Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows VISTA aus sicherheisgründen gesperrt (https://www.trojaner-board.de/108003-windows-vista-sicherheisgruenden-gesperrt.html)

markusg 12.01.2012 21:32
ja, einfach doppelklicken, vorher alle aktieven programme aus, und anweisungen folgen.

cklemm 12.01.2012 21:56
Geschafft:

Combofix Logfile:
Code:
ComboFix 12-01-09.03 - Christian 12.01.2012  21:35:22.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3068.2536 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christian\AppData\Roaming\Mozilla\Firefox\firefox.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-12 bis 2012-01-12  ))))))))))))))))))))))))))))))
.
.
2012-01-12 20:50 . 2012-01-12 20:50        --------        d-----w-        c:\users\Christian\AppData\Local\temp
2012-01-12 20:50 . 2012-01-12 20:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-12 19:56 . 2012-01-12 19:56        --------        d-----w-        c:\program files\7-Zip
2012-01-12 19:23 . 2012-01-12 19:57        --------        d-----w-        C:\_OTL
2012-01-12 15:45 . 2012-01-12 15:45        102400        ----a-w-        c:\users\Christian\AppData\Roaming\Microsoft\A776\F0.tmp
2012-01-11 15:24 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll
2012-01-11 15:24 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-01-11 15:24 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 15:24 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 15:24 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-01-11 15:24 . 2011-12-01 15:21        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 15:24 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 15:24 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-10 13:22 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD038849-FEB0-4727-A924-E519FF8285D2}\mpengine.dll
2011-12-24 18:18 . 2011-12-24 18:18        --------        d-----w-        c:\users\Christian\Musik
2011-12-22 21:16 . 2012-01-11 15:00        --------        d-----w-        c:\program files\Common Files\Steam
2011-12-22 21:16 . 2012-01-12 16:00        --------        d-----w-        c:\program files\Steam
2011-12-22 20:59 . 2011-12-22 21:07        --------        d-----w-        c:\users\Christian\AppData\Local\Ubisoft Game Launcher
2011-12-22 20:46 . 2006-12-08 11:02        251672        ----a-w-        c:\windows\system32\xactengine2_5.dll
2011-12-22 20:46 . 2006-11-29 12:06        440080        ----a-w-        c:\windows\system32\d3dx10.dll
2011-12-22 20:46 . 2007-03-05 11:42        15128        ----a-w-        c:\windows\system32\x3daudio1_1.dll
2011-12-22 20:46 . 2006-11-29 12:06        3426072        ----a-w-        c:\windows\system32\d3dx9_32.dll
2011-12-22 20:46 . 2006-09-28 15:05        237848        ----a-w-        c:\windows\system32\xactengine2_4.dll
2011-12-22 20:46 . 2006-09-28 15:05        2414360        ----a-w-        c:\windows\system32\d3dx9_31.dll
2011-12-22 20:46 . 2006-07-28 08:30        236824        ----a-w-        c:\windows\system32\xactengine2_3.dll
2011-12-22 20:46 . 2006-07-28 08:30        62744        ----a-w-        c:\windows\system32\xinput1_2.dll
2011-12-22 20:21 . 2011-12-22 20:44        --------        d-----w-        c:\program files\Ubisoft
2011-12-22 20:20 . 2011-12-22 20:20        --------        d--h--w-        c:\users\Christian\InstallAnywhere
2011-12-22 12:56 . 2009-03-18 16:35        26176        ---ha-w-        c:\windows\system32\hamachi.sys
2011-12-15 16:15 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:15 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-10-22 11:21 . 2011-10-22 11:21        65536        ----a-w-        c:\windows\system32\frapsvid.dll
2011-11-13 08:49 . 2011-11-06 13:37        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
"{e0007d18-baa4-4573-ae78-8bea0958c610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2010-11-04 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-11-04 12:06        2735200        ----a-w-        c:\program files\Winload\tbWin1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24        2736736        ----a-w-        c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0007d18-baa4-4573-ae78-8bea0958c610}]
2009-07-15 08:09        2224152        ----a-w-        c:\program files\P2P_Max_DE\tbP2P_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36        1258808        ----a-w-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{e0007d18-baa4-4573-ae78-8bea0958c610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2010-11-04 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{E0007D18-BAA4-4573-AE78-8BEA0958C610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-22 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-08-01 253952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"OTL"="c:\users\Christian\Desktop\OTL(1).exe" [2012-01-12 584192]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [2009-01-13 77824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6e61108ec1c0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 16:54]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 16:54]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForChristian.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-26 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52667
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Read By Natural Voice Reader - c:\program files\Natural Voice Reader Standard\read.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\trj1lsez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52667
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ICQ - ~c:\program files\ICQ7.2\ICQ.exe
HKCU-Run-Firefox helper - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\firefox.exe
AddRemove-igLoader - c:\program files\igLoader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-12 21:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?2.tmp?Wi??P;H?????????????Q<A?????#?????????????????????:?P?G????;??????am Files\T-Mobile\T-Mobile Internet Manager\????c:\users????j???c:\Program Files\T-Mobile\T-Mobile Internet Mana
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-01-12  21:53:58
ComboFix-quarantined-files.txt  2012-01-12 20:53
.
Vor Suchlauf: 13 Verzeichnis(se), 112.205.828.096 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 112.824.197.120 Bytes frei
.
- - End Of File - - B6B977961350EA8A76CE818DC3F2599F
--- --- ---

