 327168]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [26.02.2008 06:07 118784]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [26.02.2008 06:03 13976]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [01.03.2008 11:30 1527900]
S3 PhilCap;NXP service;c:\windows\System32\drivers\PhilCap.sys [08.02.2008 16:34 908896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-08-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-01 12:00]

2009-08-03 c:\windows\Tasks\User_Feed_Synchronization-{BB6350BB-5619-4F40-BEEC-76D8ECCDAFD8}.job
- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\Renate & Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\a9x9wv6r.default\
FF - prefs.js: network.proxy.http - 80.148.23.25:80
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 00:08
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-08-03  0:10
ComboFix-quarantined-files.txt  2009-08-03 22:10

Vor Suchlauf: 8 Verzeichnis(se), 250.638.495.744 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 250.977.894.400 Bytes frei

258	--- E O F ---	2009-07-31 17:00

Ich denke, er ist sauber, oder?


Danke schonmal für eure Hilfe.


TuxFan283

Alt 04.08.2009, 15:09   #2
tuxfan283
 
System Security 2009 erfolgreich abgeblockt? - Standard

System Security 2009 erfolgreich abgeblockt?


hier das HJT Logfile:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:41, on 04.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\RENATE~1\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\RENATE~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\Users\RENATE~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Renate & Wolfgang\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartSurfer Manager (SmartSurferManager) - United Internet AG - C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10598 bytes
__________________
Antwort

Themen zu System Security 2009 erfolgreich abgeblockt?
0 bytes, anime, antivir, auf einmal, avg, avgnt, avgnt.exe, avira, c:\windows\system32\rundll32.exe, combofix, components, desktop, error, explorer, firefox, firefox.exe, google, home, home premium, infected, internet, internet explorer, malwarebytes, malwarebytes' anti-malware, menu.exe, mozilla, odsbcapp.exe, origin, programdata, richtlinie, rundll, scan, sched.exe, security, skype.exe, software, start menu, suchlauf, svchost, system, tcp, udp, web.de, windows


« TR/Dldr.Agent.cimj gefunden | avguard.exe evt Virus? »

Ähnliche Themen: System Security 2009 erfolgreich abgeblockt?


  1. Entfernen von Live Security Platinum erfolgreich?
    Log-Analyse und Auswertung - 29.07.2012 (11)
  2. ist live security platinum erfolgreich entfernt worden?
    Log-Analyse und Auswertung - 28.06.2012 (1)
  3. My Security Shield erfolgreich entfernt?
    Log-Analyse und Auswertung - 28.12.2011 (3)
  4. Security Tool erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (18)
  5. Security Tool - erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (6)
  6. total security 2009
    Plagegeister aller Art und deren Bekämpfung - 14.10.2009 (6)
  7. lizenz für kaspersky internet security 2009
    Alles rund um Windows - 08.10.2009 (7)
  8. Outpost Security Suite 2009
    Antiviren-, Firewall- und andere Schutzprogramme - 19.08.2009 (4)
  9. System Security 2009 Rogue Anti Spyware
    Plagegeister aller Art und deren Bekämpfung - 13.06.2009 (0)
  10. System security 2009
    Log-Analyse und Auswertung - 29.05.2009 (10)
  11. Problem mit Trend Micro Internet Security 2009
    Antiviren-, Firewall- und andere Schutzprogramme - 04.03.2009 (0)
  12. PC Tools Internet Security 2009
    Antiviren-, Firewall- und andere Schutzprogramme - 01.01.2009 (29)
  13. Erfahrungswerte gesucht: F-Secure Internet Security 2009
    Antiviren-, Firewall- und andere Schutzprogramme - 16.10.2008 (3)
  14. Spyware Doctor und Kaspersky Internet Security 2009
    Mülltonne - 05.10.2008 (0)
  15. Probleme mit Kaspersky Internet Security 2009
    Mülltonne - 03.10.2008 (0)
  16. Anleitung: Kaspersky Internet Security 2009
    Anleitungen, FAQs & Links - 01.10.2008 (0)
  17. Kaspersky Internet Security 2009? - erste Meinungen?
    Antiviren-, Firewall- und andere Schutzprogramme - 16.06.2008 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema System Security 2009 erfolgreich abgeblockt? - Hi, ich war gestern auf einer Seite, wo man Anime Serien gucken kann. Auf einmal hat mein Antivir verrückt gespielt. Ich habe alles was Antivir gemelder hatte in die Quarantänge - System Security 2009 erfolgreich abgeblockt?...
Archiv
Du betrachtest: System Security 2009 erfolgreich abgeblockt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129