| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundeskriminalamt TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2011, 10:57
| #16 |
| /// Selecta Jahrusso   |  Bundeskriminalamt Trojaner Lade die Logfiles bitte bei File-Upload.net und poste die mir den Downloadlink.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.12.2011, 12:59
| #17 |
 | Bundeskriminalamt Trojaner Attach
__________________File-Upload.net - Attach.txt DDS File-Upload.net - DDS.txt Gmer File-Upload.net - Gmer.txt |
|
28.12.2011, 13:01
| #18 |
| | Bundeskriminalamt Trojaner hxxp://www.file-upload.net/download-3984766/Gmer.txt.html"]hxxp://www.file-upload.net/download-3984766/Gmer.txt.html
__________________hxxp://www.file-upload.net/download-3984761/Attach.txt.html%22%5Dhxxp://www.file-upload.net/download-3984761/Attach.txt.html hxxp://www.file-upload.net/download-3984773/DDS.txt.html jetzt müssts gehen. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22 Run by Alex at 1:20:40 on 2011-12-28 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3582.2578 [GMT 1:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe C:\Program Files\FILSHtray\FILSHtray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\ooVoo\ooVoo.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\FsUsbExService.Exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=dc6c6fd000000000000000e04d7e6868 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uURLSearchHooks: H - No File uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll mURLSearchHooks: H - No File BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\users\alex\appdata\roaming\mediaf~1\extens~1\GENCRA~1.DLL BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uRun: [Steam] "c:\program files\steam\steam.exe" -silent uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized uRun: [EPSON Stylus SX200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiefe.exe /fu "c:\windows\temp\E_S6CD9.tmp" /EF "HKCU" uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [Facebook Update] "c:\users\alex\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray uRun: [avupdate] c:\users\alex\appdata\roaming\mahmud.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [NPSStartup] mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I mRun: [FILSHtray] "c:\program files\filshtray\FILSHtray.exe" mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Download with &Media Finder - c:\program files\media finder\hook.html IE: Free YouTube to Mp3 Converter - c:\users\alex\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{6A3E80D0-CB5D-4B23-B11B-9ACA34DE8356} : NameServer = 192.168.178.118,192.168.178.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\h0gb3idv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16225&locale=en_US&apn_uid=46F36E9B-2352-4784-B2D1-67270400629D&apn_ptnrs=QQ&apn_sauid=D462EEE6-269B-4644-8896-71151FBD8533&apn_dtid=YYYYYYYYDE&&q= FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\h0gb3idv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\h0gb3idv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\h0gb3idv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\h0gb3idv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\h0gb3idv.default\extensions\engine@conduit.com\components\RadioWMPCore.dll FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\h0gb3idv.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\alex\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - dc6c6fd000000000000000e04d7e6868 FF - user.js: extensions.BabylonToolbar_i.hardId - dc6c6fd000000000000000e04d7e6868 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15323 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:24:03 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-3-16 13696] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-1-7 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-7 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-7 66616] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-11-28 238952] R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-7-25 246584] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-9-3 173352] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-28 36608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-7 136176] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-5-15 14336] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-5-15 20736] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-5-15 20096] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-5-15 25088] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-7 136176] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-12-28 00:10:41 -------- d-----w- c:\users\alex\appdata\roaming\Avira 2011-12-28 00:04:45 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eec7866a-3b8a-44af-96e3-edbbc7397ea2}\offreg.dll 