trojanisches Programm Exploit.Java.Agent.bb etc

Hicke · 02.09.2010, 19:13

und wenn ich das combofix nicht mehr drauf hab? DAnn muss ich es doch erst wieder neu installieren?

Hicke · 02.09.2010, 19:24

Arne da kommt Fehlermeldung combofix hätte viren spyware etc. beim runterladen passiert

cosinus · 02.09.2010, 19:25

Wieso hast Du das nicht mehr drauf? Wer hat Dir gesagt Du sollst es löschen? Die cofi.exe muss noch auf dem Desktop liegen, wenn nicht neu runterladen wieder als cofi.exe

Hicke · 02.09.2010, 20:17

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-01.04 - Asus 02.09.2010  20:53:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.1181 [GMT 2:00]
ausgeführt von:: c:\users\Asus\Michael\Fotos\CoFi.exe
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-02 bis 2010-09-02  ))))))))))))))))))))))))))))))
.

2010-09-02 19:07 . 2010-09-02 19:07	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-02 19:07 . 2010-09-02 19:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-29 06:15 . 2010-08-29 06:15	--------	d-----w-	c:\program files\Windows Portable Devices
2010-08-28 22:17 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-08-28 22:17 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-08-28 22:17 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-08-28 22:14 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-08-28 22:12 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-08-28 22:12 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-08-28 22:12 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-08-28 00:44 . 2010-08-28 00:45	--------	d-----w-	c:\windows\system32\ca-ES
2010-08-28 00:44 . 2010-08-28 00:45	--------	d-----w-	c:\windows\system32\eu-ES
2010-08-28 00:44 . 2010-08-28 00:45	--------	d-----w-	c:\windows\system32\vi-VN
2010-08-27 23:53 . 2010-08-27 23:53	--------	d-----w-	c:\windows\system32\EventProviders
2010-08-27 23:48 . 2010-08-27 23:48	--------	d-----w-	c:\program files\McAfeeMOBK
2010-08-27 23:48 . 2010-04-13 18:10	54776	----a-w-	c:\windows\system32\drivers\MOBK.sys
2010-08-27 23:48 . 2010-08-27 23:48	--------	d-----w-	c:\program files\McAfee Online Backup
2010-08-27 23:46 . 2010-05-31 18:32	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2010-08-27 16:04 . 2010-05-31 18:32	160720	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2010-08-27 16:04 . 2010-05-31 18:32	83496	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2010-08-27 16:04 . 2010-05-31 18:32	51688	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2010-08-27 16:04 . 2010-05-31 18:32	312616	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2010-08-27 16:03 . 2010-05-31 18:32	55456	----a-w-	c:\windows\system32\drivers\cfwids.sys
2010-08-27 16:03 . 2010-05-31 18:32	152320	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2010-08-27 16:02 . 2010-08-27 23:46	--------	d-----w-	c:\program files\Common Files\Mcafee
2010-08-27 16:02 . 2010-08-27 16:02	--------	d-----w-	c:\program files\McAfee.com
2010-08-27 16:02 . 2010-08-28 00:52	--------	d-----w-	c:\program files\McAfee
2010-08-26 21:31 . 2008-05-27 04:59	18904	----a-w-	c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-08-26 20:42 . 2010-08-26 21:03	--------	d-----w-	C:\ComboFix
2010-08-26 20:34 . 2010-09-02 18:45	--------	d-----w-	c:\program files\CCleaner
2010-08-25 20:55 . 2009-04-11 06:28	291328	----a-w-	c:\windows\system32\WscEapPr.dll
2010-08-25 20:54 . 2009-04-11 06:32	223208	----a-w-	c:\windows\system32\drivers\netio.sys
2010-08-25 20:53 . 2009-04-11 06:28	723968	----a-w-	c:\windows\system32\powercpl.dll
2010-08-25 20:52 . 2009-04-11 06:28	83968	----a-w-	c:\windows\system32\wbem\wmiutils.dll
2010-08-25 20:52 . 2009-04-11 06:28	744448	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2010-08-25 20:52 . 2009-04-11 06:28	30208	----a-w-	c:\windows\system32\wbem\wbemprox.dll
2010-08-25 20:52 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\repdrvfs.dll
2010-08-25 20:52 . 2009-04-11 06:28	189440	----a-w-	c:\windows\system32\wbem\mofd.dll
2010-08-25 20:52 . 2009-04-11 06:28	614912	----a-w-	c:\windows\system32\wbem\fastprox.dll
2010-08-25 20:52 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\esscli.dll
2010-08-25 20:52 . 2009-04-11 06:28	705536	----a-w-	c:\windows\system32\SmiEngine.dll
2010-08-25 20:52 . 2009-04-11 06:28	218624	----a-w-	c:\windows\system32\wdscore.dll
2010-08-25 20:52 . 2009-04-11 06:27	130560	----a-w-	c:\windows\system32\PkgMgr.exe
2010-08-25 20:51 . 2009-04-11 06:28	247808	----a-w-	c:\windows\system32\drvstore.dll
2010-08-25 19:56 . 2010-01-29 15:40	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-08-25 19:56 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-25 19:56 . 2010-06-11 16:16	274944	----a-w-	c:\windows\system32\schannel.dll
2010-08-25 19:56 . 2010-04-05 17:01	67072	----a-w-	c:\windows\system32\asycfilt.dll
