Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Googlechrome macht was es will.. (https://www.trojaner-board.de/88104-googlechrome-macht-will.html)

markusg 14.07.2010 20:40
kannst du es mal im abgesicherten modus versuchen?
beim pc start die f8-taste drücken, dann solltest du dort hingelangen

Mofa 14.07.2010 21:29
nach zig scans hab ich jetzt endlich die log file:


Combofix Logfile:
Code:
ComboFix 10-07-13.08 - Skillz 14.07.2010  22:10:11.4.2 - x86 MINIMAL
Microsoft Windows 7 Starter  6.1.7600.0.1252.49.1031.18.1014.681 [GMT 2:00]
ausgeführt von:: c:\users\Skillz\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-06-14 bis 2010-07-14  ))))))))))))))))))))))))))))))
.

2010-07-14 20:18 . 2010-07-14 20:18        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-07-14 20:18 . 2010-07-14 20:18        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-14 19:05 . 2009-10-31 05:45        2614272        ----a-w-        c:\windows\system32\userinit.exe
2010-07-14 18:03 . 2010-07-14 20:18        --------        d-----w-        c:\users\Skillz\AppData\Local\temp
2010-07-13 15:42 . 2010-07-13 15:42        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Malwarebytes
2010-07-13 15:42 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 15:42 . 2010-07-13 15:42        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-13 15:42 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-13 15:41 . 2010-07-13 15:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-12 21:17 . 2010-07-13 01:51        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-07-12 21:17 . 2010-07-12 21:19        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-07-12 19:17 . 2010-07-12 19:17        --------        d-----w-        c:\windows\system32\log
2010-07-11 19:50 . 2010-07-12 19:27        --------        d-----w-        c:\program files\Vector Magic
2010-07-11 18:12 . 2010-07-11 18:12        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Pegasys Inc
2010-07-11 18:11 . 2010-07-11 18:11        --------        d-----w-        c:\users\Skillz\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-11 18:09 . 2010-07-11 18:10        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-07-11 18:09 . 2010-07-11 18:10        --------        d-----w-        c:\program files\DVDVideoSoft
2010-07-11 05:51 . 2010-07-11 07:03        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Windows Live Writer
2010-07-11 05:51 . 2010-07-11 05:51        --------        d-----w-        c:\users\Skillz\AppData\Local\Windows Live Writer
2010-07-11 05:38 . 2010-07-12 05:49        --------        d-----w-        c:\users\Skillz\Tracing
2010-07-10 18:29 . 2010-07-10 18:29        --------        d-----w-        c:\users\Skillz\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2010-07-10 18:29 . 2010-07-10 18:26        53632        ----a-w-        c:\users\Skillz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-10 18:29 . 2010-07-10 18:26        53632        ----a-w-        c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-08 12:53 . 2010-07-08 12:56        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Apple Computer
2010-07-08 12:53 . 2010-07-08 12:53        --------        d-----w-        c:\users\Skillz\AppData\Local\Apple Computer
2010-07-08 12:52 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-08 12:52 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2010-07-08 12:51 . 2010-07-08 12:51        --------        d-----w-        c:\program files\iPod
2010-07-08 12:51 . 2010-07-08 12:52        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-08 12:51 . 2010-07-08 12:52        --------        d-----w-        c:\program files\iTunes
2010-07-08 12:47 . 2010-07-08 12:49        --------        d-----w-        c:\program files\QuickTime
2010-07-08 12:47 . 2010-07-08 12:51        --------        d-----w-        c:\programdata\Apple Computer
2010-07-08 12:47 . 2010-07-08 12:47        --------        d-----w-        c:\users\Skillz\AppData\Local\Apple
2010-07-08 12:47 . 2010-07-08 12:47        --------        d-----w-        c:\program files\Apple Software Update
2010-07-08 12:46 . 2010-07-08 12:46        --------        d-----w-        c:\program files\Bonjour
2010-07-08 12:45 . 2010-07-08 12:55        --------        d-----w-        c:\programdata\Apple
2010-07-08 12:45 . 2010-07-08 12:51        --------        d-----w-        c:\program files\Common Files\Apple
2010-07-03 19:18 . 2010-07-03 19:18        --------        d-----w-        C:\Skillz
2010-07-03 16:55 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-07-03 16:55 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-07-03 16:55 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-07-03 16:55 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-07-03 16:55 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-07-03 16:48 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-07-03 07:54 . 2010-07-14 19:42        --------        d-----w-        c:\users\Skillz\AppData\Roaming\ICQ
2010-07-03 07:54 . 2010-07-03 07:54        --------        d-----w-        c:\users\Skillz\AppData\Local\AOL
2010-07-03 07:54 . 2010-07-03 07:57        --------        d-----w-        c:\program files\ICQ7.2
2010-07-03 06:48 . 2010-05-09 09:14        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-07-03 06:48 . 2009-12-13 09:30        465408        ----a-w-        c:\windows\system32\psisdecd.dll
2010-07-03 06:48 . 2010-03-08 21:33        427520        ----a-w-        c:\windows\system32\vbscript.dll
2010-07-03 06:48 . 2009-09-26 05:58        194488        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2010-07-03 06:47 . 2009-10-31 05:45        2614272        ----a-w-        c:\windows\explorer.exe
2010-07-03 06:47 . 2009-10-28 06:17        285696        ----a-w-        c:\windows\system32\winlogon.exe
2010-07-03 06:47 . 2009-12-11 07:38        1037312        ----a-w-        c:\windows\system32\lsasrv.dll
2010-07-03 06:47 . 2009-12-11 07:44        133720        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2010-07-03 06:47 . 2010-03-04 07:33        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2010-07-03 06:45 . 2009-12-19 09:02        1328640        ----a-w-        c:\windows\system32\quartz.dll
2010-07-03 06:44 . 2010-04-23 07:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-07-03 06:43 . 2010-02-27 07:32        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-07-03 06:43 . 2010-02-27 07:32        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-07-03 06:43 . 2010-02-27 07:32        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-07-03 06:42 . 2010-05-27 03:49        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-07-03 06:42 . 2009-10-19 14:10        70656        ----a-w-        c:\windows\system32\fontsub.dll
