| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ie doppelt im TM und startet nach Beendigung von alleine neuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
22.02.2010, 19:41
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  ie doppelt im TM und startet nach Beendigung von alleine neu Ok  Mach bitte noch ein Log mit CF, dann dürften wir auch bald durch sein  ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2010, 22:34
| #2 |
| | ie doppelt im TM und startet nach Beendigung von alleine neu Hallo Arne,
__________________bin Deiner Anweisung gefolgt, hier das ComboFx-Log: Brauchst Du das CC-Log auch? Gruß Helge Code:
ATTFilter ComboFix 10-02-21.02 - Homer 22.02.2010 22:01:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3581.2756 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1881260713-4089407654-2850825354-500
c:\$recycle.bin\S-1-5-21-3164399106-1135682214-2207187196-1002
c:\$recycle.bin\S-1-5-21-3164399106-1135682214-2207187196-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\system32\oem9.inf
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-01-22 bis 2010-02-22 ))))))))))))))))))))))))))))))
.
2010-02-22 21:17 . 2010-02-22 21:18 -------- d-----w- c:\users\***\AppData\Local\temp
2010-02-22 21:17 . 2010-02-22 21:17 -------- d-----w- c:\users\Party\AppData\Local\temp
2010-02-22 21:17 . 2010-02-22 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-22 21:17 . 2010-02-22 21:17 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-02-20 05:55 . 2010-02-20 05:56 -------- d-----w- C:\rsit
2010-02-19 19:52 . 2010-02-19 19:53 -------- d-----w- c:\program files\CCleaner
2010-02-18 20:26 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-18 20:26 . 2009-08-19 22:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2010-02-18 17:58 . 2010-02-18 18:05 -------- d-----w- c:\users\Admin\AppData\Roaming\Orbit
2010-02-18 06:15 . 2010-02-18 06:15 -------- d-----w- C:\MoTemp
2010-02-17 22:39 . 2010-02-17 22:39 -------- d-----w- c:\users\Party\AppData\Roaming\Malwarebytes
2010-02-17 19:21 . 2010-02-17 19:21 -------- d-----w- c:\users\***\AppData\Local\Stardock_Corporation
2010-02-17 14:22 . 2010-02-17 14:22 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-02-17 14:22 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-17 14:22 . 2010-02-17 14:22 -------- d-----w- c:\programdata\Malwarebytes
2010-02-17 14:22 . 2010-02-17 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 14:22 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 20:46 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 20:46 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-09 20:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 20:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-08 19:52 . 2004-01-11 23:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-08 19:37 . 2010-02-08 22:18 -------- d-----w- c:\users\***\AppData\Roaming\TrueCrypt
2010-02-08 19:37 . 2010-02-08 19:37 -------- d-----w- c:\programdata\TrueCrypt
2010-02-08 19:37 . 2010-02-08 19:37 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-02-08 19:37 . 2010-02-08 19:37 -------- d-----w- c:\program files\TrueCrypt
2010-02-01 19:58 . 2010-02-01 19:58 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3517.tmp.exe
2010-01-26 18:36 . 2010-02-22 18:18 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2010-01-26 18:36 . 2010-01-26 18:36 -------- d-----w- c:\program files\VideoLAN
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 20:57 . 2008-11-13 23:21 3204 ----a-w- c:\windows\bthservsdp.dat
2010-02-22 20:57 . 2008-11-21 16:08 -------- d-----w- c:\users\***\AppData\Roaming\Orbit
2010-02-22 17:30 . 2009-12-16 18:02 696320 ----a-w- c:\programdata\Shim pile start hide\Dart Ace.exe
2010-02-22 17:30 . 2008-11-19 15:40 -------- d-----w- c:\programdata\Google Updater
2010-02-19 20:00 . 2008-12-10 09:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-18 20:34 . 2008-08-14 06:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-02-18 20:09 . 2008-11-13 23:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-18 17:57 . 2008-11-19 07:02 75224 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 05:53 . 2008-11-18 16:01 75224 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 05:50 . 2009-12-10 18:49 -------- d-----w- c:\users\Party\AppData\Roaming\Orbit
2010-02-18 00:21 . 2008-11-13 23:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-13 16:01 . 2008-11-19 15:23 -------- d-----w- c:\programdata\FLEXnet
2010-02-10 05:28 . 2008-11-13 23:24 -------- d-----w- c:\program files\Google
2010-02-09 20:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 19:51 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-02-08 19:51 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-02-06 20:52 . 2009-11-30 19:46 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-06 20:52 . 2009-11-30 19:41 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-06 20:52 . 2009-11-30 19:38 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-06 20:52 . 2009-11-30 19:37 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-01 22:16 . 2009-01-05 18:32 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-02-01 18:56 . 2009-01-05 19:19 -------- d-----w- c:\users\***\AppData\Roaming\ICQ
2010-02-01 18:56 . 2009-01-05 18:35 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-01-22 19:59 . 2009-03-12 05:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 19:11 . 2009-01-05 19:18 -------- d-----w- c:\program files\ICQ6.5
2010-01-15 06:01 . 2008-11-18 20:44 -------- d-----w- c:\programdata\Roxio
2010-01-02 06:38 . 2010-01-22 04:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 04:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 04:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 04:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-23 17:33 . 2009-12-23 17:33 1239816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-16 18:02 . 2009-12-16 18:02 696320 ----a-w- c:\programdata\real more bat\kymwahbf.exe
2009-12-16 18:01 . 2009-11-26 11:52 454656 ----a-w- c:\programdata\real more bat\testseek.exe
