| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Umleitung auf ask, gomeo etc bei Firefox und andere ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.04.2011, 04:55
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Umleitung auf ask, gomeo etc bei Firefox und andere Probleme Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.04.2011, 08:24
| #2 |
 | Umleitung auf ask, gomeo etc bei Firefox und andere Probleme Huhu... alles erledigt
__________________Code:
ATTFilter ComboFix 11-04-09.01 - User 10.04.2011 9:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1804 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\hpe4230.dll
C:\readme.txt
C:\RegClean.exe
c:\users\User\AppData\Local\lame_enc.dll
c:\users\User\AppData\Local\no23xwrapper.dll
c:\users\User\AppData\Local\ogg.dll
c:\users\User\AppData\Local\vorbis.dll
c:\users\User\AppData\Local\vorbisenc.dll
c:\users\User\AppData\Local\vorbisfile.dll
C:\YouMeetWeWo
c:\youmeetwewo\config.bin
c:\youmeetwewo\YouMeetWeWo.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-10 bis 2011-04-10 ))))))))))))))))))))))))))))))
.
.
2011-04-10 07:16 . 2011-04-10 07:17 -------- d-----w- c:\users\User\AppData\Local\temp
2011-04-10 07:16 . 2011-04-10 07:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 07:01 . 2011-04-10 07:01 -------- d-----w- c:\program files\CCleaner
2011-04-08 17:05 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EED07C8D-75A4-41A2-9291-1169115117F4}\mpengine.dll
2011-04-07 19:04 . 2011-04-07 19:04 -------- d-----w- C:\_OTL
2011-04-07 14:07 . 2011-04-07 14:07 -------- d-----w- c:\users\User\AppData\Local\GHISLER
2011-04-07 11:49 . 2011-04-07 11:57 -------- d-----w- c:\program files\totalcmd
2011-04-07 11:49 . 2011-04-07 11:49 -------- d-----w- c:\users\User\AppData\Roaming\GHISLER
2011-04-07 11:49 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-04-07 11:49 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-04-07 11:49 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-04-07 11:49 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-04-07 11:49 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-04-07 11:49 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-04-07 11:49 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-04-06 07:13 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-06 07:13 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 08:48 . 2011-03-31 08:48 -------- d-----w- c:\program files\Transit NXT
2011-03-31 08:48 . 2011-03-31 08:48 -------- d-----w- c:\program files\Common Files\StarAppShared
2011-03-31 08:42 . 2011-03-31 08:42 -------- d-----w- c:\users\User\AppData\Local\PackageAware
2011-03-31 08:38 . 2011-03-31 08:39 -------- d-----w- c:\program files\Transit
2011-03-29 18:59 . 2011-03-29 18:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-03-29 18:59 . 2011-03-29 18:59 -------- d-----w- c:\programdata\Malwarebytes
2011-03-29 18:59 . 2011-04-06 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 17:50 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 17:50 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 17:50 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 09:41 . 2011-04-10 07:03 -------- d-----w- c:\users\User\Tracing
2011-03-23 09:25 . 2011-03-26 08:03 -------- d-----w- c:\users\User\AppData\Local\Windows Live
2011-03-23 09:25 . 2011-03-23 09:25 -------- d-----w- c:\program files\Common Files\Windows Live
2011-03-15 11:06 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-15 11:06 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-15 11:06 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-15 11:06 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-15 11:06 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-15 11:06 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 19:34 . 2010-07-15 08:01 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-24 14:49 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-05 21:20 . 2011-02-05 21:20 45056 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2011-02-05 21:20 . 2011-02-05 21:20 45056 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2011-02-05 21:20 . 2011-02-05 21:20 40960 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2011-02-02 16:11 . 2010-01-31 10:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 08:16 . 2011-02-01 08:16 32608 ----a-w- c:\windows\king-uninstall.exe
2011-01-20 16:37 . 2011-02-27 11:15 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-27 11:15 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-27 11:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-27 11:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-27 11:15 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-27 11:15 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-27 11:15 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-27 11:15 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-27 11:15 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-27 11:15 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-27 11:15 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-27 11:15 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-27 11:15 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-27 11:15 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-27 11:15 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-27 11:15 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-27 11:15 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-27 11:15 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-27 11:15 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-27 11:15 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-27 11:15 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-27 11:15 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-27 11:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-27 11:15 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-27 11:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HDDHealth"="c:\program files\HDD Health\hddhealth.exe" [2008-04-12 1687552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-13 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration .LNK]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNK.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 12:00 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"EKIJ5000StatusMonitor"=c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2596578785-4124232554-2186326854-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca540e1f71d2ca;Google Update Service (gupdate1ca540e1f71d2ca);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-12-19 4352]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-12-19 265088]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-29 3110016]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-13 135336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-3EFB0E1E7E2F52CE - c:\youmeetwewo\YouMeetWeWo.exe
MSConfigStartUp-ReCycle Patch - c:\users\User\AppData\Local\Temp\Rar$EX00.153\ReCyclePatch.exe
AddRemove-Transit NXT - c:\programdata\{5A7BFEF5-EC94-4E44-A863-E47418B531C3}\inst_transitnxt.exe
AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe
AddRemove-{A822BCEA-D59E-44F6-8497-036C5AF7912C} - c:\programdata\{5A7BFEF5-EC94-4E44-A863-E47418B531C3}\inst_transitnxt.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-10 09:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:89,f7,73,7e,ae,76,27,b5,05,a5,fd,60,1c,cd,d0,ef,95,60,3f,19,db,51,19,
95,b1,d1,73,63,c6,72,4e,42,d1,1a,fc,c6,44,f3,3f,af,b8,c4,58,f4,1a,3b,52,42,\
"??"=hex:f9,80,e7,71,87,57,1f,cc,a6,a7,66,90,cb,23,73,2b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-10 09:21:05
ComboFix-quarantined-files.txt 2011-04-10 07:20
.
Vor Suchlauf: 10 Verzeichnis(se), 77.336.887.296 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 77.590.384.640 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,5
- - End Of File - - 4EC6890D7BF1F0BC8BFC0E52108FBBA0
|
|
| Themen zu Umleitung auf ask, gomeo etc bei Firefox und andere Probleme |
| andere probleme, anderen, c:\windows\system32\services.exe, diverse, einfach, fehler, firefox, funktioniert, gefunden.., hostprozess, jar_cache, nachfrage, nicht mehr, nichts, notepad.exe, nt.dll, ntdll.dll, otl.exe, plötzlich, problem, problemchen, probleme, prozess, sched.exe, schnell, seite, seiten, surfen, umleitung, unbedingt, verweise, virus gefunden, weitergeleitet, windows-update, wissens, zickt |
Hybrid-Darstellung