2011-12-27 16:46:22 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eec7866a-3b8a-44af-96e3-edbbc7397ea2}\mpengine.dll 2011-12-24 13:48:17 -------- d-----w- c:\windows\system32\RTCOM 2011-12-24 13:42:46 1740352 ----a-w- c:\windows\system32\FMAPO.dll 2011-12-15 21:12:42 -------- d-----w- c:\users\alex\appdata\roaming\Media Finder 2011-12-15 21:12:23 -------- d-----w- c:\users\alex\appdata\roaming\Babylon 2011-12-15 21:12:23 -------- d-----w- c:\users\alex\appdata\local\Babylon 2011-12-15 21:12:23 -------- d-----w- c:\programdata\Babylon 2011-12-12 21:25:57 319456 ----a-w- c:\windows\DIFxAPI.dll 2011-12-12 21:25:54 4158568 ----a-w- c:\windows\system32\RtkAPO.dll 2011-12-12 21:25:51 -------- d-----w- c:\program files\Realtek 2011-12-12 21:21:48 1284712 ----a-w- c:\windows\RtlExUpd.dll 2011-12-12 21:21:48 -------- d--h--w- c:\program files\Temp 2011-12-10 17:37:27 -------- d-----w- c:\users\alex\appdata\local\FILSH_Media_GmbH 2011-12-10 17:37:14 -------- d-----w- c:\program files\FILSHtray . ==================== Find3M ==================== . 2011-12-08 18:54:35 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-20 15:55:43 834048 ----a-w- c:\windows\system32\wininet.dll 2011-10-20 14:08:44 389632 ----a-w- c:\windows\system32\html.iec 2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll . ============= FINISH: 1:21:44,45 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume1 Install Date: 25.07.2010 19:13:20 System Uptime: 28.12.2011 01:04:24 (0 hours ago) . Motherboard: BIOSTAR Group | | GF7025-M2 TE Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 170 GiB total, 46,524 GiB free. D: is FIXED (NTFS) - 128 GiB total, 102,403 GiB free. E: is CDROM (CDFS) F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Description: AMD K8-Prozessor Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_1 Manufacturer: Advanced Micro Devices Name: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_1 Service: AmdK8 . ==== System Restore Points =================== . . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.3 - Deutsch Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Audials Audials TV Audio Recorder for FREE 2010 v12.8.1 AutocompletePro Avira AntiVir Personal - Free Antivirus Babylon toolbar on IE BIOS Flash Bonjour CABAL Online Camera RAW Plug-In for EPSON Creativity Suite CDBurnerXP Conduit Engine Counter-Strike: Source Counter-Strike: Source Beta Die Sims™ 3 DivX-Setup Driver Detective EasyBits GO EPSON Attach To Email EPSON Easy Photo Print EPSON File Manager EPSON Scan EPSON Scan Assistant EPSON Stylus SX200 Series Printer Uninstall EPSON Stylus SX200_SX400_TX200_TX400 Handbuch Facebook Video Calling 1.0.0.8953 FILSHtray Version 0.5 Free Audio CD Burner version 1.4.8.426 Free YouTube to MP3 Converter version 3.9.35.324 GIMP 2.6.11 Google Earth Google Update Helper Guitar Hero III Guitar Pro 5.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HW Monitor ICQ Toolbar ICQ7.2 iTunes Java Auto Updater Java(TM) 6 Update 22 Just Cause 2 Demo LG United Mobile Driver LMMS 0.4.12 Logitech Vid HD Logitech Webcam Software Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime Mozilla Firefox 8.0 (x86 de) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need For Speed™ World Nero BurnLite 10 Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update Norton Security Scan NVIDIA Display Control Panel NVIDIA Drivers NVIDIA PhysX ooVoo OpenOffice.org 3.3 Opera 11.10 Origin PartyPoker Project64 1.6 PVSonyDll QuickTime Rainmeter Realtek High Definition Audio Driver Risen RocketDock 1.3.5 Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) simfy Skype Toolbars Skype™ 5.5 softonic-de3 Toolbar Solid Edge V20 Steam TeamViewer 5 TmNationsForever Uniblue RegistryBooster 2010 Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) VC80CRTRedist - 8.0.50727.4053 Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) WinRAR World of Warcraft . ==== End Of File =========================== Geändert von Larusso (28.12.2011 um 19:14 Uhr) |
|
28.12.2011, 19:19
| #19 | |
| /// Selecta Jahrusso | Bundeskriminalamt Trojaner Deinstalliere bitte Ask Toolbar Skype Toolbars ( << wenn nicht wirklich benötigt ) softonic-de3 Toolbar Ich sehe das Du sogenannte Registry Cleaner am System hast. In deinem Fall Uniblue RegistryBooster 2010. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort Combofix.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.12.2011, 21:16
| #20 |
| | Bundeskriminalamt Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-12-28.03 - Alex 28.12.2011 20:55:34.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3582.2101 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\driver
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-28 ))))))))))))))))))))))))))))))
.
