Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System Tool entfernen, aber wie ? (https://www.trojaner-board.de/94756-system-tool-entfernen.html)

markusg 15.01.2011 19:43
ok, jetzt warte ich auf den upload :-)

NewEra 15.01.2011 19:50
so habe es jetzt genau so gemacht, hoffe es war auch richtig von mir :)
dieses system tool ist endlich verschwunden, dank dir.
hätte noch eine frage an dich, und zwar, kannst du mir ein gutes antivir programm empfehlen, IObit security, aber halte nichts davon.

markusg 15.01.2011 20:00
hi
wir sind noch nicht fertig.
erst mal möchte ich wissen, machst du mit dem system onlinebanking, einkäufe oder sonst was wichtiges?

NewEra 15.01.2011 20:06
nein, nur mit mädls chatten und bisschen zocken :-)
warum ?

markusg 15.01.2011 20:08
jo mit mädels chatten ist immer gut
weil du einen passwort stealer auf dem system hast, und es nötig gewesen währe, die bank zu informieren zb.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

NewEra 15.01.2011 20:55
so habe alles so gemacht wie du es geschrieben hast!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5525

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.01.2011 20:45:49
mbam-log-2011-01-15 (20-45-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 285126
Laufzeit: 28 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0A6633AF-12F5-3CF7-AC60-F31F5A1E98D2} (Trojan.ZbotR.Gen) -> Value: {0A6633AF-12F5-3CF7-AC60-F31F5A1E98D2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj.exe (Trojan.FakeAlert) -> Value: mscj.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscjm.exe (Trojan.Downloader) -> Value: mscjm.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\malacuxatx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\malacuxatx.exe\malacuxatx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Users\Bünyamin\downloads\spinpalace.exe (PUP.Casino.Gen) -> Not selected for removal.
c:\_OTL\movedfiles\01152011_192030\c_programdata\hhppc10800\hhppc10800.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01152011_192030\C_Users\Bünyamin\AppData\Roaming\38810\mscj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01152011_192030\C_Users\Bünyamin\AppData\Roaming\38810\mscjm.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\malacuxatx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

markusg 16.01.2011 11:54
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

NewEra 16.01.2011 12:06
da steht aber nur für xp und vista.
ich besitze windows 7.

markusg 16.01.2011 12:14
geht trotzdem :-)

NewEra 16.01.2011 12:38
Combofix Logfile:
Code:
ComboFix 11-01-15.01 - Bünyamin 16.01.2011  12:18:24.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3933.1787 [GMT 1:00]
ausgeführt von:: c:\users\Bünyamin\AppData\Local\Temp\q489z3hy.tmp\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Bünyamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Bünyamin\AppData\Roaming\MSA

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-16 bis 2011-01-16  ))))))))))))))))))))))))))))))
.