cklemm 12.01.2012 22:02
Ist es möglich jetzt eine "Pause" bis morgen zu machen?

Also ich meine:
-kann ich Energiesparmodus machen oder Herunterfahren
-bist du morgen wieder da? :)

markusg 13.01.2012 13:01
ja, war möglich :-)

öffne start programme zubehör editor reinkopieren:

Killall::
Folder::
c:\users\Christian\AppData\Roaming\Microsoft\A776


datei speichern unter, ort wo sich combofix.exe befindet, typ alle dateien, name
cfscript.txt
ziehe cfscript auf combofix, programm startet log posten

cklemm 13.01.2012 18:02
So bin nun wieder da.
Hier das Log:
Combofix Logfile:
Code:
ComboFix 12-01-09.03 - Christian 13.01.2012  15:23:18.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3068.2584 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Christian\Desktop\cfscript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christian\AppData\Roaming\Microsoft\A776
c:\users\Christian\AppData\Roaming\Microsoft\A776\363C.tmp
c:\users\Christian\AppData\Roaming\Microsoft\A776\378B.tmp
c:\users\Christian\AppData\Roaming\Microsoft\A776\A30B.tmp
c:\users\Christian\AppData\Roaming\Microsoft\A776\B926.tmp
c:\users\Christian\AppData\Roaming\Microsoft\A776\F0.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-13 bis 2012-01-13  ))))))))))))))))))))))))))))))
.
.
2012-01-13 14:35 . 2012-01-13 14:40        --------        d-----w-        c:\users\Christian\AppData\Local\temp
2012-01-12 19:56 . 2012-01-12 19:56        --------        d-----w-        c:\program files\7-Zip
2012-01-12 19:23 . 2012-01-12 19:57        --------        d-----w-        C:\_OTL
2012-01-11 15:24 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll
2012-01-11 15:24 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-01-11 15:24 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 15:24 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 15:24 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-01-11 15:24 . 2011-12-01 15:21        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 15:24 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 15:24 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll
2011-12-24 18:18 . 2011-12-24 18:18        --------        d-----w-        c:\users\Christian\Musik
2011-12-22 21:16 . 2012-01-11 15:00        --------        d-----w-        c:\program files\Common Files\Steam
2011-12-22 21:16 . 2012-01-12 16:00        --------        d-----w-        c:\program files\Steam
2011-12-22 20:59 . 2011-12-22 21:07        --------        d-----w-        c:\users\Christian\AppData\Local\Ubisoft Game Launcher
2011-12-22 20:46 . 2006-12-08 11:02        251672        ----a-w-        c:\windows\system32\xactengine2_5.dll
2011-12-22 20:46 . 2006-11-29 12:06        440080        ----a-w-        c:\windows\system32\d3dx10.dll
2011-12-22 20:46 . 2007-03-05 11:42        15128        ----a-w-        c:\windows\system32\x3daudio1_1.dll
2011-12-22 20:46 . 2006-11-29 12:06        3426072        ----a-w-        c:\windows\system32\d3dx9_32.dll
2011-12-22 20:46 . 2006-09-28 15:05        237848        ----a-w-        c:\windows\system32\xactengine2_4.dll
2011-12-22 20:46 . 2006-09-28 15:05        2414360        ----a-w-        c:\windows\system32\d3dx9_31.dll
2011-12-22 20:46 . 2006-07-28 08:30        236824        ----a-w-        c:\windows\system32\xactengine2_3.dll
2011-12-22 20:46 . 2006-07-28 08:30        62744        ----a-w-        c:\windows\system32\xinput1_2.dll
2011-12-22 20:21 . 2011-12-22 20:44        --------        d-----w-        c:\program files\Ubisoft
2011-12-22 20:20 . 2011-12-22 20:20        --------        d--h--w-        c:\users\Christian\InstallAnywhere
2011-12-22 12:56 . 2009-03-18 16:35        26176        ---ha-w-        c:\windows\system32\hamachi.sys
2011-12-15 16:15 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:15 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2012-01-10 13:22        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD038849-FEB0-4727-A924-E519FF8285D2}\mpengine.dll
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-10-22 11:21 . 2011-10-22 11:21        65536        ----a-w-        c:\windows\system32\frapsvid.dll
2011-11-13 08:49 . 2011-11-06 13:37        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
"{e0007d18-baa4-4573-ae78-8bea0958c610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2010-11-04 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-11-04 12:06        2735200        ----a-w-        c:\program files\Winload\tbWin1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24        2736736        ----a-w-        c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0007d18-baa4-4573-ae78-8bea0958c610}]
2009-07-15 08:09        2224152        ----a-w-        c:\program files\P2P_Max_DE\tbP2P_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36        1258808        ----a-w-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{e0007d18-baa4-4573-ae78-8bea0958c610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2010-11-04 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{E0007D18-BAA4-4573-AE78-8BEA0958C610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-22 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-08-01 253952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"OTL"="c:\users\Christian\Desktop\OTL(1).exe" [2012-01-12 584192]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [2009-01-13 77824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6e61108ec1c0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 16:54]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 16:54]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForChristian.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-26 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52667
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Read By Natural Voice Reader - c:\program files\Natural Voice Reader Standard\read.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\trj1lsez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52667
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-13 15:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?2.tmp?Wi??P;H?????????????Q<A?????#?????????????????????:?P?G????;??????am Files\T-Mobile\T-Mobile Internet Manager\????c:\users????j???c:\Program Files\T-Mobile\T-Mobile Internet Mana
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-13  15:47:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-13 14:47
ComboFix2.txt  2012-01-12 20:53
.
Vor Suchlauf: 18 Verzeichnis(se), 113.263.697.920 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 113.109.331.968 Bytes frei
.
- - End Of File - - CE260C860927E83106617F6E4F1A74C2
--- --- ---

markusg 13.01.2012 18:30
noch ne kleinigkeit vergessen.
start programme zubehör editor reinkopieren:

Killall::
DDS::
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52667


datei speichern unter, ort, dort wo sich combofix.exe befindet, typ alle dateien, name
cfscript.txt
altes cfscript überschreiben.
wieder auf combofix ziehen, log posten.

cklemm 13.01.2012 19:07
Kann ich inzwischen wieder in den normalen Modus oder immernoch alles über den abgesicherten Modus?