2010-08-25 19:56 . 2010-01-06 15:39	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-08-25 19:56 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-08-25 19:56 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-25 19:55 . 2010-04-23 14:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-08-25 19:55 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-25 19:54 . 2010-05-26 17:06	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-08-25 19:54 . 2010-05-26 14:47	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-08-25 19:54 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-25 19:54 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-25 19:54 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-25 19:54 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-25 19:54 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-25 19:54 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-25 19:53 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-25 18:52 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-08-25 18:52 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-08-25 18:52 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-08-25 18:52 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-08-25 18:52 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-08-24 20:14 . 2010-08-24 20:14	--------	d-----w-	C:\PerfLogs
2010-08-16 18:08 . 2010-08-16 18:08	--------	d-----w-	c:\program files\Common Files\Skype
2010-08-16 18:08 . 2010-08-16 18:08	--------	d-----r-	c:\program files\Skype
2010-08-12 17:40 . 2010-01-25 08:21	526336	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21	518144	----a-w-	c:\windows\system32\RMActivate.exe
2010-08-12 17:40 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc.dll
2010-08-12 17:40 . 2010-01-25 11:58	332288	----a-w-	c:\windows\system32\msdrm.dll
2010-08-12 17:40 . 2010-01-25 08:21	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-08-12 17:40 . 2010-01-25 12:00	152576	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00	152064	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-08-12 17:38 . 2009-09-10 14:58	310784	----a-w-	c:\windows\system32\unregmp2.exe
2010-08-12 17:38 . 2009-09-10 14:59	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-08-11 20:14 . 2010-08-11 20:14	--------	d-----w-	c:\users\Asus\AppData\Local\WindowsUpdate
2010-08-11 19:24 . 2010-07-26 20:30	705208	----a-w-	c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-11 19:24 . 2010-07-26 20:30	978664	----a-w-	c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-11 18:29 . 2009-08-24 11:36	377344	----a-w-	c:\windows\system32\winhttp.dll
2010-08-11 16:16 . 2010-08-11 16:16	--------	d-----w-	c:\users\Asus\AppData\Roaming\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 16:14 . 2010-08-11 16:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-11 16:14 . 2010-08-11 16:14	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-11 03:58 . 2010-02-12 10:49	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-11 03:56 . 2010-02-20 23:06	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-08-11 03:55 . 2010-02-20 23:05	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-08-11 03:55 . 2010-02-20 20:53	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-08-10 22:30 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll
2010-08-10 22:30 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
2010-08-10 22:30 . 2009-12-08 17:26	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2010-08-10 22:30 . 2008-01-19 05:55	15360	----a-w-	c:\windows\system32\drivers\TUNMP.SYS
2010-08-10 22:30 . 2009-06-10 11:41	2868224	----a-w-	c:\windows\system32\mf.dll
2010-08-10 22:30 . 2009-04-11 06:28	98816	----a-w-	c:\windows\system32\mfps.dll
2010-08-10 22:30 . 2009-04-11 06:27	53248	----a-w-	c:\windows\system32\rrinstaller.exe
2010-08-10 22:30 . 2009-04-11 06:27	24576	----a-w-	c:\windows\system32\mfpmp.exe
2010-08-10 22:30 . 2009-04-11 04:54	2048	----a-w-	c:\windows\system32\mferror.dll
2010-08-10 22:29 . 2009-08-14 13:48	105984	----a-w-	c:\windows\system32\netiohlp.dll
2010-08-10 22:29 . 2009-08-14 15:53	17920	----a-w-	c:\windows\system32\netevent.dll
2010-08-10 22:29 . 2009-08-14 13:49	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2010-08-10 22:29 . 2009-08-14 13:49	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2010-08-10 22:29 . 2009-08-14 13:49	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2010-08-10 22:29 . 2009-08-14 13:49	19968	----a-w-	c:\windows\system32\ARP.EXE
2010-08-10 22:29 . 2009-08-14 13:49	10240	----a-w-	c:\windows\system32\finger.exe
2010-08-10 22:29 . 2009-08-14 13:49	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2010-08-10 22:29 . 2009-08-14 13:49	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2010-08-10 22:25 . 2009-09-10 16:48	218624	----a-w-	c:\windows\system32\msv1_0.dll
2010-08-10 22:21 . 2009-07-17 13:54	71680	----a-w-	c:\windows\system32\atl.dll
2010-08-10 22:20 . 2009-07-15 12:39	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2010-08-10 22:20 . 2009-07-15 12:39	4096	----a-w-	c:\windows\system32\dxmasf.dll
2010-08-10 22:20 . 2009-07-15 12:39	7680	----a-w-	c:\windows\system32\spwmp.dll
2010-08-10 22:20 . 2009-06-15 14:52	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2010-08-10 22:20 . 2009-06-15 14:52	499712	----a-w-	c:\windows\system32\kerberos.dll