2011-01-16 11:22 . 2011-01-16 11:22        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-16 07:43 . 2011-01-16 07:43        --------        d-----w-        c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-15 18:20 . 2011-01-15 18:44        --------        d-----w-        C:\_OTL
2011-01-15 13:44 . 2011-01-15 15:14        --------        d-----w-        c:\program files (x86)\Enigma Software Group
2011-01-14 09:29 . 2010-11-10 05:35        8199504        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{89411B39-8830-449C-9FAC-5017EDD1928F}\mpengine.dll
2011-01-14 08:43 . 2011-01-14 08:44        --------        d-----w-        c:\users\Bünyamin\AppData\Roaming\Apple Computer
2011-01-14 08:43 . 2011-01-14 08:43        --------        d-----w-        c:\users\Bünyamin\AppData\Local\Apple Computer
2011-01-14 08:39 . 2011-01-14 08:40        --------        d-----w-        c:\program files (x86)\Safari
2011-01-14 08:39 . 2011-01-14 08:39        --------        d-----w-        c:\programdata\Apple Computer
2011-01-14 08:31 . 2011-01-14 08:31        --------        d-----w-        c:\program files (x86)\Bonjour
2011-01-14 08:31 . 2011-01-14 08:31        --------        d-----w-        c:\program files\Bonjour
2011-01-14 08:28 . 2011-01-14 08:28        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2011-01-14 08:24 . 2011-01-14 08:24        --------        d-----w-        c:\program files (x86)\Apple Software Update
2011-01-12 19:38 . 2011-01-12 19:38        --------        d-----w-        C:\0ef54aad7b3dcd57879dee647557fb
2011-01-12 08:57 . 2010-10-16 05:17        720896        ----a-w-        c:\windows\system32\odbc32.dll
2011-01-12 08:57 . 2010-10-16 05:16        1425408        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:57 . 2010-10-16 04:34        573440        ----a-w-        c:\windows\SysWow64\odbc32.dll
2011-01-12 08:57 . 2010-10-16 05:16        495616        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:57 . 2010-10-16 05:16        466944        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:57 . 2010-10-16 05:16        258048        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:57 . 2010-10-16 04:33        372736        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 08:57 . 2010-10-16 04:33        352256        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 08:57 . 2010-10-16 04:33        987136        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 08:57 . 2010-10-16 04:33        208896        ----a-w-        c:\program files (x86)\Common Files\System\msadc\msadco.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-05-17 15:46        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-05-17 15:46        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-04 06:35 . 2010-12-15 22:34        1194496        ----a-w-        c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 22:34        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 22:34        978944        ----a-w-        c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 22:34        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 22:34        482816        ----a-w-        c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 22:34        386048        ----a-w-        c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 22:34        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 22:34        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 22:34        524288        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 22:34        473600        ----a-w-        c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 22:34        1169408        ----a-w-        c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 22:34        1114624        ----a-w-        c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 22:34        464384        ----a-w-        c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 22:34        285696        ----a-w-        c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 22:34        496128        ----a-w-        c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 22:34        305152        ----a-w-        c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 22:34        192000        ----a-w-        c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 22:34        179712        ----a-w-        c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-15 22:34        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 22:34        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2010-10-20 05:20 . 2010-12-15 22:34        46080        ----a-w-        c:\windows\system32\atmlib.dll
2010-10-20 04:54 . 2010-12-15 22:34        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2010-10-20 03:09 . 2010-12-15 22:34        3124224        ----a-w-        c:\windows\system32\win32k.sys
2010-10-20 03:05 . 2010-12-15 22:34        367104        ----a-w-        c:\windows\system32\atmfd.dll
2010-10-20 02:58 . 2010-12-15 22:34        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll
2010-10-19 09:41 . 2010-05-16 12:28        270720        ------w-        c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}"= "c:\program files (x86)\Gamers Unite! Snag Bar\Helper.dll" [2010-12-21 356864]

[HKEY_CLASSES_ROOT\clsid\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E2A57EE8-6A26-499F-95F8-A96E5C3BE17E}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2010-12-21 20:35        1536000        ----a-w-        c:\program files (x86)\Gamers Unite! Snag Bar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files (x86)\Gamers Unite! Snag Bar\Toolbar.dll" [2010-12-21 1536000]

[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 360448]
"Camfrog"="c:\program files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2009-10-13 41864]
"ICQ"="c:\program files (x86)\ICQ7.1\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2009-11-13 1278736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2009-11-13 312592]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-20 446976]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to Mp3 Converter - c:\users\Bünyamin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Bünyamin\AppData\Roaming\Mozilla\Firefox\Profiles\uqt4q2sq.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=52601793&tool_id=62781&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Wow6432Node-HKCU-Run-malacuxatx.exe - c:\malacuxatx\malacuxatx.exe
Wow6432Node-HKCU-Run-mscjm - c:\users\bünyamin\appdata\roaming\38810\mscjm.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file)
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,5a,e7,d2,6c,ba,05,45,99,fc,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,5a,e7,d2,6c,ba,05,45,99,fc,62,\

