Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Googlechrome macht was es will.. (https://www.trojaner-board.de/88104-googlechrome-macht-will.html)

markusg 14.07.2010 20:40
kannst du es mal im abgesicherten modus versuchen?
beim pc start die f8-taste drücken, dann solltest du dort hingelangen

Mofa 14.07.2010 21:29
nach zig scans hab ich jetzt endlich die log file:


Combofix Logfile:
Code:
ComboFix 10-07-13.08 - Skillz 14.07.2010  22:10:11.4.2 - x86 MINIMAL
Microsoft Windows 7 Starter  6.1.7600.0.1252.49.1031.18.1014.681 [GMT 2:00]
ausgeführt von:: c:\users\Skillz\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-06-14 bis 2010-07-14  ))))))))))))))))))))))))))))))
.

2010-07-14 20:18 . 2010-07-14 20:18        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-07-14 20:18 . 2010-07-14 20:18        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-14 19:05 . 2009-10-31 05:45        2614272        ----a-w-        c:\windows\system32\userinit.exe
2010-07-14 18:03 . 2010-07-14 20:18        --------        d-----w-        c:\users\Skillz\AppData\Local\temp
2010-07-13 15:42 . 2010-07-13 15:42        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Malwarebytes
2010-07-13 15:42 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 15:42 . 2010-07-13 15:42        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-13 15:42 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-13 15:41 . 2010-07-13 15:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-12 21:17 . 2010-07-13 01:51        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-07-12 21:17 . 2010-07-12 21:19        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-07-12 19:17 . 2010-07-12 19:17        --------        d-----w-        c:\windows\system32\log
2010-07-11 19:50 . 2010-07-12 19:27        --------        d-----w-        c:\program files\Vector Magic
2010-07-11 18:12 . 2010-07-11 18:12        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Pegasys Inc
2010-07-11 18:11 . 2010-07-11 18:11        --------        d-----w-        c:\users\Skillz\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-11 18:09 . 2010-07-11 18:10        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-07-11 18:09 . 2010-07-11 18:10        --------        d-----w-        c:\program files\DVDVideoSoft
2010-07-11 05:51 . 2010-07-11 07:03        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Windows Live Writer
2010-07-11 05:51 . 2010-07-11 05:51        --------        d-----w-        c:\users\Skillz\AppData\Local\Windows Live Writer
2010-07-11 05:38 . 2010-07-12 05:49        --------        d-----w-        c:\users\Skillz\Tracing
2010-07-10 18:29 . 2010-07-10 18:29        --------        d-----w-        c:\users\Skillz\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2010-07-10 18:29 . 2010-07-10 18:26        53632        ----a-w-        c:\users\Skillz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-10 18:29 . 2010-07-10 18:26        53632        ----a-w-        c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-08 12:53 . 2010-07-08 12:56        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Apple Computer
2010-07-08 12:53 . 2010-07-08 12:53        --------        d-----w-        c:\users\Skillz\AppData\Local\Apple Computer
2010-07-08 12:52 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-08 12:52 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2010-07-08 12:51 . 2010-07-08 12:51        --------        d-----w-        c:\program files\iPod
2010-07-08 12:51 . 2010-07-08 12:52        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-08 12:51 . 2010-07-08 12:52        --------        d-----w-        c:\program files\iTunes
2010-07-08 12:47 . 2010-07-08 12:49        --------        d-----w-        c:\program files\QuickTime
2010-07-08 12:47 . 2010-07-08 12:51        --------        d-----w-        c:\programdata\Apple Computer
2010-07-08 12:47 . 2010-07-08 12:47        --------        d-----w-        c:\users\Skillz\AppData\Local\Apple
2010-07-08 12:47 . 2010-07-08 12:47        --------        d-----w-        c:\program files\Apple Software Update
2010-07-08 12:46 . 2010-07-08 12:46        --------        d-----w-        c:\program files\Bonjour
2010-07-08 12:45 . 2010-07-08 12:55        --------        d-----w-        c:\programdata\Apple
2010-07-08 12:45 . 2010-07-08 12:51        --------        d-----w-        c:\program files\Common Files\Apple
2010-07-03 19:18 . 2010-07-03 19:18        --------        d-----w-        C:\Skillz
2010-07-03 16:55 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-07-03 16:55 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-07-03 16:55 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-07-03 16:55 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-07-03 16:55 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-07-03 16:48 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-07-03 07:54 . 2010-07-14 19:42        --------        d-----w-        c:\users\Skillz\AppData\Roaming\ICQ
2010-07-03 07:54 . 2010-07-03 07:54        --------        d-----w-        c:\users\Skillz\AppData\Local\AOL
2010-07-03 07:54 . 2010-07-03 07:57        --------        d-----w-        c:\program files\ICQ7.2
2010-07-03 06:48 . 2010-05-09 09:14        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-07-03 06:48 . 2009-12-13 09:30        465408        ----a-w-        c:\windows\system32\psisdecd.dll
2010-07-03 06:48 . 2010-03-08 21:33        427520        ----a-w-        c:\windows\system32\vbscript.dll
2010-07-03 06:48 . 2009-09-26 05:58        194488        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2010-07-03 06:47 . 2009-10-31 05:45        2614272        ----a-w-        c:\windows\explorer.exe
2010-07-03 06:47 . 2009-10-28 06:17        285696        ----a-w-        c:\windows\system32\winlogon.exe
2010-07-03 06:47 . 2009-12-11 07:38        1037312        ----a-w-        c:\windows\system32\lsasrv.dll
2010-07-03 06:47 . 2009-12-11 07:44        133720        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2010-07-03 06:47 . 2010-03-04 07:33        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2010-07-03 06:45 . 2009-12-19 09:02        1328640        ----a-w-        c:\windows\system32\quartz.dll
2010-07-03 06:44 . 2010-04-23 07:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-07-03 06:43 . 2010-02-27 07:32        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-07-03 06:43 . 2010-02-27 07:32        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-07-03 06:43 . 2010-02-27 07:32        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-07-03 06:42 . 2010-05-27 03:49        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-07-03 06:42 . 2009-10-19 14:10        70656        ----a-w-        c:\windows\system32\fontsub.dll
