Trojaner-Board - Google geht nicht

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Google geht nicht (https://www.trojaner-board.de/71731-google-geht.html)

Google geht nicht

Ich brauche dringend hilfe!!! ich habe in einem anderen thread etwas von combofix gelesen und es grade durchgeführt.

mein problem war bis eben dass google zwar geöffnet werden kann aber keine ergebnisse sucht. nachdem ich combofix durchgeführt habe geht es wieder, muss ich dennoch das scripten durchführen????

hiiiiiiiiiiiiiiiiiiiiiiilfe:heulen:

Hallo und :hallo:

Start => Ausführen => notepad c:\combofix.txt (eintippeln) => OK

Ganzen Text markiere, kopieren und hier einfügen.

ciao, andreas

ComboFix 09-04-04.01 - Anne und Roland 2009-04-05 15:59:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.2046.1245 [GMT 2:00]
ausgeführt von:: c:\users\Anne und Roland\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2009-03-05 bis 2009-04-05 ))))))))))))))))))))))))))))))
.

2009-03-30 20:43 . 2008-06-20 03:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-30 20:43 . 2008-06-20 03:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-30 20:43 . 2008-06-20 03:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-30 20:43 . 2008-06-20 03:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-30 20:43 . 2008-06-20 03:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-30 20:43 . 2008-06-20 03:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-30 20:43 . 2008-06-20 03:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-30 20:43 . 2008-06-20 03:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-30 20:41 . 2009-03-30 20:43 44,105,728 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-03-30 20:41 . 2009-03-30 20:43 196,608 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-30 20:41 . 2009-03-30 20:43 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-30 20:34 . 2008-07-27 20:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-30 20:34 . 2008-07-27 20:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-30 20:34 . 2008-07-27 20:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-30 20:34 . 2008-07-27 20:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-30 20:33 . 2008-07-27 20:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-28 22:38 . 2009-03-28 22:40 <DIR> d-------- c:\users\Anne und Roland\AppData\Roaming\vlc
2009-03-28 22:38 . 2009-03-28 22:38 <DIR> d-------- c:\program files\VideoLAN
2009-03-14 15:27 . 2008-12-16 06:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-03-14 15:27 . 2009-02-09 03:59 2,028,032 --a------ c:\windows\System32\win32k.sys
2009-03-14 15:27 . 2008-11-27 06:42 269,824 --a------ c:\windows\System32\schannel.dll
2009-03-14 15:27 . 2008-12-16 07:53 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-14 15:27 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-14 15:27 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 09:37 --------- d-----w c:\programdata\Google Updater
2009-04-01 18:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 09:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-15 17:59 --------- d-----w c:\program files\Windows Mail
2009-03-15 17:40 --------- d-----w c:\programdata\Microsoft Help
2009-02-27 16:30 --------- d-----w c:\program files\TeamViewer3
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-17 19:37 174 --sha-w c:\program files\desktop.ini
2008-08-09 13:33 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-10-27 02:23 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-27 02:23 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-27 02:23 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 68856]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2007-12-15 482760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-09 29744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-16 185896]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Mobipocket Reader Notifications"="c:\program files\Mobipocket.com\Mobipocket Reader\readernotify.exe" [2006-06-20 57344]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]
OnlineControl.lnk - c:\program files\OnlineControl\ocontrol.exe [2004-07-19 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF554E26-FCB4-429F-A906-794A62BC151D}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{C726397B-2F22-45AC-8E9E-0B411B2A56C9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B6C05AA6-7D14-49F6-910E-B0E4B1D742DD}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{ADCF1BEB-0A82-400E-9B94-0337F058A9B9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{830E1007-1037-44B9-AA24-9797A601D6D7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19BE6013-9B3E-4C65-97F7-BC865811A85D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5D2773EF-3942-47FD-8CF1-33D48255BEA4}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= UDP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"UDP Query User{3DB75064-4DEE-4981-BBB2-BF20484C4091}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= TCP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"TCP Query User{5BBEA93E-77AF-4A7A-8158-93B1801F70AB}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= UDP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"UDP Query User{0C067D36-2D1B-4EAE-8A14-41D69A4E7835}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= TCP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"TCP Query User{1C21AACB-E30F-44D8-9B2E-60E58A462815}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CF509E42-AAA0-4889-BC3D-802F901B2DFC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6467879F-B956-4A97-8D95-1C66ED40D68D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{761AB83B-5D06-47B8-8985-85209267D92B}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 BcmSqlStartupSvc;SQL Server-Startdienst für Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2007-08-08 13312]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-02-19 176128]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-14 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - winelpka