Combofix Logfile:
Code:
ComboFix 12-01-09.03 - Christian 13.01.2012  18:41:28.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3068.2404 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Christian\Desktop\cfscript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-13 bis 2012-01-13  ))))))))))))))))))))))))))))))
.
.
2012-01-13 17:53 . 2012-01-13 17:56        --------        d-----w-        c:\users\Christian\AppData\Local\temp
2012-01-13 17:53 . 2012-01-13 17:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-12 19:56 . 2012-01-12 19:56        --------        d-----w-        c:\program files\7-Zip
2012-01-12 19:23 . 2012-01-12 19:57        --------        d-----w-        C:\_OTL
2012-01-11 15:24 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll
2012-01-11 15:24 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-01-11 15:24 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 15:24 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 15:24 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-01-11 15:24 . 2011-12-01 15:21        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 15:24 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 15:24 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll
2011-12-24 18:18 . 2011-12-24 18:18        --------        d-----w-        c:\users\Christian\Musik
2011-12-22 21:16 . 2012-01-11 15:00        --------        d-----w-        c:\program files\Common Files\Steam
2011-12-22 21:16 . 2012-01-12 16:00        --------        d-----w-        c:\program files\Steam
2011-12-22 20:59 . 2011-12-22 21:07        --------        d-----w-        c:\users\Christian\AppData\Local\Ubisoft Game Launcher
2011-12-22 20:46 . 2006-12-08 11:02        251672        ----a-w-        c:\windows\system32\xactengine2_5.dll
2011-12-22 20:46 . 2006-11-29 12:06        440080        ----a-w-        c:\windows\system32\d3dx10.dll
2011-12-22 20:46 . 2007-03-05 11:42        15128        ----a-w-        c:\windows\system32\x3daudio1_1.dll
2011-12-22 20:46 . 2006-11-29 12:06        3426072        ----a-w-        c:\windows\system32\d3dx9_32.dll
2011-12-22 20:46 . 2006-09-28 15:05        237848        ----a-w-        c:\windows\system32\xactengine2_4.dll
2011-12-22 20:46 . 2006-09-28 15:05        2414360        ----a-w-        c:\windows\system32\d3dx9_31.dll
2011-12-22 20:46 . 2006-07-28 08:30        236824        ----a-w-        c:\windows\system32\xactengine2_3.dll
2011-12-22 20:46 . 2006-07-28 08:30        62744        ----a-w-        c:\windows\system32\xinput1_2.dll
2011-12-22 20:21 . 2011-12-22 20:44        --------        d-----w-        c:\program files\Ubisoft
2011-12-22 20:20 . 2011-12-22 20:20        --------        d--h--w-        c:\users\Christian\InstallAnywhere
2011-12-22 12:56 . 2009-03-18 16:35        26176        ---ha-w-        c:\windows\system32\hamachi.sys
2011-12-15 16:15 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:15 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2012-01-10 13:22        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD038849-FEB0-4727-A924-E519FF8285D2}\mpengine.dll
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-10-22 11:21 . 2011-10-22 11:21        65536        ----a-w-        c:\windows\system32\frapsvid.dll
2011-11-13 08:49 . 2011-11-06 13:37        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
"{e0007d18-baa4-4573-ae78-8bea0958c610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2010-11-04 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-11-04 12:06        2735200        ----a-w-        c:\program files\Winload\tbWin1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24        2736736        ----a-w-        c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0007d18-baa4-4573-ae78-8bea0958c610}]
2009-07-15 08:09        2224152        ----a-w-        c:\program files\P2P_Max_DE\tbP2P_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36        1258808        ----a-w-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{e0007d18-baa4-4573-ae78-8bea0958c610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2010-11-04 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{E0007D18-BAA4-4573-AE78-8BEA0958C610}"= "c:\program files\P2P_Max_DE\tbP2P_.dll" [2009-07-15 2224152]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e0007d18-baa4-4573-ae78-8bea0958c610}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-22 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-08-01 253952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"OTL"="c:\users\Christian\Desktop\OTL(1).exe" [2012-01-12 584192]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [2009-01-13 77824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6e61108ec1c0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 16:54]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 16:54]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForChristian.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-26 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Read By Natural Voice Reader - c:\program files\Natural Voice Reader Standard\read.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\trj1lsez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52667
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-13 18:59
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?2.tmp?Wi??P;H?????????????Q<A?????#?????????????????????:?P?G????;??????am Files\T-Mobile\T-Mobile Internet Manager\????c:\users????j???c:\Program Files\T-Mobile\T-Mobile Internet Mana
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-01-13  19:03:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-13 18:03
ComboFix2.txt  2012-01-13 14:47
ComboFix3.txt  2012-01-12 20:53
.
Vor Suchlauf: 18 Verzeichnis(se), 113.109.848.064 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 113.009.938.432 Bytes frei
.
- - End Of File - - 8466D01A1F6FA097285308407ECB0EF3
--- --- ---

markusg 13.01.2012 19:56
sollte gehen.