2010-07-03 06:42 . 2010-05-27 07:24        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-07-02 21:40 . 2010-07-02 21:40        --------        d-----w-        c:\windows\ConfigSetRoot
2010-07-02 21:35 . 2010-02-01 13:53        79136        ----a-w-        c:\users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-02 21:35 . 2010-02-01 13:53        --------        d-----w-        c:\users\Default\AppData\Roaming\E-Cam
2010-07-02 21:35 . 2010-02-01 13:46        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2010-07-02 21:35 . 2010-02-01 13:46        --------        d-----w-        c:\users\Default\AppData\Local\Adobe
2010-07-02 21:35 . 2010-02-01 13:21        --------        d-----w-        c:\users\Default\AppData\Local\Broadcom
2010-07-02 21:35 . 2010-02-01 13:14        --------        d-----w-        c:\users\Default\AppData\Roaming\InstallShield
2010-07-02 20:18 . 2010-07-02 20:18        --------        d-----w-        c:\program files\Common Files\Java
2010-07-02 20:18 . 2010-07-02 20:17        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-07-02 20:17 . 2010-07-02 20:17        --------        d-----w-        c:\program files\Java
2010-07-02 18:40 . 2010-07-02 18:40        --------        d-----w-        c:\users\Skillz\AppData\Local\BVRP Software
2010-07-02 17:42 . 2010-07-02 17:42        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-02 17:42 . 2010-07-02 17:29        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-07-02 17:42 . 2010-07-02 17:28        895256        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-02 17:42 . 2010-07-02 17:42        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-02 17:42 . 2010-07-02 17:42        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-02 17:41 . 2010-07-02 17:41        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-07-02 17:41 . 2010-07-02 17:41        57715        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-07-02 17:40 . 2010-07-11 18:18        --------        d-----w-        c:\users\Skillz\AppData\Roaming\DivX
2010-07-02 17:39 . 2010-07-02 17:39        84062        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2010-07-02 17:39 . 2010-07-02 17:39        57609        ----a-w-        c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        57054        ----a-w-        c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        54166        ----a-w-        c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        57532        ----a-w-        c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        56458        ----a-w-        c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54174        ----a-w-        c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54128        ----a-w-        c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54644        ----a-w-        c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54101        ----a-w-        c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        57409        ----a-w-        c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-02 17:37 . 2010-07-02 17:37        52963        ----a-w-        c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-02 17:36 . 2010-07-02 17:36        54073        ----a-w-        c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-02 17:36 . 2010-07-02 17:36        --------        d-----w-        c:\program files\Common Files\DivX Shared
2010-07-02 17:36 . 2010-07-02 17:36        56969        ----a-w-        c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-02 17:30 . 2010-07-11 18:09        --------        d-----w-        c:\program files\DivX
2010-07-02 17:30 . 2010-07-02 17:30        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-02 17:29 . 2010-07-02 17:42        --------        d-----w-        c:\programdata\DivX
2010-07-02 17:06 . 2010-07-02 17:06        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Thunderbird
2010-07-02 17:06 . 2010-07-02 17:06        --------        d-----w-        c:\users\Skillz\AppData\Local\Thunderbird
2010-07-02 17:03 . 2010-07-02 17:41        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-02 16:49 . 2010-05-21 12:14        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-07-02 16:46 . 2009-12-04 16:05        1322680        ----a-w-        c:\windows\system32\drivers\vsapint.sys
2010-07-02 16:46 . 2009-12-04 16:39        230928        ----a-w-        c:\windows\system32\drivers\tmxpflt.sys
2010-07-02 16:46 . 2009-12-04 16:38        36368        ----a-w-        c:\windows\system32\drivers\tmpreflt.sys
2010-07-02 16:36 . 2010-07-02 16:40        --------        d-----w-        c:\users\Skillz\AppData\Local\Google
2010-07-02 16:30 . 2010-07-02 16:36        --------        d-----w-        c:\users\Skillz\AppData\Local\Deployment
2010-07-02 16:30 . 2010-07-02 16:30        --------        d-----w-        c:\users\Skillz\AppData\Local\Apps
2010-07-02 13:50 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\system32\wintrust.dll
2010-07-02 13:50 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\system32\cabview.dll
2010-06-15 18:01 . 2010-06-15 18:01        72504        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 20:13 . 2009-07-14 08:47        643628        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-14 20:13 . 2009-07-14 08:47        126188        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-10 18:28 . 2010-02-01 14:02        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2010-07-07 15:36 . 2010-07-07 15:36        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-07-03 17:26 . 2009-07-14 02:37        --------        d-----w-        c:\program files\Windows Mail
2010-07-03 07:54 . 2010-02-01 13:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Vorlagen
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Startmenü
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Favoriten
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Dokumente
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Anwendungsdaten
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\program files\Gemeinsame Dateien
2010-07-02 13:58 . 2010-02-01 15:16        --------        d-----w-        c:\programdata\Trend Micro
2010-07-02 13:47 . 2010-02-01 15:15        --------        d-----w-        c:\program files\Trend Micro
2010-05-21 05:18 . 2010-07-03 06:46        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-18 14:35 . 2010-05-18 14:35        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2010-05-01 14:49 . 2010-07-03 06:46        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-19 18:47 . 2010-04-19 18:47        3062048        ----a-w-        c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2010-04-19 18:47        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
.