.
2011-12-28 20:04 . 2011-12-28 20:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC7866A-3B8A-44AF-96E3-EDBBC7397EA2}\offreg.dll
2011-12-28 20:02 . 2011-12-28 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 00:10 . 2011-12-28 00:10 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira
2011-12-27 16:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC7866A-3B8A-44AF-96E3-EDBBC7397EA2}\mpengine.dll
2011-12-24 13:48 . 2011-12-24 13:48 -------- d-----w- c:\windows\system32\RTCOM
2011-12-24 13:42 . 2011-05-05 14:24 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-12-15 21:12 . 2011-12-21 22:31 -------- d-----w- c:\users\Alex\AppData\Roaming\Media Finder
2011-12-15 21:12 . 2011-12-15 21:24 474 ----a-w- C:\user.js
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\users\Alex\AppData\Roaming\Babylon
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\users\Alex\AppData\Local\Babylon
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\programdata\Babylon
2011-12-12 21:25 . 2011-12-24 13:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-12 21:25 . 2011-05-31 09:09 4158568 ----a-w- c:\windows\system32\RtkAPO.dll
2011-12-12 21:25 . 2011-12-12 21:25 -------- d-----w- c:\program files\Realtek
2011-12-12 21:21 . 2011-12-24 13:49 -------- d--h--w- c:\program files\Temp
2011-12-12 21:21 . 2011-05-27 16:58 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\users\Alex\AppData\Local\FILSH_Media_GmbH
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\program files\FILSHtray
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:54 . 2010-07-26 11:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 22:13 . 2011-03-26 19:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-03 1242448]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-11-20 22453840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-01-13 395192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2011-12-08 585728]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-11-20 09:40 22453840 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-04-28 18:15 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
2011-12-28 c:\windows\Tasks\Norton Security Scan for Alex.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-26 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=dc6c6fd000000000000000e04d7e6868
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Free YouTube to Mp3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{6A3E80D0-CB5D-4B23-B11B-9ACA34DE8356}: NameServer = 192.168.178.118,192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h0gb3idv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16225&locale=en_US&apn_uid=46F36E9B-2352-4784-B2D1-67270400629D&apn_ptnrs=QQ&apn_sauid=D462EEE6-269B-4644-8896-71151FBD8533&apn_dtid=YYYYYYYYDE&q=
FF - user.js: extensions.BabylonToolbar_i.id - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.hardId - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15323
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
HKCU-Run-avupdate - c:\users\Alex\AppData\Roaming\mahmud.exe
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Logitech Vid\vid.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(7572)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\lpksetup.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-28 21:13:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-28 20:12
.
Vor Suchlauf: 14 Verzeichnis(se), 50.824.327.168 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 52.951.343.104 Bytes frei
.
- - End Of File - - 578880AE6355325E27D7F5AE49D496A4
|
|
28.12.2011, 21:36
| #21 |
| /// Selecta Jahrusso | Bundeskriminalamt Trojaner Deinstalliere bitte Babylon toolbar on IE ( hab ich vorher vergessen :O ) Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die  + R Taste --> Notepad (hinein schreiben) --> OKKopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FireFox::
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h0gb3idv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16225&locale=en_US&apn_uid=46F36E9B-2352-4784-B2D1-67270400629D&apn_ptnrs=QQ&apn_sauid=D462EEE6-269B-4644-8896-71151FBD8533&apn_dtid=YYYYYYYYDE&q=
DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=dc6c6fd000000000000000e04d7e6868
ClearJavaCache::
Wichtig:
Downloade Dir bitte Malwarebytes
Bitte poste in deiner nächsten Antwort Combofix.txt MBAM Log
__________________ --> Bundeskriminalamt Trojaner |
|
28.12.2011, 22:24
| #22 |
| | Bundeskriminalamt Trojaner is jetz alles fertig oder muss ich noch irgendwas machen ? |
|
28.12.2011, 22:30
| #23 |
| /// Selecta Jahrusso | Bundeskriminalamt Trojaner Die Logs posten wär ne Idee oder nicht
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.12.2011, 00:00
| #24 |
| | Bundeskriminalamt Trojaner Sorry hab den letzten post nich gesehen :O Combofix Logfile: Code:
ATTFilter ComboFix 11-12-28.03 - Alex 28.12.2011 23:08:57.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3582.2325 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Alex\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-28 ))))))))))))))))))))))))))))))
.