2009-12-10 18:48 . 2009-12-10 18:48 75176 ----a-w- c:\users\Party\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-08 20:01 . 2010-02-09 20:45 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-09 20:45 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-09 20:45 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-09 20:45 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-09 20:45 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-09 20:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-09 20:45 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-09 20:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-09 20:45 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-09 20:45 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-09 20:45 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-09 20:45 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-09 20:45 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 19:47 . 2009-11-30 19:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-30 19:47 . 2009-11-30 19:47 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-30 19:47 . 2009-11-30 19:47 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-30 19:47 . 2009-11-30 19:47 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-30 19:47 . 2009-11-30 19:46 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-30 19:46 . 2009-11-30 19:46 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-30 19:46 . 2009-11-30 19:46 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-30 17:51 . 2009-11-30 17:51 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb14D9.tmp.exe
2009-11-26 11:52 . 2009-11-26 11:52 700416 ----a-w- c:\programdata\real more bat\aogzslfh.exe
2009-11-26 02:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-11-27 19:43 . 2008-11-27 19:43 3101696 ----a-w- c:\program files\Common FilesDDBACSetup.msi
2009-12-05 11:28 . 2009-12-05 11:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-13 23:26 . 2008-11-13 23:26 74 --sh--r- c:\windows\CT4CET.bin
2008-11-14 07:43 . 2008-11-14 07:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-19 133104]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2009-02-25 4824440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 68856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-02-08 1415632]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-07 132392]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-18 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-19 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-19 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-11-21 1719496]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-13 23:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):41,67,ec,b7,a2,f0,c9,01
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [30.11.2009 20:48 64288]
R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [14.11.2008 00:28 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [13.06.2009 09:23 81920]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [02.05.2008 14:09 161048]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [05.01.2009 20:19 222456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [19.11.2008 21:16 24652]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [14.11.2008 00:20 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [14.11.2008 08:53 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [14.11.2008 08:53 203264]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [27.05.2009 17:37 721904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06.01.2010 06:19 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 05:46 288112]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14.11.2008 00:24 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 12:17 1181328]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [14.11.2008 08:53 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [14.11.2008 08:53 277504]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [21.01.2008 03:23 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [21.01.2008 03:23 251904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 06:54]
2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 05:19]
2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 05:19]
2010-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164399106-1135682214-2207187196-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-19 15:31]
2010-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164399106-1135682214-2207187196-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-19 15:31]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-19 12:32]
2009-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-19 12:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren
IE: Auswahl in Adobe PDF konvertieren
IE: Auswahl in vorhandene PDF-Datei konvertieren
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {38B262D3-DEF1-48F6-A63D-13C2C458741B} = 212.6.108.140,212.6.108.141
TCP: {BFA54922-6F32-46D4-B0FF-B1512B97A959} = 212.6.108.140,212.6.108.141
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lccdd5cu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\***\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-AdobeBridge - (no file)
AddRemove-{CE325D55-FCAF-4273-BB79-069BB8747270} - c:\program files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2010-02-22 22:17
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-02-22 22:21:18
ComboFix-quarantined-files.txt 2010-02-22 21:21
Vor Suchlauf: 16 Verzeichnis(se), 100.041.543.680 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 100.008.128.512 Bytes frei
- - End Of File - - 1704D38535C5A9837CA638DF7B6A253F
|
|
| Themen zu ie doppelt im TM und startet nach Beendigung von alleine neu |
| abgesicherten, abgesicherten modus, aktiv, andere, automatisch, beenden, brauch, doppel, doppelt, erstell, erstellt, forum, gestartet, gestern, gesuch, gesucht, gupdate, installation, internetexplorer, lange, malwarebytes' anti-malware, modus, neu, nicht starten, pdf-datei, plug-in, preferences, programdata, richtig, schonmal, sofort, starte, starten, startet, taskmanager, tasks |
Hybrid-Darstellung
