Trojaner-Board - 50 Euro Virus blockiert Windows- System

Combofix Logfile:
Code:
ComboFix 12-01-15.01 - Anna 16.01.2012  11:12:59.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.2039.1087 [GMT 1:00]

ausgeführt von:: c:\users\Anna\Desktop\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Anna\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2

c:\users\Anna\Documents\~WRL3489.tmp

c:\users\Anna\Favorites\mxfilerelatedcache.mxc2

c:\windows\system32\odbcad32.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll

E:\Autorun.inf

E:\zPharaoh.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-16 bis 2012-01-16  ))))))))))))))))))))))))))))))

.

.

2012-01-16 10:52 . 2012-01-16 10:58        --------        d-----w-        c:\users\Anna\AppData\Local\temp

2012-01-14 16:02 . 2012-01-14 17:50        --------        d-----w-        C:\_OTL

2012-01-06 13:11 . 2012-01-06 13:11        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 22:56 . 2011-11-10 22:56        8464        ----a-w-        c:\windows\system32\SpOrder.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

"Akamai NetSession Interface"="c:\users\Anna\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-15 2356088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]

"NDSTray.exe"="NDSTray.exe" [BU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

.

c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-10 19:52        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 15:33        141600        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08        417792        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-02-01 16:22        21898024        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]

2008-01-29 15:38        583048        ----a-w-        c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]

2007-04-02 10:48        577536        ----a-w-        c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]

2007-05-04 11:05        571024        ----a-w-        c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 12:36        201728        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 18:55]

.

2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 18:55]

.

2011-12-12 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Anna.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]

.

2012-01-16 c:\windows\Tasks\User_Feed_Synchronization-{48564718-BD82-4A9F-8725-D28F801A99B2}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.yahoo.de/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

HKCU-Run-AdobeBridge - (no file)

AddRemove-Firebird SQL Server D - c:\program files\MAGIX\Common\Database\uninstall.exe

AddRemove-MAGIX Foto Suite D - c:\program files\MAGIX\Foto_Suite\instslct.exe

AddRemove-MAGIX Online Druck Service D - c:\program files\MAGIX\Online_Druck_Service\instslct.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-16 11:58

Windows 6.0.6000  NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\conime.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\lpremove.exe

c:\windows\system32\lpksetup.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-16  12:10:00 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-16 11:09

.

Vor Suchlauf: 7 Verzeichnis(se), 12.205.236.224 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 12.144.549.888 Bytes frei

.

- - End Of File - - 6A84370674ED94F04C233CDF207A8556
--- --- ---