.
2011-12-28 22:14 . 2011-12-28 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 20:04 . 2011-12-28 20:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC7866A-3B8A-44AF-96E3-EDBBC7397EA2}\offreg.dll
2011-12-28 00:10 . 2011-12-28 00:10 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira
2011-12-27 16:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC7866A-3B8A-44AF-96E3-EDBBC7397EA2}\mpengine.dll
2011-12-24 13:48 . 2011-12-24 13:48 -------- d-----w- c:\windows\system32\RTCOM
2011-12-24 13:42 . 2011-05-05 14:24 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-12-15 21:12 . 2011-12-21 22:31 -------- d-----w- c:\users\Alex\AppData\Roaming\Media Finder
2011-12-15 21:12 . 2011-12-15 21:24 474 ----a-w- C:\user.js
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\users\Alex\AppData\Roaming\Babylon
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\users\Alex\AppData\Local\Babylon
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\programdata\Babylon
2011-12-12 21:25 . 2011-12-24 13:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-12 21:25 . 2011-05-31 09:09 4158568 ----a-w- c:\windows\system32\RtkAPO.dll
2011-12-12 21:25 . 2011-12-12 21:25 -------- d-----w- c:\program files\Realtek
2011-12-12 21:21 . 2011-12-24 13:49 -------- d--h--w- c:\program files\Temp
2011-12-12 21:21 . 2011-05-27 16:58 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\users\Alex\AppData\Local\FILSH_Media_GmbH
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\program files\FILSHtray
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:54 . 2010-07-26 11:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 22:13 . 2011-03-26 19:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-03 1242448]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-11-20 22453840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-01-13 395192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2011-12-08 585728]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-11-20 09:40 22453840 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-04-28 18:15 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
2011-12-28 c:\windows\Tasks\Norton Security Scan for Alex.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-26 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Free YouTube to Mp3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{6A3E80D0-CB5D-4B23-B11B-9ACA34DE8356}: NameServer = 192.168.178.118,192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h0gb3idv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/
FF - user.js: extensions.BabylonToolbar_i.id - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.hardId - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15323
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-28 23:15
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-28 23:16:37
ComboFix-quarantined-files.txt 2011-12-28 22:16
ComboFix2.txt 2011-12-28 20:13
.
Vor Suchlauf: 14 Verzeichnis(se), 52.545.155.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 52.529.885.184 Bytes frei
.
- - End Of File - - DFF7323B04910F0317E947544E792E54
Malwarebytes Anti-Malware (Test) 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2011.12.28.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Alex :: ALEX-PC [Administrator] Schutz: Aktiviert 28.12.2011 23:55:28 mbam-log-2011-12-28 (23-55-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 170771 Laufzeit: 3 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
29.12.2011, 02:01
| #25 |
| /// Selecta Jahrusso | Bundeskriminalamt Trojaner Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die + R Taste --> Notepad (hinein schreiben) --> OKKopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter File::
c:\windows\Tasks\Norton Security Scan for Alex.job
Folder::
c:\users\Alex\AppData\Roaming\Babylon
c:\users\Alex\AppData\Local\Babylon
FireFox::
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h0gb3idv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
Wichtig:
ESET Online Scanner
Bitte poste in deiner nächsten Antwort Combofix.txt log.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.12.2011, 00:26
| #26 |
| |  Bundeskriminalamt Trojaner ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6092a5a8642dc14b8d73d14fac0f3d7a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-29 11:21:14 # local_time=2011-12-30 12:21:14 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 984045 61730939 159444 0 # compatibility_mode=5892 16776573 100 100 4733 162726820 0 0 # compatibility_mode=8192 67108863 100 0 3727 3727 0 0 # scanned=225951 # found=8 # cleaned=0 # scan_time=6756 C:\Users\Alex\AppData\Roaming\OpenCandy\OpenCandy_CA83C2C2977B4F89B679B2728E34C321\registrybooster(9).exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Users\Alex\Downloads\lmms-0.4.12-win32.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Alex\Downloads\Setup19_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Users\Alex\Downloads\SoftonicDownloader12536.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Alex\Downloads\SoftonicDownloader_fuer_audio-recorder-for-free.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Alex\Downloads\SoftonicDownloader_fuer_cdburnerxp-pro.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Alex\Downloads\SoftonicDownloader_fuer_nero-burning-rom.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Alex\Downloads\SoftonicDownloader_fuer_tunebite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I Combofix Logfile: Code:
ATTFilter ComboFix 11-12-29.04 - Alex 29.12.2011 21:59:42.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3582.2357 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Alex\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Norton Security Scan for Alex.job"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Local\Babylon
c:\users\Alex\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Alex\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Alex\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Alex\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Alex\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb
c:\users\Alex\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Alex\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Alex\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Alex\AppData\Roaming\Babylon
c:\users\Alex\AppData\Roaming\Babylon\log_file.txt
c:\windows\Tasks\Norton Security Scan for Alex.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
----- Datei Replikatoren -----
.
c:\programdata\Adobe\Reader\9.3\ARM\10223\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\10223\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\10223\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\10444\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\10444\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\10444\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\10534\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\10534\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\10534\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\13116\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\13116\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\13116\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\1353\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\1353\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\1353\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\1482\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\1482\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\1482\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\14918\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\14918\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\14918\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\14950\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\14950\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\14950\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\16471\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\16471\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\16471\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17479\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17479\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\17479\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17604\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17604\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\17604\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17613\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17613\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\17613\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17868\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\17868\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\17868\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\18084\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\18084\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\18084\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\19362\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\19362\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\19362\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\21137\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\21137\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\21137\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\21714\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\21714\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\21714\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\21722\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\21722\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\21722\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\22626\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\22626\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\22626\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\22801\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\22801\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\22801\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\2300\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\2300\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\2300\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\26494\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\26494\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\26494\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\26672\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\26672\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