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

cklemm 14.01.2012 10:18
Hab ich gemacht:

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.13.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

13.01.2012 20:10:16
mbam-log-2012-01-13 (20-10-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 586463
Laufzeit: 4 Stunde(n), 26 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\Christian\Programme\wirelesskey\WirelessKeyView.exe (PUP.WirelessKeyView) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\Christian\AppData\Roaming\Microsoft\A776\F0.tmp.vir (Trojan.Gbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01122012_202353\C_Program Files\C2D06\lvvm.exe (Trojan.Gbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01122012_202353\C_Programme\LP\A776\38B.exe (Trojan.Gbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01122012_202353\C_Users\Christian\AppData\Roaming\firefox.exe (Trojan.Gbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01122012_202353\C_Users\Christian\AppData\Roaming\606C2\B00A7.exe (Trojan.Gbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01122012_202353\C_Users\Christian\AppData\Roaming\C2D06\lvvm.exe (Trojan.Gbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\01122012_202353\C_Users\Christian\AppData\Roaming\Microsoft\A776\38B.exe (Trojan.Gbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 14.01.2012 17:21
hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

cklemm 14.01.2012 18:02
Ich habe übrigens noch ein kleines Problem:
jedes mal wenn ich firefox starte muss ich die Proxy einstellungen jedesmal neu ändern. Lässt sich das evtl dauerhaft einstellen?

Programmliste:

Code:
7-Zip 9.20                11.01.2012        3,54MB        notwendig
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        24.04.2009        14,0MB        unbekannt       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        14.03.2010                10.0.45.2 notwendig
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        28.07.2011                10.3.181.34 notwendig
Adobe Photoshop CS2        Adobe Systems, Inc.        30.03.2011        218MB        9.0 unnötig
Adobe Reader 9.4.0 - Deutsch        Adobe Systems Incorporated        20.10.2010        164,2MB        9.4.0 notwendig
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        14.03.2010        8,79MB        11.5.6.606 unbekannt
Akamai NetSession Interface                19.12.2011        5,68MB        unbekannt
Akamai NetSession Interface Service                09.11.2011        5,68MB        unbekannt
Amazing Slow Downer (remove only)                08.05.2009        2,55MB        notwendig
AMD USB Audio Driver Filter        Advanced Micro Devices, Inc.        24.04.2009        48,00KB        1.0.7.0031 unbekannt
AOL Toolbar 5.0        AOL LLC        24.04.2009        2,83MB        5.2.78.2 unbekannt
Apple Application Support        Apple Inc.        19.10.2011        61,2MB        2.1.5 unbekannt
Apple Mobile Device Support        Apple Inc.        19.10.2011        24,1MB        4.0.0.96 unbekannt
Apple Software Update        Apple Inc.        19.10.2011        2,38MB        2.1.3.127 notwendig
Atheros Driver Installation Program        Atheros        24.04.2009        1,07MB        5.0 unbekannt
ATI Catalyst Install Manager        ATI Technologies, Inc.        24.04.2009        13,7MB        3.0.708.0 unbekannt
Audacity 1.3.11 (Unicode)        Audacity Team        08.03.2010        34,3MB        notwendig
avast! Free Antivirus        AVAST Software        13.01.2012        239MB        6.0.1289.0 notwendig
AVS Update Manager 1.0        Online Media Technologies Ltd.        18.08.2009        9,55MB        unbekannt
AVS Video Converter 6        Online Media Technologies Ltd.        18.08.2009        22,9MB        unbekannt
AVS4YOU Software Navigator 1.3        Online Media Technologies Ltd.        18.08.2009        8,84MB        unbekannt
BitZipper 2010        Bitberry Software        27.11.2011        14,2MB        unnötig
Bonjour        Apple Inc.        19.10.2011        0,73MB        3.0.0.10 unbekannt
Bricx Command Center                12.06.2011        46,3MB        notwendig
CCleaner        Piriform        13.01.2012        4,13MB        3.14 notwendig
Clash N Slash 1.23        Enkord        02.02.2011        15,8MB        1.23 unnötig
Compatibility Pack für 2007 Office System        Microsoft Corporation        15.12.2011        64,0MB        12.0.6425.1000 unbekannt
ConvertHelper 2.2        DownloadHelper        15.02.2010        29,5MB        unbekannt
CyberLink DVD Suite        CyberLink Corp.        25.02.2009        16,6MB        6.0.2326 notwendig
DemonFlyFFv15        Ihr Firmenname        05.07.2010        2.590MB        1.36.0000 unnötig
Dev-C++ 5 beta 9 release (4.9.9.2)                21.09.2010 notwendig               
DivX Converter        DivX, Inc.        23.07.2010        45,3MB        7.1.0 unnötig
DivX Plus DirectShow Filters        DivX, Inc.        23.07.2010        1,58MB unbekannt       
DivX-Setup        DivX, Inc.        27.10.2010        2,09MB        2.1.2.2 unbekannt
Driver San Francisco        Ubisoft        21.12.2011        9.866MB        1.2.0.0 notwendig
FIFA Fussball-Weltmeisterschaft 2006 (TM)                08.11.2009        2.884MB        notwendig
Firebird SQL Server - MAGIX Edition        MAGIX AG        27.06.2010        6,22MB        2.0.1.13 notwendig