2010-08-10 22:20 . 2009-06-15 23:15	439864	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2010-08-10 22:20 . 2009-06-15 14:54	175104	----a-w-	c:\windows\system32\wdigest.dll
2010-08-10 22:20 . 2009-06-15 14:53	72704	----a-w-	c:\windows\system32\secur32.dll
2010-08-10 22:20 . 2009-06-15 12:48	9728	----a-w-	c:\windows\system32\lsass.exe
2010-08-10 22:18 . 2009-04-23 12:15	784896	----a-w-	c:\windows\system32\rpcrt4.dll
2010-08-10 22:18 . 2009-12-11 11:43	98816	----a-w-	c:\windows\system32\drivers\srvnet.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 18:38 . 2009-03-22 17:31	--------	d-----w-	c:\programdata\TuneUp Software
2010-09-02 17:51 . 2009-03-26 16:02	--------	d-----w-	c:\programdata\Google Updater
2010-09-02 17:51 . 2009-03-22 18:22	--------	d-----w-	c:\users\Asus\AppData\Roaming\skypePM
2010-09-02 17:50 . 2009-05-30 10:56	--------	d-----w-	c:\users\Asus\AppData\Roaming\Skype
2010-09-01 06:03 . 2007-04-18 08:33	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-30 18:59 . 2007-04-18 09:14	628448	----a-w-	c:\windows\system32\perfh007.dat
2010-08-30 18:59 . 2007-04-18 09:14	127056	----a-w-	c:\windows\system32\perfc007.dat
2010-08-30 18:07 . 2010-06-21 07:55	56168	----a-w-	c:\users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 06:19 . 2009-03-12 14:49	45056	----a-w-	c:\windows\system32\acovcnt.exe
2010-08-29 06:15 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-08-29 06:10 . 2010-08-29 06:10	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-29 06:08 . 2010-08-29 06:08	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-08-28 00:45 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-08-28 00:42 . 2010-08-28 00:42	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-28 00:41 . 2010-08-28 00:41	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-26 20:54 . 2009-03-25 13:11	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-26 20:36 . 2009-03-12 14:45	--------	d-----w-	c:\users\Asus\AppData\Roaming\Media Player Classic
2010-08-26 12:40 . 2010-08-28 21:49	30016	----a-w-	c:\windows\system32\uxt5C33.tmp
2010-08-24 22:23 . 2009-08-27 04:12	--------	d-----w-	c:\users\Asus\AppData\Roaming\Byypz
2010-08-24 22:16 . 2010-02-04 01:27	--------	d-----w-	c:\users\Asus\AppData\Roaming\Heicbe
2010-08-24 19:39 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2010-08-24 19:39 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2010-08-16 18:08 . 2009-03-19 14:44	--------	d-----w-	c:\programdata\Skype
2010-08-11 16:01 . 2010-06-19 13:00	90	----a-w-	c:\users\Asus\AppData\Local\atvicwjc.bat
2010-08-10 10:14 . 2010-01-04 15:48	--------	d-----w-	c:\users\Asus\AppData\Roaming\Foela
2010-08-10 10:14 . 2009-07-31 22:09	--------	d-----w-	c:\program files\Live-Player
2010-08-10 09:57 . 2009-05-02 06:25	--------	d-----w-	c:\users\Asus\AppData\Roaming\Sysat
2010-08-10 09:29 . 2009-03-26 18:30	--------	d-----w-	c:\program files\PDFCreator
2010-07-22 18:05 . 2009-10-13 18:28	--------	d-----w-	c:\program files\Ask.com
2010-07-16 10:28 . 2009-01-13 21:37	--------	d-----w-	c:\program files\Common Files\Adobe
2010-07-14 18:37 . 2010-07-14 18:34	--------	d-----w-	c:\users\Asus\AppData\Roaming\QuickScan
2010-07-13 15:54 . 2010-07-13 15:54	2944904	----a-w-	c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-06 13:53 . 2010-07-06 13:53	5080112	----a-w-	c:\programdata\T-Online\T-Online_Software_6\Basis-Software\update\filedistribution\netzmanager_setup.exe
2010-06-26 06:05 . 2010-08-25 20:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-25 20:00	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-25 20:00	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-25 20:00	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-23 18:40 . 2010-06-23 18:40	501936	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb430B.tmp.exe
2010-05-31 18:32 . 2010-08-27 23:46	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23	1385864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-01-16 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"tfguxxawqkggqamzerpsTaskMgr"= 0 (0x0)
"xmihsndpubondhlclybtTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,1b,55,bf,4b,46,cb,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4186507801-287623148-3281869339-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9ae2c6a87a6aa;Google Update Service (gupdate1c9ae2c6a87a6aa);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-02-24 19944]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2006-12-21 1132544]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01
*Deregistered* - TuneUpUtilitiesDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 17:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-02 21:07
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\users\Asus\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2952)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Zeit der Fertigstellung: 2010-09-02  21:14:49
ComboFix-quarantined-files.txt  2010-09-02 19:14
ComboFix2.txt  2010-08-26 21:03