\26672\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\27410\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\27410\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\27410\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\29137\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\29137\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\29137\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\30181\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\30181\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\30181\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\30246\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\30246\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\30246\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\31403\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\31403\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\31403\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\32313\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\32313\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\32313\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\32339\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\32339\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\32339\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\3349\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\3349\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\3349\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\3861\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\3861\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\3861\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\4082\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\4082\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\4082\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\47\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\47\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\47\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\4782\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\4782\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\4782\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\5605\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\5605\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\5605\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\7070\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\7070\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\7070\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\7162\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\7162\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\7162\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\8364\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\8364\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\8364\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\8691\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\8691\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\8691\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\9259\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.3\ARM\9259\AdobeARM.exe
c:\programdata\Adobe\Reader\9.3\ARM\9259\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10223\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10223\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10223\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10444\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10444\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10444\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10534\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10534\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\10534\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\13116\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\13116\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\13116\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\1353\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\1353\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\1353\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\1482\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\1482\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\1482\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\14918\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\14918\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\14918\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\14950\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\14950\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\14950\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\16471\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\16471\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\16471\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17479\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17479\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17479\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17604\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17604\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17604\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17613\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17613\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17613\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17868\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17868\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\17868\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\18084\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\18084\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\18084\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\19362\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\19362\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\19362\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21137\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21137\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21137\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21714\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21714\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21714\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21722\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21722\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\21722\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\22626\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\22626\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\22626\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\22801\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\22801\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\22801\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\2300\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\2300\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\2300\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\26494\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\26494\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\26494\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\26672\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\26672\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\26672\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\27410\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\27410\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\27410\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\29137\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\29137\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\29137\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\30181\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\30181\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\30181\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\30246\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\30246\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\30246\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\31403\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\31403\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\31403\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\32313\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\32313\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\32313\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\32339\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\32339\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\32339\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\3349\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\3349\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\3349\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\3861\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\3861\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\3861\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\4082\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\4082\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\4082\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\47\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\47\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\47\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\4782\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\4782\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\4782\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\5605\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\5605\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\5605\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\7070\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\7070\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\7070\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\7162\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\7162\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\7162\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\8364\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\8364\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\8364\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\8691\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\8691\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\8691\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\9259\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\9259\AdobeARM.exe
c:\users\All Users\Adobe\Reader\9.3\ARM\9259\ReaderUpdater.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-29 ))))))))))))))))))))))))))))))
.