2010-07-03 06:42 . 2010-05-27 07:24        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-07-02 21:40 . 2010-07-02 21:40        --------        d-----w-        c:\windows\ConfigSetRoot
2010-07-02 21:35 . 2010-02-01 13:53        79136        ----a-w-        c:\users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-02 21:35 . 2010-02-01 13:53        --------        d-----w-        c:\users\Default\AppData\Roaming\E-Cam
2010-07-02 21:35 . 2010-02-01 13:46        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2010-07-02 21:35 . 2010-02-01 13:46        --------        d-----w-        c:\users\Default\AppData\Local\Adobe
2010-07-02 21:35 . 2010-02-01 13:21        --------        d-----w-        c:\users\Default\AppData\Local\Broadcom
2010-07-02 21:35 . 2010-02-01 13:14        --------        d-----w-        c:\users\Default\AppData\Roaming\InstallShield
2010-07-02 20:18 . 2010-07-02 20:18        --------        d-----w-        c:\program files\Common Files\Java
2010-07-02 20:18 . 2010-07-02 20:17        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-07-02 20:17 . 2010-07-02 20:17        --------        d-----w-        c:\program files\Java
2010-07-02 18:40 . 2010-07-02 18:40        --------        d-----w-        c:\users\Skillz\AppData\Local\BVRP Software
2010-07-02 17:42 . 2010-07-02 17:42        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-02 17:42 . 2010-07-02 17:29        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-07-02 17:42 . 2010-07-02 17:28        895256        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-02 17:42 . 2010-07-02 17:42        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-02 17:42 . 2010-07-02 17:42        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-02 17:41 . 2010-07-02 17:41        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-07-02 17:41 . 2010-07-02 17:41        57715        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-07-02 17:40 . 2010-07-11 18:18        --------        d-----w-        c:\users\Skillz\AppData\Roaming\DivX
2010-07-02 17:39 . 2010-07-02 17:39        84062        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2010-07-02 17:39 . 2010-07-02 17:39        57609        ----a-w-        c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        57054        ----a-w-        c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        54166        ----a-w-        c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-02 17:39 . 2010-07-02 17:39        57532        ----a-w-        c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        56458        ----a-w-        c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54174        ----a-w-        c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54128        ----a-w-        c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54644        ----a-w-        c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        54101        ----a-w-        c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-02 17:38 . 2010-07-02 17:38        57409        ----a-w-        c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-02 17:37 . 2010-07-02 17:37        52963        ----a-w-        c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-02 17:36 . 2010-07-02 17:36        54073        ----a-w-        c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-02 17:36 . 2010-07-02 17:36        --------        d-----w-        c:\program files\Common Files\DivX Shared
2010-07-02 17:36 . 2010-07-02 17:36        56969        ----a-w-        c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-02 17:30 . 2010-07-11 18:09        --------        d-----w-        c:\program files\DivX
2010-07-02 17:30 . 2010-07-02 17:30        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-02 17:29 . 2010-07-02 17:42        --------        d-----w-        c:\programdata\DivX
2010-07-02 17:06 . 2010-07-02 17:06        --------        d-----w-        c:\users\Skillz\AppData\Roaming\Thunderbird
2010-07-02 17:06 . 2010-07-02 17:06        --------        d-----w-        c:\users\Skillz\AppData\Local\Thunderbird
2010-07-02 17:03 . 2010-07-02 17:41        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-02 16:49 . 2010-05-21 12:14        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-07-02 16:46 . 2009-12-04 16:05        1322680        ----a-w-        c:\windows\system32\drivers\vsapint.sys
2010-07-02 16:46 . 2009-12-04 16:39        230928        ----a-w-        c:\windows\system32\drivers\tmxpflt.sys
2010-07-02 16:46 . 2009-12-04 16:38        36368        ----a-w-        c:\windows\system32\drivers\tmpreflt.sys
2010-07-02 16:36 . 2010-07-02 16:40        --------        d-----w-        c:\users\Skillz\AppData\Local\Google
2010-07-02 16:30 . 2010-07-02 16:36        --------        d-----w-        c:\users\Skillz\AppData\Local\Deployment
2010-07-02 16:30 . 2010-07-02 16:30        --------        d-----w-        c:\users\Skillz\AppData\Local\Apps
2010-07-02 13:50 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\system32\wintrust.dll
2010-07-02 13:50 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\system32\cabview.dll
2010-06-15 18:01 . 2010-06-15 18:01        72504        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 20:13 . 2009-07-14 08:47        643628        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-14 20:13 . 2009-07-14 08:47        126188        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-10 18:28 . 2010-02-01 14:02        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2010-07-07 15:36 . 2010-07-07 15:36        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-07-03 17:26 . 2009-07-14 02:37        --------        d-----w-        c:\program files\Windows Mail
2010-07-03 07:54 . 2010-02-01 13:14        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Vorlagen
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Startmenü
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Favoriten
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Dokumente
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\programdata\Anwendungsdaten
2010-07-02 21:39 . 2010-07-02 21:39        --------        d-sh--we        c:\program files\Gemeinsame Dateien
2010-07-02 13:58 . 2010-02-01 15:16        --------        d-----w-        c:\programdata\Trend Micro
2010-07-02 13:47 . 2010-02-01 15:15        --------        d-----w-        c:\program files\Trend Micro
2010-05-21 05:18 . 2010-07-03 06:46        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-18 14:35 . 2010-05-18 14:35        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2010-05-01 14:49 . 2010-07-03 06:46        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-19 18:47 . 2010-04-19 18:47        3062048        ----a-w-        c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2010-04-19 18:47        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
.