[HKEY_USERS\S-1-5-21-1216154300-2363009702-2723066814-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-1216154300-2363009702-2723066814-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-16  12:24:56
ComboFix-quarantined-files.txt  2011-01-16 11:24

Vor Suchlauf: 13 Verzeichnis(se), 203.963.965.440 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 204.090.232.832 Bytes frei

- - End Of File - - C17FB62C70F7BE8D65E54D8C13B7A25E
--- --- ---

markusg 16.01.2011 12:59
jetzt kümmern wir uns mal um die optimierung deines pcs, er ist zb total überladen
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

NewEra 16.01.2011 13:44
also brauche alles bis auf camfrog!

Adobe AIR Adobe Systems Inc. 14.01.2011 1.5.2.8870
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 14.01.2011 10.0.42.34
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 14.01.2011 10.0.42.34
Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 07.09.2009 234,0MB 9.1.0
Apple Application Support Apple Inc. 13.01.2011 52,8MB 1.4.0
Apple Software Update Apple Inc. 13.01.2011 2,16MB 2.1.1.116
Avanquest update Avanquest Software 06.07.2010 1.23
Bonjour Apple Inc. 14.01.2011 2.0.4.0
Camfrog Video Chat 5.5 Camshare LC 14.01.2011 5.5.236
CCleaner Piriform 14.01.2011 2.32
Compatibility Pack für 2007 Office System Microsoft Corporation 09.11.2010 137,7MB 12.0.6425.1000
Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 28.07.2010 8,10MB
Free YouTube to MP3 Converter version 3.7 DVDVideoSoft Limited. 28.07.2010 32,1MB
Gamers Unite! Snag Bar 14.01.2011 1.514
Grand Theft Auto San Andreas Rockstar Games 13.10.2010 1.00.00001
ICQ7.1 ICQ 23.05.2010 7.1
Intel(R) Graphics Media Accelerator Driver Intel Corporation 07.09.2009 8.15.10.1883
Intel® Matrix Storage Manager Intel Corporation 07.09.2009
IObit Security 360 IObit 15.05.2010 1.0
Java(TM) 6 Update 14 Sun Microsystems, Inc. 07.09.2009 97,5MB 6.0.140
MAGIX Music Maker for MySpace 15.0.1.8 (D) MAGIX AG 21.07.2010 15.0.1.8
Malwarebytes' Anti-Malware Malwarebytes Corporation 14.01.2011 10,5MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 07.09.2009 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 07.09.2009 4.0.30319
Microsoft Office Home and Student 2007 Microsoft Corporation 14.01.2011 12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.11.2010 99,2MB 12.0.6425.1000
Microsoft Office Suite Activation Assistant Microsoft Corporation 07.09.2009 8,37MB 2.9
Microsoft Silverlight Microsoft Corporation 17.12.2010 108,5MB 4.0.51204.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.09.2009 1,72MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.01.2010 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.11.2009 0,42MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 28.01.2010 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 08.09.2009 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.03.2010 0,58MB 9.0.30729.4148
Microsoft Works Microsoft Corporation 15.12.2010 878,0MB 9.7.0621
Mozilla Firefox (3.6.13) Mozilla 14.01.2011 3.6.13 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 23.07.2010 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.07.2010 1,33MB 4.20.9876.0
Nokia Connectivity Cable Driver 07.09.2009 6.80.5.1
Opera 11.00 Opera Software ASA 10.01.2011 28,2MB 11.00