Vor Suchlauf: 9.939.877.888 Bytes frei
Nach Suchlauf: 9.704.833.024 Bytes frei

- - End Of File - - EB2E0AF9C96BA47608AEAED789D6BF18

--- --- ---

Hicke · 02.09.2010, 20:18

Arne so hab den Vorgang nun noch einmal geschaffen, wie geht es nun weiter?

cosinus · 02.09.2010, 20:23

Hast Du CF einfach per Doppelklick ausgeführt? Du solltest das mit dem Script machen!

Hicke · 02.09.2010, 20:28

ich habe jetzt den Vorgang so hergestellt, wie der Rechner damals zurückgegeben wurde und habe combofix noch einmal neu drüber laufen lassen und wollte nun fragen ob ich jetzt das combofix scripten kann oder du vorher noch mal auf die log txt schauen musst.

cosinus · 02.09.2010, 20:30

Du solltest mit CF scripten, hab ich doch auch geschrieben

Hicke · 02.09.2010, 20:59

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-01.04 - Asus 02.09.2010  21:38:22.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.825 [GMT 2:00]
ausgeführt von:: c:\users\Asus\Desktop\CoFi.exe
Benutzte Befehlsschalter :: c:\users\Asus\Desktop\CFScript.txt
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Asus\AppData\Local\atvicwjc.bat"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Asus\AppData\Local\atvicwjc.bat
c:\users\Asus\AppData\Roaming\Byypz
c:\users\Asus\AppData\Roaming\Byypz\elwue.qyw
c:\users\Asus\AppData\Roaming\Foela
c:\users\Asus\AppData\Roaming\Heicbe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-02 bis 2010-09-02  ))))))))))))))))))))))))))))))
.