Fraps                11.12.2011                notwendig
Free iPod Video Converter 1.34        Jodix Technologies Ltd.        02.02.2010        5,35MB        unnötig
Free Natural Voice Text to Speech Reader        Natural Voices Readers        29.10.2010        11,3MB        2.9 unbekannt
Free NaturalReader        NaturalSoft Limited        29.10.2010        13,3MB        9.0 unbekannt
Free Video to Flash Converter version 4.1        DVDVideoSoft Limited.        06.06.2009        10,5MB        notwendig
Free YouTube to MP3 Converter version 3.10.11.923        DVDVideoSoft Ltd.        28.09.2011        2,21MB        notwendig
GIMP 2.6.8                24.04.2010        98,6MB        unnötig
Google Chrome        Google Inc.        29.07.2009        154,8MB        16.0.912.75 notwendig
Google Earth        Google        12.11.2011        92,8MB        6.1.0.5001 notwendig
Google SketchUp 7        Google, Inc.        24.04.2010        68,1MB        2.1.6863 unbekannt
HP Active Support Library        Hewlett-Packard        25.02.2009        20,5MB        3.1.9.1 unbekannt
HP Customer Experience Enhancements        Hewlett-Packard        25.02.2009        0,98MB        5.7.0.2664 unbekannt
HP Help and Support        Hewlett-Packard Company        25.02.2009        30,7MB        2.1.3.0 unbekannt
HP MediaSmart DVD        Hewlett-Packard        24.04.2009        48,8MB        2.1.2328 unbekannt
HP MediaSmart Music/Photo/Video        Hewlett-Packard        24.04.2009        223MB        2.1.2425 unbekannt
HP MediaSmart SmartMenu        Hewlett-Packard        24.04.2009        11,9MB        2.1.7 unbekannt
HP MediaSmart TV        Hewlett-Packard        14.09.2009        90,2MB        2.1.1409 unbekannt
HP MediaSmart Webcam        Hewlett-Packard        24.04.2009        73,5MB        2.1.1124 notwendig
HP Quick Launch Buttons 6.40 L1        Hewlett-Packard        25.02.2009        15,2MB        6.40 L1 notwendig
HP Total Care Advisor        Hewlett-Packard        25.02.2009        21,7MB        2.4.5479.2842  unbekannt
HP Total Care Setup        Hewlett-Packard Company        25.02.2009                1.1.2413.2876  unbekannt
HP Update        Hewlett-Packard        25.02.2009        3,80MB        4.000.013.003  unbekannt
HP User Guides 0126        Hewlett-Packard        25.02.2009        135,3MB        1.04.0000  unbekannt
HP Wireless Assistant        Hewlett-Packard        25.02.2009        3,43MB        3.50 A6 notwendigg
HyperCam 2                25.07.2009        1,41MB        unnötig
ICQ Toolbar        ICQ        05.07.2010                3.0.0 unnötig
ICQ7.2        ICQ        11.12.2010        47,3MB        7.2 notwendig
IDT Audio        IDT        24.04.2009        31,6MB        1.0.6087.22 unbekannt
iTunes        Apple Inc.        19.10.2011        168,7MB        10.5.0.142 notwendig
Java(TM) 6 Update 27        Sun Microsystems, Inc.        14.06.2010        97,2MB        6.0.270  unbekannt
JMicron Flash Media Controller Driver        JMicron Technology Corp.        24.04.2009        1,54MB        1.00.22.05  unbekannt
L&H TTS3000 Deutsch  unbekannt                29.10.2010               
LabelPrint        CyberLink Corp.        25.02.2009        241MB        2.5.1118  unbekannt
Lame ACM MP3 Codec                29.10.2010                unbekannt
Lernout & Hauspie TruVoice American English TTS Engine                29.10.2010 unbekannt               
LesefixPRO        Dr. Michael Schlesier        29.10.2010        23,5MB        8.00 unnötig
LightScribe System Software  1.14.17.1        LightScribe        24.04.2009        21,0MB        1.14.17.1  unbekannt
Logitech Touch Mouse Server 1.0        Logitech Inc.        27.01.2010        0,27MB        1.0  unbekannt