(((((((((((((((((((((((((((((  SnapShot@2010-07-14_19.55.51  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-01 15:10 . 2010-07-14 20:02        32208              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-07-14 20:02        40210              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-07-02 21:37 . 2010-07-14 19:45        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-02 21:37 . 2010-07-14 20:02        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-02 21:37 . 2010-07-14 20:02        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-02 21:37 . 2010-07-14 19:45        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-14 19:45        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-07-14 20:02        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-03 06:34 . 2010-07-14 19:12        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-03 06:34 . 2010-07-14 20:06        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-03 06:34 . 2010-07-14 19:12        32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-03 06:34 . 2010-07-14 20:06        32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-03 06:34 . 2010-07-14 20:06        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-03 06:34 . 2010-07-14 19:12        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-02 13:48 . 2010-07-14 20:02        4376              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2144237666-3199333369-569597218-1000_UserData.bin
+ 2010-07-14 20:07 . 2010-07-14 20:07        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-14 19:43 . 2010-07-14 19:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-14 19:43 . 2010-07-14 19:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-14 20:07 . 2010-07-14 20:07        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-07-14 20:13        606992              c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-14 19:50        606992              c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-14 19:50        103370              c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-07-14 20:13        103370              c:\windows\System32\perfc009.dat
- 2009-09-22 02:46 . 2010-07-12 21:10        245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-22 02:46 . 2010-07-14 20:02        245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1024368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Skillz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\Skillz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-02 16:36        136176        ----atw-        c:\users\Skillz\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-07-12 19:54        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
R3 br3gmdm;BandLuxe 3.5G USB Adapter - MODEM;c:\windows\system32\DRIVERS\br3gmdm.sys [2009-09-02 107008]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-08-22 50704]
R3 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-08-22 146448]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-08-22 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-08-22 689416]
R3 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-08-22 283152]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144237666-3199333369-569597218-1000Core.job
- c:\users\Skillz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-02 16:36]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144237666-3199333369-569597218-1000UA.job
- c:\users\Skillz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-02 16:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Skillz\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-14  22:21:52
ComboFix-quarantined-files.txt  2010-07-14 20:21
ComboFix2.txt  2010-07-14 19:59

Vor Suchlauf: 12 Verzeichnis(se), 84.458.328.064 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 84.339.212.288 Bytes frei