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners

2009-04-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 18:37]

2009-04-05 c:\windows\Tasks\User_Feed_Synchronization-{C4C1703C-162E-4A12-B49C-18C416AEA004}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Anne und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\g4w89fdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://216.239.59.104/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 16:02:43
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5012)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2009-04-05 16:05:22
ComboFix-quarantined-files.txt 2009-04-05 14:05:18

Vor Suchlauf: 18 Verzeichnis(se), 35.031.904.256 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 34,791,153,664 Bytes frei

152 --- E O F --- 2009-04-05 09:40:52

Seit wann gibt es Probleme?

In der Zeit, in der ich das Log lese, klickst du auf "Für alle Neuen" in meiner Signatur, liest alles aufmerksam und arbeitest alles unter Punkt 2 ab.

ciao, andreas

das problem ist seit freitag vor einer woche, ich hatte den player vlc installiert, kann mir aber nich vorstellen dass es damit zusammen hängt?!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:16, on 05.04.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OnlineControl\ocontrol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\helppane.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-18\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: OnlineControl.lnk = C:\Program Files\OnlineControl\ocontrol.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 8200 bytes

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0 - Deutsch
Agere Systems HDA Modem
Atheros WLAN Client
Avira AntiVir Personal - Free Antivirus
AVStation Now
Business Contact Manager für Outlook 2007 SP1
Business Contact Manager für Outlook 2007 SP1
CCleaner (remove only)
DVD Suite
Easy Battery Manager
Easy Display Manager
Easy Network Manager 3.0
Easy SpeedUp Manager
Free YouTube to Mp3 Converter version 3.1
Google Desktop
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ6
imagine digital freedom - Samsung
Install McAfee
IrfanView (remove only)
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (German) 2007
Microsoft SOAP Toolkit 2.0 SP2
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mobipocket Reader 5.2
Moorhuhn 2 V1.1
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
OnlineControl 1.1
Play AVStation
PowerDVD
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
Samsung Magic Doctor
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Recovery Solution II
Samsung Update Plus
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Visio 2007 (KB947590)
Sven XXX - XS
Synaptics Pointing Device Driver
TeamViewer 3
Uninstall 1.0.0.1
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Outlook 2007 Junk Email Filter (kb962871)
User Guide
WIDCOMM Bluetooth Software 6.0.1.5000
Windows Media Player Firefox Plugin

Wer schreibt mir eigentlich, Anne oder Roland?

1.) Deinstalliere:

Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0 - Deutsch
Google Desktop
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
ICQ6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Uninstall 1.0.0.1

2.) Falls du Anne bist, dann sprich bitte mal ein ernsthaftes Wort mit Roland. Erwähne ganz beiläufig: Sven XXX - XS
Falls du Roland bist, dann stell dich für eine halbe Stunde in die Ecke und schäme dich. :aufsmaul: Deinstalliere das besser.

3.) Installiere (Toolbars immer abwählen, Haken weg):

4.) Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

KILLALL::
 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=-

"Google Desktop Search"=-

"TkBellExe"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=""
 

Folder::

c:\programdata\Google Updater
 

File::

c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

5.) Poste ein aktuelles HJT-Log.

ciao, andreas

ComboFix 09-04-04.01 - Anne und Roland 2009-04-05 18:07:35.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.2046.983 [GMT 2:00]
ausgeführt von:: c:\users\Anne und Roland\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anne und Roland\Desktop\cfscript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.
((((((((((((((((((((((( Dateien erstellt von 2009-03-05 bis 2009-04-05 ))))))))))))))))))))))))))))))
.