2010-09-02 19:50 . 2010-09-02 19:50	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-02 19:50 . 2010-09-02 19:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-02 18:51 . 2010-09-02 19:14	--------	d-----w-	C:\CoFi
2010-08-29 06:15 . 2010-08-29 06:15	--------	d-----w-	c:\program files\Windows Portable Devices
2010-08-28 22:17 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-08-28 22:17 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-08-28 22:17 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-08-28 22:14 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-08-28 22:12 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-08-28 22:12 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-08-28 22:12 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-08-28 00:44 . 2010-08-28 00:45	--------	d-----w-	c:\windows\system32\ca-ES
2010-08-28 00:44 . 2010-08-28 00:45	--------	d-----w-	c:\windows\system32\eu-ES
2010-08-28 00:44 . 2010-08-28 00:45	--------	d-----w-	c:\windows\system32\vi-VN
2010-08-27 23:53 . 2010-08-27 23:53	--------	d-----w-	c:\windows\system32\EventProviders
2010-08-27 23:48 . 2010-08-27 23:48	--------	d-----w-	c:\program files\McAfeeMOBK
2010-08-27 23:48 . 2010-04-13 18:10	54776	----a-w-	c:\windows\system32\drivers\MOBK.sys
2010-08-27 23:48 . 2010-08-27 23:48	--------	d-----w-	c:\program files\McAfee Online Backup
2010-08-27 23:46 . 2010-05-31 18:32	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2010-08-27 16:04 . 2010-05-31 18:32	160720	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2010-08-27 16:04 . 2010-05-31 18:32	83496	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2010-08-27 16:04 . 2010-05-31 18:32	51688	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2010-08-27 16:04 . 2010-05-31 18:32	312616	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2010-08-27 16:03 . 2010-05-31 18:32	55456	----a-w-	c:\windows\system32\drivers\cfwids.sys
2010-08-27 16:03 . 2010-05-31 18:32	152320	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2010-08-27 16:02 . 2010-08-27 23:46	--------	d-----w-	c:\program files\Common Files\Mcafee
2010-08-27 16:02 . 2010-08-27 16:02	--------	d-----w-	c:\program files\McAfee.com
2010-08-27 16:02 . 2010-08-28 00:52	--------	d-----w-	c:\program files\McAfee
2010-08-26 21:31 . 2008-05-27 04:59	18904	----a-w-	c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-08-26 20:42 . 2010-08-26 21:03	--------	d-----w-	C:\ComboFix
2010-08-26 20:34 . 2010-09-02 18:45	--------	d-----w-	c:\program files\CCleaner
2010-08-25 20:55 . 2009-04-11 06:28	291328	----a-w-	c:\windows\system32\WscEapPr.dll
2010-08-25 20:54 . 2009-04-11 06:32	223208	----a-w-	c:\windows\system32\drivers\netio.sys
2010-08-25 20:53 . 2009-04-11 06:28	723968	----a-w-	c:\windows\system32\powercpl.dll
2010-08-25 20:52 . 2009-04-11 06:28	83968	----a-w-	c:\windows\system32\wbem\wmiutils.dll
2010-08-25 20:52 . 2009-04-11 06:28	744448	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2010-08-25 20:52 . 2009-04-11 06:28	30208	----a-w-	c:\windows\system32\wbem\wbemprox.dll
2010-08-25 20:52 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\repdrvfs.dll
2010-08-25 20:52 . 2009-04-11 06:28	189440	----a-w-	c:\windows\system32\wbem\mofd.dll
2010-08-25 20:52 . 2009-04-11 06:28	614912	----a-w-	c:\windows\system32\wbem\fastprox.dll
2010-08-25 20:52 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\esscli.dll
2010-08-25 20:52 . 2009-04-11 06:28	705536	----a-w-	c:\windows\system32\SmiEngine.dll
2010-08-25 20:52 . 2009-04-11 06:28	218624	----a-w-	c:\windows\system32\wdscore.dll
2010-08-25 20:52 . 2009-04-11 06:27	130560	----a-w-	c:\windows\system32\PkgMgr.exe
2010-08-25 20:51 . 2009-04-11 06:28	247808	----a-w-	c:\windows\system32\drvstore.dll
2010-08-25 19:56 . 2010-01-29 15:40	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-08-25 19:56 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-25 19:56 . 2010-06-11 16:16	274944	----a-w-	c:\windows\system32\schannel.dll
2010-08-25 19:56 . 2010-04-05 17:01	67072	----a-w-	c:\windows\system32\asycfilt.dll