- - End Of File - - 7E4A27F5C8EFA50C6FA3623E81036A7B
--- --- ---

markusg 14.07.2010 21:42
kannst du mal den inhalt folgender txt posten?
ComboFix-quarantined-files.txt

Mofa 14.07.2010 22:07
2010-07-14 19:57:36 . 2010-07-14 19:57:37 133 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ASUSPRP.reg.dat
2010-07-14 19:57:31 . 2010-07-14 19:57:31 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2010-07-14 18:02:02 . 2010-07-12 20:36:55 26,112 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\userinit.exe.vir
2010-07-14 17:43:23 . 2010-07-14 20:15:44 6,117 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-14 17:01:25 . 2010-07-14 20:10:11 362 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-07-13 05:28:22 . 2010-07-13 05:28:22 0 ----a-w- C:\Qoobox\Quarantine\C\System Volume Information\Windows Backup\Catalogs\GlobalCatalogLock.dat.vir
2010-02-01 15:32:25 . 2010-02-01 15:32:25 148,736 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\hpe3E66.dll.vir
2010-02-01 13:15:04 . 2010-07-14 17:17:21 330,264 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\Drivers\iaStor.sys.vir
2009-09-22 03:35:52 . 2009-07-14 14:27:26 7,680 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\Thumbs.db.vir
2009-07-14 00:15:29 . 2010-07-12 19:32:05 522,752 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\FXSSVC.exe.vir
2009-07-13 23:58:32 . 2010-07-12 20:36:02 14,848 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\regsvr32.exe.vir
2009-07-13 23:55:05 . 2010-07-12 19:32:23 12,800 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\snmptrap.exe.vir
2009-07-13 23:53:10 . 2010-07-12 19:31:58 59,392 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\alg.exe.vir
2009-07-13 23:44:02 . 2010-07-12 19:32:13 134,144 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\msdtc.exe.vir
2009-07-13 23:43:52 . 2010-07-12 20:29:31 7,168 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\dllhost.exe.vir
2009-07-13 23:43:49 . 2010-07-12 19:32:20 9,216 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\Locator.exe.vir
2009-07-13 23:41:43 . 2010-07-12 20:36:08 44,544 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\rundll32.exe.vir
2009-07-13 23:36:55 . 2010-07-12 19:32:31 35,840 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\UI0Detect.exe.vir
2009-07-13 23:32:18 . 2010-07-12 20:34:50 1,401,344 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\mmc.exe.vir
2009-07-13 23:31:17 . 2010-07-12 19:32:38 136,192 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\wbem\WmiApSrv.exe.vir
2009-07-13 23:30:45 . 2010-07-12 19:41:00 190,464 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\taskeng.exe.vir
2009-07-13 23:27:32 . 2010-07-12 20:37:19 360,448 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\WerFault.exe.vir
2009-07-13 23:24:05 . 2010-07-12 19:32:32 452,608 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\vds.exe.vir
2009-07-13 23:23:48 . 2010-07-12 19:32:34 1,202,688 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\wbengine.exe.vir
2009-07-13 23:22:31 . 2010-07-12 19:32:30 204,800 ----a-w- C:\Qoobox\Quarantine\C\windows\servicing\TrustedInstaller.exe.vir
2009-07-13 23:22:09 . 2010-07-12 20:28:09 301,568 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\cmd.exe.vir
2009-07-13 23:20:05 . 2010-07-12 19:30:00 233,984 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\msconfig.exe.vir
2009-07-13 23:19:25 . 2010-07-12 20:36:09 37,376 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\sc.exe.vir

markusg 14.07.2010 23:24
kannst du mal den ordner qoobox, der sich auf c: befindet packen und zu uns hochladen?
evtl. dafür dein antivirus deaktiviren.

Mofa 15.07.2010 07:03
Kann ich irgendwie den ordner einfügen oder muss ich die ganzen datein einzeln hochladen?

markusg 15.07.2010 12:17
ne rechtsklick, zu qoobox.rar oder zip hinzufügen und das archiv hochladen

Mofa 15.07.2010 16:44
Ok, danke, =)

Hab den ordner hochgeladen.

markusg 15.07.2010 16:46
dann scanne mal mit deinem antivirus programm, nach einem update natürlich, teile uns das ergebniss mit

Mofa 15.07.2010 18:32
Ok, scan durchgeführt und es wurden nur 12 Cookies gefunden die gelöscht wurden.
Mehr wurde nicht gefunden
Hoffe des ist gut =)

markusg 16.07.2010 13:13
ja, endere nun mal alle passwörter. reinige mit dem ccleaner.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:17 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30