2009-04-05 17:55 . 2009-04-05 17:54 410,984 --a------ c:\windows\System32\deploytk.dll
2009-04-05 17:54 . 2009-04-05 17:54 <DIR> d-------- c:\program files\Java
2009-04-05 17:51 . 2009-04-05 17:51 <DIR> d-------- c:\users\Anne und Roland\AppData\Roaming\Foxit
2009-04-05 17:51 . 2009-04-05 17:51 <DIR> d-------- c:\program files\Foxit Software
2009-04-05 16:32 . 2009-04-05 16:32 <DIR> d-------- c:\program files\Trend Micro
2009-04-05 16:28 . 2009-04-05 16:28 <DIR> d-------- c:\users\Anne und Roland\AppData\Roaming\Malwarebytes
2009-04-05 16:28 . 2009-04-05 16:28 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-05 16:28 . 2009-04-05 16:28 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-05 16:28 . 2009-04-05 16:28 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 16:28 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-05 16:28 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-30 20:43 . 2008-06-20 03:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-30 20:43 . 2008-06-20 03:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-30 20:43 . 2008-06-20 03:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-30 20:43 . 2008-06-20 03:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-30 20:43 . 2008-06-20 03:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-30 20:43 . 2008-06-20 03:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-30 20:43 . 2008-06-20 03:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-30 20:43 . 2008-06-20 03:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-30 20:41 . 2009-03-30 20:43 44,105,728 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-03-30 20:41 . 2009-03-30 20:43 196,608 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-30 20:41 . 2009-03-30 20:43 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-30 20:34 . 2008-07-27 20:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-30 20:34 . 2008-07-27 20:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-30 20:34 . 2008-07-27 20:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-30 20:34 . 2008-07-27 20:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-30 20:33 . 2008-07-27 20:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-28 22:38 . 2009-03-28 22:40 <DIR> d-------- c:\users\Anne und Roland\AppData\Roaming\vlc
2009-03-28 22:38 . 2009-03-28 22:38 <DIR> d-------- c:\program files\VideoLAN
2009-03-14 15:27 . 2008-12-16 06:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-03-14 15:27 . 2009-02-09 03:59 2,028,032 --a------ c:\windows\System32\win32k.sys
2009-03-14 15:27 . 2008-11-27 06:42 269,824 --a------ c:\windows\System32\schannel.dll
2009-03-14 15:27 . 2008-12-16 07:53 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-14 15:27 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-14 15:27 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 16:11 --------- d-----w c:\program files\Google
2009-04-05 15:48 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-05 15:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-03-22 09:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-15 17:59 --------- d-----w c:\program files\Windows Mail
2009-03-15 17:40 --------- d-----w c:\programdata\Microsoft Help
2009-02-27 16:30 --------- d-----w c:\program files\TeamViewer3
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-17 19:37 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-04-05_16.03.29,77 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-05 12:44:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-05 16:11:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-05 12:44:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-05 16:11:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-05 12:45:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-05 16:11:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-04-05 12:45:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-05 16:11:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-05 16:11:56 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-04-05 13:57:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-05 16:11:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-05 13:57:38 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-05 16:11:36 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-05 13:57:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-05 16:11:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-21 23:23:35 135,168 ----a-w c:\windows\System32\java.exe
+ 2009-04-05 15:54:21 144,792 ----a-w c:\windows\System32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w c:\windows\System32\javaw.exe
+ 2009-04-05 15:54:21 144,792 ----a-w c:\windows\System32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w c:\windows\System32\javaws.exe
+ 2009-04-05 15:54:21 148,888 ----a-w c:\windows\System32\javaws.exe
- 2009-03-28 20:42:54 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-05 15:53:02 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2009-04-05 12:45:59 13,534 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3380280293-2574197857-2776958747-1003_UserData.bin
+ 2009-04-05 16:13:08 13,654 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3380280293-2574197857-2776958747-1003_UserData.bin
- 2009-04-05 12:45:59 116,744 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-05 16:13:08 116,998 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-05 12:45:58 45,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-05 16:13:03 45,692 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2007-12-15 482760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Mobipocket Reader Notifications"="c:\program files\Mobipocket.com\Mobipocket Reader\readernotify.exe" [2006-06-20 57344]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]
OnlineControl.lnk - c:\program files\OnlineControl\ocontrol.exe [2004-07-19 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF554E26-FCB4-429F-A906-794A62BC151D}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{C726397B-2F22-45AC-8E9E-0B411B2A56C9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B6C05AA6-7D14-49F6-910E-B0E4B1D742DD}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{ADCF1BEB-0A82-400E-9B94-0337F058A9B9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{830E1007-1037-44B9-AA24-9797A601D6D7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19BE6013-9B3E-4C65-97F7-BC865811A85D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5D2773EF-3942-47FD-8CF1-33D48255BEA4}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= UDP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"UDP Query User{3DB75064-4DEE-4981-BBB2-BF20484C4091}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= TCP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"TCP Query User{5BBEA93E-77AF-4A7A-8158-93B1801F70AB}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= UDP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"UDP Query User{0C067D36-2D1B-4EAE-8A14-41D69A4E7835}c:\\program files\\gmx\\gmx multimessenger\\messengr.exe"= TCP:c:\program files\gmx\gmx multimessenger\messengr.exe:GMX MultiMessenger
"TCP Query User{1C21AACB-E30F-44D8-9B2E-60E58A462815}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CF509E42-AAA0-4889-BC3D-802F901B2DFC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6467879F-B956-4A97-8D95-1C66ED40D68D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{761AB83B-5D06-47B8-8985-85209267D92B}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 BcmSqlStartupSvc;SQL Server-Startdienst für Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2007-08-08 13312]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-02-19 176128]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-04-05 38496]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd
*Deregistered* - winelpka

