Trojaner eingefangen?

cosinus · 06.05.2010, 19:28

Im OSAM Log seh ich so nichts. Probier mal nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Kangal · 06.05.2010, 20:41

Ich habe leider vergessen,die Datei in Confi.exe umzubennen ist es schlimm?

Zitat:

ComboFix 10-05-05.0D - xxx 06.05.2010 21:13:14.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2048.1325 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\xxx\Desktop\ydsrg\xxx.xxx.xxx.xxxxxxxxxxx.xxxx\cshtr\Desktop_.ini
c:\windows\system32\AVSredirect.dll

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-06 bis 2010-05-06 ))))))))))))))))))))))))))))))
.

2010-05-06 19:23 . 2010-05-06 19:23 -------- d-----w- c:\users\xxx\AppData\Local\temp
2010-05-05 21:49 . 2010-05-05 22:03 -------- d-----w- c:\program files\a-squared Free
2010-05-04 11:00 . 2010-05-04 11:00 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2010-05-04 10:59 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 10:59 . 2010-05-04 10:59 -------- d-----w- c:\programdata\Malwarebytes
2010-05-04 10:59 . 2010-05-04 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 10:59 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 22:14 . 2010-05-03 22:14 -------- d-----w- c:\program files\Trend Micro
2010-04-30 23:14 . 2010-04-30 23:14 -------- d-----w- c:\users\xxx\AppData\Local\Apps
2010-04-30 23:14 . 2010-04-30 23:14 -------- d-----w- c:\users\xxx\AppData\Local\Deployment
2010-04-30 18:41 . 2010-04-30 18:59 -------- d-----w- c:\users\xxx\AppData\Roaming\GrabIt
2010-04-28 22:51 . 2010-04-28 22:51 88 --sh--r- c:\programdata\Protexis\DC23F7E04C.sys
2010-04-28 22:51 . 2010-04-28 22:54 2828 --sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-04-28 22:51 . 2010-04-28 22:51 -------- d-----w- c:\programdata\Protexis
2010-04-28 22:51 . 2010-04-28 22:51 -------- d-----w- c:\users\xxx\AppData\Roaming\Corel
2010-04-28 21:03 . 2010-04-28 21:03 -------- d-----w- c:\program files\Microsoft SDKs
2010-04-28 21:03 . 2010-04-28 21:12 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-04-28 21:01 . 2010-04-28 21:01 -------- d-----w- c:\program files\Common Files\Corel
2010-04-28 21:00 . 2010-04-30 19:05 -------- d-----w- c:\programdata\Corel
2010-04-28 11:03 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 11:03 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 11:03 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-26 20:03 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-04-26 20:03 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-04-26 20:03 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-04-26 20:03 . 2010-04-26 20:03 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-26 20:03 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-04-26 20:02 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-04-26 20:02 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-04-26 20:02 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-04-26 20:02 . 2010-04-26 20:02 -------- d-----w- c:\program files\eRightSoft
2010-04-25 12:38 . 2010-04-25 12:38 -------- d-----w- c:\programdata\Adobe Systems
2010-04-25 12:37 . 2010-04-25 12:37 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-04-14 17:07 . 2010-04-14 17:07 -------- d-----w- c:\users\Administrator\Tracing
2010-04-14 15:10 . 2010-04-14 17:11 -------- d-----w- C:\WinSetupFromUSB
2010-04-14 15:05 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 15:05 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 15:05 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 15:05 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 15:05 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 15:05 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 15:03 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 15:03 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 14:59 . 2010-04-14 15:00 -------- d-----w- c:\users\xxx\usb
2010-04-07 20:54 . 2010-04-07 20:54 -------- d-----w- c:\windows\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 17:12 . 2009-11-16 14:41 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-06 17:11 . 2010-01-09 12:41 -------- d-----w- c:\programdata\NVIDIA
2010-05-05 22:11 . 2009-11-20 21:50 -------- d-----w- c:\users\xxx\AppData\Roaming\vlc
2010-05-05 22:08 . 2009-11-23 16:48 -------- d-----w- c:\users\xxx\AppData\Roaming\dvdcss
2010-05-05 18:39 . 2010-01-11 20:18 -------- d-----w- c:\program files\JDownloader
2010-05-05 10:31 . 2009-11-16 14:42 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 10:31 . 2009-11-16 14:42 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-01 23:45 . 2009-11-19 01:01 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:06 . 2009-11-17 19:10 -------- d-----w- c:\program files\Corel
2010-04-28 21:13 . 2009-11-16 12:48 131224 ----a-w- c:\users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-28 11:26 . 2009-07-14 08:47 643628 ----a-w- c:\windows\system32\perfh007.dat
2010-04-28 11:26 . 2009-07-14 08:47 126188 ----a-w- c:\windows\system32\perfc007.dat