(((((((((((((((((((((((((((((  SnapShot@2010-07-14_19.55.51  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-01 15:10 . 2010-07-14 20:02        32208              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-07-14 20:02        40210              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-07-02 21:37 . 2010-07-14 19:45        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-02 21:37 . 2010-07-14 20:02        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-02 21:37 . 2010-07-14 20:02        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-02 21:37 . 2010-07-14 19:45        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-14 19:45        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-07-14 20:02        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-03 06:34 . 2010-07-14 19:12        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-03 06:34 . 2010-07-14 20:06        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-03 06:34 . 2010-07-14 19:12        32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-03 06:34 . 2010-07-14 20:06        32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-03 06:34 . 2010-07-14 20:06        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-03 06:34 . 2010-07-14 19:12        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-02 13:48 . 2010-07-14 20:02        4376              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2144237666-3199333369-569597218-1000_UserData.bin
+ 2010-07-14 20:07 . 2010-07-14 20:07        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-14 19:43 . 2010-07-14 19:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-14 19:43 . 2010-07-14 19:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-14 20:07 . 2010-07-14 20:07        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-07-14 20:13        606992              c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-14 19:50        606992              c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-14 19:50        103370              c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-07-14 20:13        103370              c:\windows\System32\perfc009.dat
- 2009-09-22 02:46 . 2010-07-12 21:10        245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-22 02:46 . 2010-07-14 20:02        245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1024368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Skillz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\Skillz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-02 16:36        136176        ----atw-        c:\users\Skillz\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-07-12 19:54        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
R3 br3gmdm;BandLuxe 3.5G USB Adapter - MODEM;c:\windows\system32\DRIVERS\br3gmdm.sys [2009-09-02 107008]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-08-22 50704]
R3 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-08-22 146448]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-08-22 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-08-22 689416]
R3 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-08-22 283152]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144237666-3199333369-569597218-1000Core.job
- c:\users\Skillz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-02 16:36]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144237666-3199333369-569597218-1000UA.job
- c:\users\Skillz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-02 16:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Skillz\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-14  22:21:52
ComboFix-quarantined-files.txt  2010-07-14 20:21
ComboFix2.txt  2010-07-14 19:59

Vor Suchlauf: 12 Verzeichnis(se), 84.458.328.064 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 84.339.212.288 Bytes frei