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners

2009-04-05 c:\windows\Tasks\User_Feed_Synchronization-{C4C1703C-162E-4A12-B49C-18C416AEA004}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Anne und Roland\AppData\Roaming\Mozilla\Firefox\Profiles\g4w89fdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://216.239.59.104/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 18:13:12
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer3\TeamViewer.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\DAEMON Tools Lite\daemon.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-04-05 18:18:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-04-05 16:18:11
ComboFix2.txt 2009-04-05 14:05:24

Vor Suchlauf: 19 Verzeichnis(se), 35.361.185.792 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 35,133,661,184 Bytes frei

215 --- E O F --- 2009-04-05 09:40:52

Das ist ein altes HJT-Log, ich brauche ein aktuelles. HJT nicht mit Doppelklick sondern Mausklick rechts => Ausführen als Administrator starten.

ciao, andreas

Frohe Ostern,

da du gerade on bist, erstelle bitte auch noch ein Listing mit unserem neuen Tool.

ZHPDiag von Nicolas Coolman

http://pic.leech.it/i/5e532/9b50601zhpdiag.jpg

Klicke auf Téléchargement de ZHPDiag
Klicke auf der Seite auf FTP Zebulon.fr N°1.
Entpacke die geladene Datei auf den Desktop und starte ZHPDiag.exe mit Doppelklick.
Klicke auf http://pic.leech.it/i/ced97/35b1452all.jpg All
Klicke auf http://pic.leech.it/i/0eefe/5db239elupe.jpg General Analysis
Klicke auf http://pic.leech.it/i/bf836/eced1f9dclipboard.jpg Paste Clipboard
Wechsel zum Forum, klicke auf Antworten, klicke in den großen weißen Kasten
Drücke [Strg]v, [Strg]a
Klicke auf # http://pic.leech.it/i/3c634/c3cdedaraute.jpg

ciao, andreas

Da du meinst, hier nicht mehr antworten zu brauchen und stattdessen ein neues Thema mit einem neuen Problem aufmachen zu müssen, darfst du dich nicht wundern, dass sich niemand um dich kümmert.

Nicht gerade die feine Art. Da hilft jetzt nur: http://www.trojaner-board.de/51262-a...sicherung.html

Ich bin raus,
andreas