2010-08-25 19:56 . 2010-01-06 15:39	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-08-25 19:56 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-08-25 19:56 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-25 19:55 . 2010-04-23 14:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-08-25 19:55 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-25 19:54 . 2010-05-26 17:06	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-08-25 19:54 . 2010-05-26 14:47	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-08-25 19:54 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-25 19:54 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-25 19:54 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-25 19:54 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-25 19:54 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-25 19:54 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-25 19:53 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-25 18:52 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-08-25 18:52 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-08-25 18:52 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-08-25 18:52 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-08-25 18:52 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-08-24 20:14 . 2010-08-24 20:14	--------	d-----w-	C:\PerfLogs
2010-08-16 18:08 . 2010-08-16 18:08	--------	d-----w-	c:\program files\Common Files\Skype
2010-08-16 18:08 . 2010-08-16 18:08	--------	d-----r-	c:\program files\Skype
2010-08-12 17:40 . 2010-01-25 08:21	526336	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21	518144	----a-w-	c:\windows\system32\RMActivate.exe
2010-08-12 17:40 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc.dll
2010-08-12 17:40 . 2010-01-25 11:58	332288	----a-w-	c:\windows\system32\msdrm.dll
2010-08-12 17:40 . 2010-01-25 08:21	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-08-12 17:40 . 2010-01-25 12:00	152576	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00	152064	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-08-12 17:38 . 2009-09-10 14:58	310784	----a-w-	c:\windows\system32\unregmp2.exe
2010-08-12 17:38 . 2009-09-10 14:59	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-08-11 20:14 . 2010-08-11 20:14	--------	d-----w-	c:\users\Asus\AppData\Local\WindowsUpdate
2010-08-11 19:24 . 2010-07-26 20:30	705208	----a-w-	c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-11 19:24 . 2010-07-26 20:30	978664	----a-w-	c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-11 18:29 . 2009-08-24 11:36	377344	----a-w-	c:\windows\system32\winhttp.dll
2010-08-11 16:16 . 2010-08-11 16:16	--------	d-----w-	c:\users\Asus\AppData\Roaming\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 16:14 . 2010-08-11 16:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-11 16:14 . 2010-08-11 16:14	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-11 03:58 . 2010-02-12 10:49	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-11 03:56 . 2010-02-20 23:06	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-08-11 03:55 . 2010-02-20 23:05	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-08-11 03:55 . 2010-02-20 20:53	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-08-10 22:30 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll
2010-08-10 22:30 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
2010-08-10 22:30 . 2009-12-08 17:26	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2010-08-10 22:30 . 2008-01-19 05:55	15360	----a-w-	c:\windows\system32\drivers\TUNMP.SYS
2010-08-10 22:30 . 2009-06-10 11:41	2868224	----a-w-	c:\windows\system32\mf.dll
2010-08-10 22:30 . 2009-04-11 06:28	98816	----a-w-	c:\windows\system32\mfps.dll
2010-08-10 22:30 . 2009-04-11 06:27	53248	----a-w-	c:\windows\system32\rrinstaller.exe
2010-08-10 22:30 . 2009-04-11 06:27	24576	----a-w-	c:\windows\system32\mfpmp.exe
2010-08-10 22:30 . 2009-04-11 04:54	2048	----a-w-	c:\windows\system32\mferror.dll
2010-08-10 22:29 . 2009-08-14 13:48	105984	----a-w-	c:\windows\system32\netiohlp.dll
2010-08-10 22:29 . 2009-08-14 15:53	17920	----a-w-	c:\windows\system32\netevent.dll
2010-08-10 22:29 . 2009-08-14 13:49	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2010-08-10 22:29 . 2009-08-14 13:49	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2010-08-10 22:29 . 2009-08-14 13:49	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2010-08-10 22:29 . 2009-08-14 13:49	19968	----a-w-	c:\windows\system32\ARP.EXE
2010-08-10 22:29 . 2009-08-14 13:49	10240	----a-w-	c:\windows\system32\finger.exe