LuPO 1.0.2.41        Ministerium für Schule, Wissenschaft und Forschung NRW        07.03.2011        15,2MB notwendig       
MAGIX Music Maker for MySpace 15.0.1.8 (D)        MAGIX AG        27.06.2010        206MB        15.0.1.8c notwendig
Malwarebytes Anti-Malware Version 1.60.0.1800        Malwarebytes Corporation        12.01.2012        11,5MB        1.60.0.1800 notwendig
McAfee SiteAdvisor        McAfee, Inc.        10.01.2012        9,30MB        3.4.189 unnötig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        06.05.2009        37,0MB          unbekannt
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        06.05.2009        37,0MB        unbekannt
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.06.2010        120,3MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.06.2010        24,5MB        4.0.30319 unbekannt
Microsoft IntelliPoint 8.0        Microsoft        27.02.2011        32,1MB        8.01.249.0 unbekannt
Microsoft Office Home and Student 2007        Microsoft Corporation        16.06.2010        297MB        12.0.6425.1000 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        15.12.2011        89,0MB        12.0.6425.1000 unbekannt
Microsoft Office Professional Plus 2007        Microsoft Corporation        16.06.2010        561MB        12.0.6425.1000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        15.06.2010        0,24MB        8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        17.06.2011        0,29MB        8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        26.04.2011        0,58MB        9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        25.02.2009        0,58MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        17.03.2011        0,22MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        11.05.2010        0,58MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        17.06.2011        0,58MB        9.0.30729.6161 unbekannt
Microsoft Works        Microsoft Corporation        15.12.2010        378MB        9.7.0621 unbekannt
MobileMe Control Panel        Apple Inc.        19.10.2010        11,8MB        3.1.3.0 unbekannt
Mozilla Firefox 8.0 (x86 de)        Mozilla        12.11.2011        41,7MB        8.0 notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        06.05.2009        1,28MB        4.20.9870.0  unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        1,34MB        4.20.9876.0 unbekannt
muvee Reveal        muvee Technologies Pte Ltd        24.04.2009        152,9MB        7.0.35.6951 unbekannt
My HP Games        WildTangent        24.04.2009        205MB        1.0.0.62  unbekannt
Need for Speed™ Carbon                28.10.2011        4.995MB        unnötig
Need for Speed™ Most Wanted                06.03.2010        2.820MB unnötig       
Need For Speed™ World        Electronic Arts        23.10.2011        12,6MB        1.0.0.659 unnötig
Neffy 1,3,29,0        CDNetworks        30.05.2010        1,87MB        1,3,29,0  unbekannt
OpenOffice.org 3.2        OpenOffice.org        14.06.2010        379MB        3.2.9502 unnötig
P2P_Max_DE Toolbar                16.08.2009        2,34MB        unbekannt
Pinnacle VideoSpin        Pinnacle Systems        15.06.2010        188,8MB        2.0.0.669 unbekannt
Power2Go        CyberLink Corp.        25.02.2009        164,1MB        6.0.2325 unbekannt
PowerDirector        CyberLink Corp.        25.02.2009        467MB        7.0.2317 unbekannt
ProtectSmart Hard Drive Protection        Hewlett-Packard        24.04.2009        2,04MB        3.10 A7 unbekannt
QuickTime        Apple Inc.        31.10.2011        73,3MB        7.71.80.42 notwendig