PlayReady PC Runtime amd64 Microsoft Corporation 08.09.2009 1.3.0
Realtek 8136 8168 8169 Ethernet Driver Realtek 07.09.2009 1.00.0005
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.11.2009 6.0.1.5904
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 25.11.2009 6.1.7600.30101
Realtek WLAN Driver Realtek 25.11.2009 1,54MB 2.00.0006
Safari Apple Inc. 13.01.2011 41,3MB 5.33.19.4
Skype(TM) Launcher Skype Technologies S.A. 14.01.2011
Skype™ 4.2 Skype Technologies S.A. 22.11.2010 31,7MB 4.2.187
Sony Ericsson PC Suite 3.106.00 Sony Ericsson 02.04.2010 3.106.00
Synaptics Pointing Device Driver Synaptics Incorporated 07.09.2009 13.2.6.1
Toshiba Assist TOSHIBA 07.09.2009 3.00.09
TOSHIBA Bulletin Board TOSHIBA Corporation 14.01.2011 1.0.04.64
TOSHIBA ConfigFree TOSHIBA Corporation 25.11.2009 67,6MB 8.0.21
TOSHIBA Disc Creator TOSHIBA Corporation 08.09.2009 2.1.0.1 for x64
TOSHIBA DVD PLAYER TOSHIBA Corporation 25.11.2009 3.01.0.07-A
TOSHIBA eco Utility TOSHIBA Corporation 25.11.2009 6,93MB 1.1.10.64
TOSHIBA Extended Tiles for Windows Mobility Center 14.01.2011
TOSHIBA Face Recognition TOSHIBA Corporation 14.01.2011 3.1.1.64
TOSHIBA Flash Cards Support Utility TOSHIBA CORPORATION 07.09.2009 20,00KB 1.63.0.4C
TOSHIBA Hardware Setup TOSHIBA CORPORATION 07.09.2009 7,90MB 1.63.0.11C
TOSHIBA HDD/SSD Alert TOSHIBA Corporation 07.09.2009 38,0MB 3.1.64.0
Toshiba Manuals TOSHIBA 07.09.2009 10.00
Toshiba Online Product Information TOSHIBA 07.09.2009 2.08.0001
TOSHIBA PC Health Monitor TOSHIBA Corporation 26.11.2009 1.4.1.64
Toshiba Photo Service - powered by myphotobook myphotobook GmbH 14.01.2011 1.0.0-663
TOSHIBA Recovery Media Creator TOSHIBA Corporation 08.09.2009 2.1.0.2 for x64
TOSHIBA Recovery Media Creator Reminder TOSHIBA 07.09.2009 0,45MB 1.00.0019
TOSHIBA ReelTime TOSHIBA Corporation 14.01.2011 1.0.04.64
TOSHIBA SD Memory Utilities TOSHIBA 26.11.2009 1.9.1.12
TOSHIBA Service Station TOSHIBA 25.11.2009 2.1.33
TOSHIBA Supervisorkennwort TOSHIBA CORPORATION 07.09.2009 1,95MB 1.63.0.7C
Toshiba TEMPRO Toshiba Europe GmbH 07.09.2009 10,8MB 3.05
TOSHIBA Value Added Package TOSHIBA Corporation 25.11.2009 87,7MB 1.2.25.64
TOSHIBA Web Camera Application TOSHIBA Corporation 25.11.2009 1.1.1.4
TRORMCLauncher 14.01.2011
Uninstall 1.0.0.1 28.07.2010 10,6MB
WildTangent-Spiele WildTangent 14.01.2011 1.0.0.71
Windows Live Essentials Microsoft Corporation 07.09.2009 15.4.3502.0922
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 10.10.2010 5,58MB 15.4.5722.2
Windows Live Sync Microsoft Corporation 07.09.2009 2,79MB 14.0.8089.726
WinRAR 14.01.2011

markusg 16.01.2011 15:54
du brauchst die ganzen TOSHIBA programme?

NewEra 16.01.2011 16:56
ja eigentlich nicht, hab die noch nie benutzt xD
aber sind da wichtige dabei, die ich vielleicht später gebrauchen kann?
sry war jetzt nicht am pc.

markusg 16.01.2011 16:58
von toshiba alles weg außer
TOSHIBA Recovery Media Creator
Adobe Reader 9.4
ersetzen:
Adobe - Adobe Reader herunterladen - Alle Versionen

bitte den mcafee security scan nicht mit instalieren.
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok


cam pro ebenfalls weg.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:12 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131