2010-04-25 12:34 . 2009-11-18 19:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 11:46 . 2010-03-23 20:52 -------- d-----w- c:\programdata\FLEXnet
2010-04-14 17:07 . 2010-03-12 16:07 122472 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-01 11:33 . 2010-04-01 10:46 -------- d-----w- c:\programdata\WinZip
2010-03-25 17:02 . 2010-03-10 23:20 122472 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-23 20:40 . 2010-03-23 20:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-23 20:35 . 2010-03-23 20:37 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-23 20:35 . 2010-03-23 20:37 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-03-23 20:35 . 2010-03-23 20:37 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-23 20:35 . 2010-03-23 20:37 129784 ------w- c:\windows\system32\pxafs.dll
2010-03-17 22:21 . 2010-03-17 21:30 -------- d-----w- c:\users\xxx\AppData\Roaming\abgx360
2010-03-17 21:21 . 2010-03-17 21:21 -------- d-----w- c:\program files\abgx360
2010-03-17 21:08 . 2010-03-17 21:08 1431040 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Program Files\SlySoft\CloneCD\CloneCD.exe
2010-03-17 20:57 . 2010-03-17 20:57 -------- d-----w- c:\program files\SlySoft
2010-03-15 21:51 . 2010-03-15 21:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-03-15 18:14 . 2009-11-16 17:29 -------- d-----w- c:\programdata\Messenger Plus!
2010-03-15 18:13 . 2009-11-16 15:10 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-14 22:00 . 2010-03-14 22:00 -------- d-----w- c:\users\Gast\AppData\Roaming\TuneUp Software
2010-03-14 13:53 . 2010-03-14 13:53 -------- d-----w- c:\program files\Vogel Verlag
2010-03-12 22:20 . 2010-03-12 22:20 -------- d-----w- c:\program files\Realtek AC97
2010-03-12 22:20 . 2009-11-17 19:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 22:19 . 2010-03-12 22:19 319488 ----a-w- c:\windows\HideWin.exe
2010-03-12 22:19 . 2010-03-12 22:19 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-12 16:06 . 2010-03-12 16:06 -------- d--h--r- c:\users\Administrator\AppData\Roaming\SecuROM
2010-03-12 09:47 . 2009-11-16 23:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-10 23:20 . 2010-03-10 23:20 -------- d--h--r- c:\users\Gast\AppData\Roaming\SecuROM
2010-03-10 19:28 . 2010-03-10 19:27 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-10 19:27 . 2010-03-10 19:27 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-10 19:27 . 2010-03-10 19:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-10 19:10 . 2010-03-10 19:10 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-10 19:09 . 2009-11-16 15:12 -------- d-----w- c:\programdata\TuneUp Software
2010-03-10 19:02 . 2010-03-10 19:02 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-10 18:51 . 2010-03-10 18:51 -------- d-----w- c:\program files\CCleaner
2010-02-25 17:42 . 2010-03-10 19:10 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-25 17:37 . 2010-03-10 19:10 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-25 17:37 . 2010-03-10 19:10 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-24 08:16 . 2009-10-14 02:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-03-31 18:33 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-11 07:10 . 2010-03-24 23:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 10:06 . 2010-04-26 20:02 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-04-26 20:02 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-04-26 20:02 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[2010-01-02 3280712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeBridge"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Ulead AutoDetector v2"=c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe"
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2009-11-27 911680]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [2010-04-15 1872320]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-05-05 1872320]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-11-27 2480048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-11-27 160288]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\7ka5q5kg.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2773479561-840278347-2827710981-1001\Software\SecuROM\License information*]
"datasecu"=hex:64,b0,67,ac,b3,c8,ab,cd,e9,5a,1e,54,0f,75,75,44,ee,bd,09,92,49,
be,80,88,87,57,35,0d,ee,c3,99,70,85,30,e9,27,d3,ab,34,5b,f1,5d,0a,f0,80,7b,\
"rkeysecu"=hex:48,63,59,11,cd,dd,15,a4,02,b7,5c,8e,47,20,b4,0e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-05-06 21:28:01
ComboFix-quarantined-files.txt 2010-05-06 19:28

Vor Suchlauf: 9 Verzeichnis(se), 31.546.269.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 31.472.869.376 Bytes frei

- - End Of File - - E99C2E4812DE521BD2A52702B6A44EFE

Mfg

Trojaner eingefangen?

Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen?

Trojaner eingefangen?

Trojaner eingefangen?

Ähnliche Themen: Trojaner eingefangen?