.
2011-12-29 21:09 . 2011-12-29 21:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC7866A-3B8A-44AF-96E3-EDBBC7397EA2}\offreg.dll
2011-12-29 21:08 . 2011-12-29 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 22:36 . 2011-12-28 22:36 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2011-12-28 22:36 . 2011-12-28 22:36 -------- d-----w- c:\programdata\Malwarebytes
2011-12-28 22:36 . 2011-12-28 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-28 22:36 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 00:10 . 2011-12-28 00:10 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira
2011-12-27 16:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC7866A-3B8A-44AF-96E3-EDBBC7397EA2}\mpengine.dll
2011-12-24 13:48 . 2011-12-24 13:48 -------- d-----w- c:\windows\system32\RTCOM
2011-12-24 13:42 . 2011-05-05 14:24 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-12-15 21:12 . 2011-12-21 22:31 -------- d-----w- c:\users\Alex\AppData\Roaming\Media Finder
2011-12-15 21:12 . 2011-12-15 21:24 474 ----a-w- C:\user.js
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\programdata\Babylon
2011-12-12 21:25 . 2011-12-24 13:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-12 21:25 . 2011-05-31 09:09 4158568 ----a-w- c:\windows\system32\RtkAPO.dll
2011-12-12 21:25 . 2011-12-12 21:25 -------- d-----w- c:\program files\Realtek
2011-12-12 21:21 . 2011-12-24 13:49 -------- d--h--w- c:\program files\Temp
2011-12-12 21:21 . 2011-05-27 16:58 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\users\Alex\AppData\Local\FILSH_Media_GmbH
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\program files\FILSHtray
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:54 . 2010-07-26 11:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 22:13 . 2011-03-26 19:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-03 1242448]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-11-20 22453840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-01-13 395192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2011-12-08 585728]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-11-20 09:40 22453840 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-04-28 18:15 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Free YouTube to Mp3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{6A3E80D0-CB5D-4B23-B11B-9ACA34DE8356}: NameServer = 192.168.178.118,192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h0gb3idv.default\
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/
FF - user.js: extensions.BabylonToolbar_i.id - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.hardId - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15323
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:24
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\lpksetup.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-29 22:19:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-29 21:19
ComboFix2.txt 2011-12-28 22:16
ComboFix3.txt 2011-12-28 20:13
.
Vor Suchlauf: 14 Verzeichnis(se), 52.541.161.472 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 52.460.732.416 Bytes frei
.
- - End Of File - - 9407FDE3CB77A754BD27F576AF01C32F
der rechner läuft super  |
|
30.12.2011, 01:04
| #27 |
| /// Selecta Jahrusso | Bundeskriminalamt Trojaner Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die + R Taste --> Notepad (hinein schreiben) --> OKKopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FireFox::
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h0gb3idv.default\
FF - user.js: extensions.BabylonToolbar_i.id - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.hardId - dc6c6fd000000000000000e04d7e6868
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15323
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:24
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
FileLook::
c:\users\All Users\Adobe\Reader\9.3\ARM\32339\AdobeARM.exe
Wichtig:
Bitte poste in deiner nächsten Antwort Combofix.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.12.2011, 15:02
| #28 |
| | Bundeskriminalamt Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-12-29.05 - Alex 30.12.2011 14:31:14.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3582.2334 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Alex\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-30 ))))))))))))))))))))))))))))))
.
.