2010-08-10 22:29 . 2009-08-14 13:49	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2010-08-10 22:29 . 2009-08-14 13:49	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2010-08-10 22:25 . 2009-09-10 16:48	218624	----a-w-	c:\windows\system32\msv1_0.dll
2010-08-10 22:21 . 2009-07-17 13:54	71680	----a-w-	c:\windows\system32\atl.dll
2010-08-10 22:20 . 2009-07-15 12:39	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2010-08-10 22:20 . 2009-07-15 12:39	4096	----a-w-	c:\windows\system32\dxmasf.dll
2010-08-10 22:20 . 2009-07-15 12:39	7680	----a-w-	c:\windows\system32\spwmp.dll
2010-08-10 22:20 . 2009-06-15 14:52	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2010-08-10 22:20 . 2009-06-15 14:52	499712	----a-w-	c:\windows\system32\kerberos.dll
2010-08-10 22:20 . 2009-06-15 23:15	439864	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2010-08-10 22:20 . 2009-06-15 14:54	175104	----a-w-	c:\windows\system32\wdigest.dll
2010-08-10 22:20 . 2009-06-15 14:53	72704	----a-w-	c:\windows\system32\secur32.dll
2010-08-10 22:20 . 2009-06-15 12:48	9728	----a-w-	c:\windows\system32\lsass.exe
2010-08-10 22:18 . 2009-04-23 12:15	784896	----a-w-	c:\windows\system32\rpcrt4.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 18:38 . 2009-03-22 17:31	--------	d-----w-	c:\programdata\TuneUp Software
2010-09-02 17:51 . 2009-03-26 16:02	--------	d-----w-	c:\programdata\Google Updater
2010-09-02 17:51 . 2009-03-22 18:22	--------	d-----w-	c:\users\Asus\AppData\Roaming\skypePM
2010-09-02 17:50 . 2009-05-30 10:56	--------	d-----w-	c:\users\Asus\AppData\Roaming\Skype
2010-09-01 06:03 . 2007-04-18 08:33	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-30 18:59 . 2007-04-18 09:14	628448	----a-w-	c:\windows\system32\perfh007.dat
2010-08-30 18:59 . 2007-04-18 09:14	127056	----a-w-	c:\windows\system32\perfc007.dat
2010-08-30 18:07 . 2010-06-21 07:55	56168	----a-w-	c:\users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 06:19 . 2009-03-12 14:49	45056	----a-w-	c:\windows\system32\acovcnt.exe
2010-08-29 06:15 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-08-29 06:10 . 2010-08-29 06:10	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-29 06:08 . 2010-08-29 06:08	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-08-28 00:45 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-08-28 00:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-08-28 00:42 . 2010-08-28 00:42	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-28 00:41 . 2010-08-28 00:41	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-26 20:54 . 2009-03-25 13:11	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-26 20:36 . 2009-03-12 14:45	--------	d-----w-	c:\users\Asus\AppData\Roaming\Media Player Classic
2010-08-26 12:40 . 2010-08-28 21:49	30016	----a-w-	c:\windows\system32\uxt5C33.tmp
2010-08-24 19:39 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2010-08-24 19:39 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2010-08-16 18:08 . 2009-03-19 14:44	--------	d-----w-	c:\programdata\Skype
2010-08-10 10:14 . 2009-07-31 22:09	--------	d-----w-	c:\program files\Live-Player
2010-08-10 09:57 . 2009-05-02 06:25	--------	d-----w-	c:\users\Asus\AppData\Roaming\Sysat
2010-08-10 09:29 . 2009-03-26 18:30	--------	d-----w-	c:\program files\PDFCreator
2010-07-22 18:05 . 2009-10-13 18:28	--------	d-----w-	c:\program files\Ask.com
2010-07-16 10:28 . 2009-01-13 21:37	--------	d-----w-	c:\program files\Common Files\Adobe
2010-07-14 18:37 . 2010-07-14 18:34	--------	d-----w-	c:\users\Asus\AppData\Roaming\QuickScan
2010-07-13 15:54 . 2010-07-13 15:54	2944904	----a-w-	c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-06 13:53 . 2010-07-06 13:53	5080112	----a-w-	c:\programdata\T-Online\T-Online_Software_6\Basis-Software\update\filedistribution\netzmanager_setup.exe
2010-06-26 06:05 . 2010-08-25 20:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-25 20:00	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-25 20:00	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-25 20:00	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-23 18:40 . 2010-06-23 18:40	501936	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb430B.tmp.exe
2010-05-31 18:32 . 2010-08-27 23:46	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\acovcnt.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 45056
Created time: 2009-03-12 14:49
Modified time: 2010-08-29 06:19
MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
SHA1: 6D5A81E3CF59832D73F28D6E87F51D073C3E4095