RarZilla Free Unrar        Philipp Winterberg        10.07.2011        1,88MB        3.31 unbekannt
Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        24.04.2009        2,02MB        1.00.0001 unbekannt
RollerCoaster Tycoon 2                14.07.2010        555MB        notwendig
Skype™ 5.0        Skype Technologies S.A.        07.12.2010        15,2MB        5.0.152 notwendig
softonic-de3 Toolbar        softonic-de3        29.10.2010        2,82MB        5.7.1.1 unnötig
SPORE Creature Creator Trial Edition        Electronic Arts        24.04.2009        1,86MB        1.00.0000 unbekannt
Steam        Valve        21.12.2011        42,1MB        1.0.0.0 unbekannt
Steganos Safe One        Steganos GmbH        30.06.2010        54,3MB        10.0.2 unbekannt
Stronghold 2 Deluxe        Firefly Studios        07.11.2009        1.178MB        1.30 notwendig
Sweet Home 3D version 2.3        eTeks        24.04.2010        99,1MB        unnötig
SweetIM for Messenger 2.7        SweetIM Technologies Ltd.        09.07.2009        3,69MB        2.7.0008 unbekannt
SweetIM Toolbar for Internet Explorer 3.4        SweetIM Technologies Ltd.        09.07.2009        2,98MB        3.4.0010 unnötig
Synaptics Pointing Device Driver        Synaptics        24.04.2009        16,1MB        12.1.0.0  unbekannt
T-Mobile Internet Manager        Huawei Technologies Co.,Ltd        31.07.2011        44,9MB        11.301.05.00.108 notwendig
TeamSpeak 3 Client        TeamSpeak Systems GmbH        06.08.2010        25,8MB        notwendig
TextAloud        NextUp.com        29.10.2010        6,42MB        2.0  unbekannt
TmNationsForever        Nadeo        26.02.2010        717MB        unbekannt
Total Commander (Remove or Repair)        Ghisler Software GmbH        28.05.2010        6,00MB        7.50a notwendig
TrueCrypt        TrueCrypt Foundation        30.06.2010        7,38MB        6.3a  unbekannt
Ubisoft Game Launcher        UBISOFT        21.12.2011        39,3MB        1.0.0.0 unbekannt
Uninstall 1.0.0.1                06.06.2009        15,7MB        unbekannt
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)        ENE        24.04.2009                09/04/2008 2.6.0.0 unbekannt
Winload Toolbar                29.10.2010        5,07MB        unnötig

markusg 14.01.2012 18:04
öffne mal firefox, dort auf extras einstellungen erweitert, netzwerk, dort eintrag bei proxy löschen, keinen proxy verwenden, übernehmen ok.


hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52667
FF - prefs.js..network.proxy.type: 1
 :Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

cklemm 14.01.2012 18:08
Ich gehe auf Einstellungen > Einstellungen > Erweitert > Netzwerk > Einstellungen > lösche die Angeben und haken bei Keine Proxys und übernehme das.

Extras kann ich bei mir nicht finden.

Das mache ich jedesmal wenn ich Firefox neu starte, aber es stellt sich immerwieder zurück.

markusg 14.01.2012 18:09
schau mal, hab noch was editirt, füre das script mal aus.

cklemm 14.01.2012 19:12
Geht leider immernochnicht:

Code:
All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 52667 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Christian
->Flash cache emptied: 689 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Christian
->Temp folder emptied: 796843 bytes
->Temporary Internet Files folder emptied: 1323910 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81542679 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1013234 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 81,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01142012_181223

Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:32 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129