2011-12-30 13:39 . 2011-12-30 13:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACBCF213-5FC0-4A2B-8E83-6880D1489177}\offreg.dll
2011-12-30 13:38 . 2011-12-30 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 11:28 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACBCF213-5FC0-4A2B-8E83-6880D1489177}\mpengine.dll
2011-12-29 21:26 . 2011-12-29 21:26 -------- d-----w- c:\program files\ESET
2011-12-29 21:19 . 2011-12-30 13:50 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-12-28 22:36 . 2011-12-28 22:36 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2011-12-28 22:36 . 2011-12-28 22:36 -------- d-----w- c:\programdata\Malwarebytes
2011-12-28 22:36 . 2011-12-28 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-28 22:36 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 00:10 . 2011-12-28 00:10 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira
2011-12-24 13:48 . 2011-12-24 13:48 -------- d-----w- c:\windows\system32\RTCOM
2011-12-24 13:42 . 2011-05-05 14:24 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-12-15 21:12 . 2011-12-21 22:31 -------- d-----w- c:\users\Alex\AppData\Roaming\Media Finder
2011-12-15 21:12 . 2011-12-15 21:24 474 ----a-w- C:\user.js
2011-12-15 21:12 . 2011-12-15 21:12 -------- d-----w- c:\programdata\Babylon
2011-12-12 21:25 . 2011-12-24 13:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-12 21:25 . 2011-05-31 09:09 4158568 ----a-w- c:\windows\system32\RtkAPO.dll
2011-12-12 21:25 . 2011-12-12 21:25 -------- d-----w- c:\program files\Realtek
2011-12-12 21:21 . 2011-12-24 13:49 -------- d--h--w- c:\program files\Temp
2011-12-12 21:21 . 2011-05-27 16:58 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\users\Alex\AppData\Local\FILSH_Media_GmbH
2011-12-10 17:37 . 2011-12-10 17:37 -------- d-----w- c:\program files\FILSHtray
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:54 . 2010-07-26 11:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 22:13 . 2011-03-26 19:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-03 1242448]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-11-20 22453840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-01-13 395192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2011-12-08 585728]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-11-20 09:40 22453840 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-04-28 18:15 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423811842-671068153-3358250599-1000UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 19:17]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 22:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Free YouTube to Mp3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{6A3E80D0-CB5D-4B23-B11B-9ACA34DE8356}: NameServer = 192.168.178.118,192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h0gb3idv.default\
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-30 14:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6032)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-30 14:54:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-30 13:54
ComboFix2.txt 2011-12-28 22:16
ComboFix3.txt 2011-12-28 20:13
.
Vor Suchlauf: 14 Verzeichnis(se), 52.527.337.472 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 52.244.250.624 Bytes frei
.
- - End Of File - - EA14B19A6E37398B334F27BBE6105B92
Kann ich dann die Programme wieder löschen oder müssen die drauf bleiben ? |
|
30.12.2011, 15:37
| #29 |
| /// Selecta Jahrusso | Bundeskriminalamt Trojaner Wenn du keine weiteren Probleme mehr hast, sind wir hier fertig. Bitte folge den letzten paar Schritten. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Downloade dir bitte OTC Starte das Tool mit Doppelklick. Dies wird die meisten Logfiles, Tools usw die wir benötigt haben, entfernen. Sollte etwas bestehen bleiben, bitte manuell löschen. Lösche bitte auf deinem USB Stick die srep.exe sowie den Ordner Infected Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.12.2011, 15:57
| #30 |
| | Bundeskriminalamt Trojaner wenn ich das Combofix/Uninstall eingebe kommt "Combofix konnte nicht gefunden werden. Stellen sie sicher, das sie den Namen richtig eingegeben haben und wiederholen sie den Vorgang" aber die ComboFix is ja nochauf meinem Desktop.. |
|
| Themen zu Bundeskriminalamt Trojaner |
| abgesicherte, abgesicherten, ahnung, bka - trojaner, bka bundeskriminalamt virus, bka ukash, bundeskriminalamt, dringend, einzige, funktionier, funktioniert, funktioniert nicht, gebrauch, gebraucht, modus, musik, neu, probleme, schonmal, silvester, taskmanager, taskmanger, troja, trojane, trojaner, ukash-trojaner, versuch, versucht, wirklich, worte |
Linear-Darstellung