---- Directory of c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} ----

2010-08-10 20:34 . 2010-08-28 21:47	17186816	----a-w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23	1385864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-01-16 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,1b,55,bf,4b,46,cb,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4186507801-287623148-3281869339-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9ae2c6a87a6aa;Google Update Service (gupdate1c9ae2c6a87a6aa);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-02-24 19944]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2006-12-21 1132544]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01
*Deregistered* - TuneUpUtilitiesDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 17:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-abvpkwql - c:\users\asus\appdata\local\atvicwjc.bat



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-02 21:50
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-02  21:57:14
ComboFix-quarantined-files.txt  2010-09-02 19:57
ComboFix2.txt  2010-09-02 19:14
ComboFix3.txt  2010-08-26 21:03

Vor Suchlauf: 9.723.215.872 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 11.805.085.696 Bytes frei

- - End Of File - - 4334BD3083F2B2507AE0EDFA78E9CCFE

--- --- ---

Hicke · 02.09.2010, 21:01

so wurde gescriptet

Hicke · 02.09.2010, 21:05

wie gehts weiter?

cosinus · 03.09.2010, 10:06

Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Hicke · 04.09.2010, 11:57

GMER hat eine Warnung herausgegeben, jedoch keine LogDatei. Könnte höchstens den gesamten bis dahin erfolgten Scan prozess posten. Gibt also keine Log DAtei. Das andere Programm lässt sich auch nicht ohne Komplikationen zu Ende bringen, probiere es nun erneut...

Hicke · 04.09.2010, 12:09

hi Arne,
also osam funktioniert irgendwie auch nicht. lädt die datenbank und dann geht das programm weg. warum?
mist

Hicke · 04.09.2010, 12:15

der will das ich irgendeine DAtei schließe weil osam nicht komprimiert werden kann. versteh das derzeit nicht wirklihc.

02.09.2010, 19:25	#33
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	trojanisches Programm Exploit.Java.Agent.bb etc Wieso hast Du das nicht mehr drauf? Wer hat Dir gesagt Du sollst es löschen? Die cofi.exe muss noch auf dem Desktop liegen, wenn nicht neu runterladen wieder als cofi.exe __________________ __________________

02.09.2010, 20:23	#36
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	trojanisches Programm Exploit.Java.Agent.bb etc Hast Du CF einfach per Doppelklick ausgeführt? Du solltest das mit dem Script machen! __________________ --> trojanisches Programm Exploit.Java.Agent.bb etc

02.09.2010, 20:30	#38
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	trojanisches Programm Exploit.Java.Agent.bb etc Du solltest mit CF scripten, hab ich doch auch geschrieben __________________ Logfiles bitte immer in CODE-Tags posten

trojanisches Programm Exploit.Java.Agent.bb etc

Log-Analyse und Auswertung: trojanisches Programm Exploit.Java.Agent.bb etc