- - End Of File - - 7E4A27F5C8EFA50C6FA3623E81036A7B
--- --- ---

markusg 14.07.2010 21:42
kannst du mal den inhalt folgender txt posten?
ComboFix-quarantined-files.txt

Mofa 14.07.2010 22:07
2010-07-14 19:57:36 . 2010-07-14 19:57:37 133 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ASUSPRP.reg.dat
2010-07-14 19:57:31 . 2010-07-14 19:57:31 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2010-07-14 18:02:02 . 2010-07-12 20:36:55 26,112 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\userinit.exe.vir
2010-07-14 17:43:23 . 2010-07-14 20:15:44 6,117 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-14 17:01:25 . 2010-07-14 20:10:11 362 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-07-13 05:28:22 . 2010-07-13 05:28:22 0 ----a-w- C:\Qoobox\Quarantine\C\System Volume Information\Windows Backup\Catalogs\GlobalCatalogLock.dat.vir
2010-02-01 15:32:25 . 2010-02-01 15:32:25 148,736 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\hpe3E66.dll.vir
2010-02-01 13:15:04 . 2010-07-14 17:17:21 330,264 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\Drivers\iaStor.sys.vir
2009-09-22 03:35:52 . 2009-07-14 14:27:26 7,680 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\Thumbs.db.vir
2009-07-14 00:15:29 . 2010-07-12 19:32:05 522,752 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\FXSSVC.exe.vir
2009-07-13 23:58:32 . 2010-07-12 20:36:02 14,848 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\regsvr32.exe.vir
2009-07-13 23:55:05 . 2010-07-12 19:32:23 12,800 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\snmptrap.exe.vir
2009-07-13 23:53:10 . 2010-07-12 19:31:58 59,392 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\alg.exe.vir
2009-07-13 23:44:02 . 2010-07-12 19:32:13 134,144 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\msdtc.exe.vir
2009-07-13 23:43:52 . 2010-07-12 20:29:31 7,168 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\dllhost.exe.vir
2009-07-13 23:43:49 . 2010-07-12 19:32:20 9,216 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\Locator.exe.vir
2009-07-13 23:41:43 . 2010-07-12 20:36:08 44,544 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\rundll32.exe.vir
2009-07-13 23:36:55 . 2010-07-12 19:32:31 35,840 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\UI0Detect.exe.vir
2009-07-13 23:32:18 . 2010-07-12 20:34:50 1,401,344 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\mmc.exe.vir
2009-07-13 23:31:17 . 2010-07-12 19:32:38 136,192 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\wbem\WmiApSrv.exe.vir
2009-07-13 23:30:45 . 2010-07-12 19:41:00 190,464 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\taskeng.exe.vir
2009-07-13 23:27:32 . 2010-07-12 20:37:19 360,448 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\WerFault.exe.vir
2009-07-13 23:24:05 . 2010-07-12 19:32:32 452,608 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\vds.exe.vir
2009-07-13 23:23:48 . 2010-07-12 19:32:34 1,202,688 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\wbengine.exe.vir
2009-07-13 23:22:31 . 2010-07-12 19:32:30 204,800 ----a-w- C:\Qoobox\Quarantine\C\windows\servicing\TrustedInstaller.exe.vir
2009-07-13 23:22:09 . 2010-07-12 20:28:09 301,568 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\cmd.exe.vir
2009-07-13 23:20:05 . 2010-07-12 19:30:00 233,984 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\msconfig.exe.vir
2009-07-13 23:19:25 . 2010-07-12 20:36:09 37,376 ----a-w- C:\Qoobox\Quarantine\C\windows\system32\sc.exe.vir

markusg 14.07.2010 23:24
kannst du mal den ordner qoobox, der sich auf c: befindet packen und zu uns hochladen?
evtl. dafür dein antivirus deaktiviren.

Mofa 15.07.2010 07:03
Kann ich irgendwie den ordner einfügen oder muss ich die ganzen datein einzeln hochladen?

markusg 15.07.2010 12:17
ne rechtsklick, zu qoobox.rar oder zip hinzufügen und das archiv hochladen

Mofa 15.07.2010 16:44
Ok, danke, =)

Hab den ordner hochgeladen.

markusg 15.07.2010 16:46
dann scanne mal mit deinem antivirus programm, nach einem update natürlich, teile uns das ergebniss mit

Mofa 15.07.2010 18:32
Ok, scan durchgeführt und es wurden nur 12 Cookies gefunden die gelöscht wurden.
Mehr wurde nicht gefunden
Hoffe des ist gut =)

markusg 16.07.2010 13:13
ja, endere nun mal alle passwörter. reinige mit dem ccleaner.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:07 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131