Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Mehrere Trojaner und Sonstiges im Recycler

Mehrere Trojaner und Sonstiges im Recycler


Log-Analyse und Auswertung: Mehrere Trojaner und Sonstiges im Recycler

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.03.2011, 11:49   #7
systemmarionette
 
Mehrere Trojaner und Sonstiges im Recycler - Standard

Mehrere Trojaner und Sonstiges im Recycler


Combofix-Log:

Code:
ATTFilter
ComboFix 11-03-27.02 - *** 28.03.2011  12:33:56.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4094.2769 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-28 bis 2011-03-28  ))))))))))))))))))))))))))))))
.
.
2011-03-28 10:38 . 2011-03-28 10:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-28 09:51 . 2011-03-28 09:53	--------	d-----w-	c:\program files (x86)\Microsoft Works
2011-03-28 09:51 . 2011-03-28 09:51	--------	d-----w-	c:\windows\PCHEALTH
2011-03-28 09:48 . 2011-03-28 09:48	--------	d-----r-	C:\MSOCache
2011-03-28 07:12 . 2011-03-28 07:12	--------	d-----w-	C:\_OTL
2011-03-26 17:00 . 2011-03-26 17:00	--------	d---a-w-	c:\windows\VDLL.DLL
2011-03-26 17:00 . 2011-03-26 17:00	--------	d---a-w-	c:\windows\SysWow64\runouce.exe
2011-03-26 17:00 . 2011-03-26 17:00	--------	d---a-w-	c:\windows\rundll16.exe
2011-03-26 17:00 . 2011-03-26 17:00	--------	d---a-w-	c:\windows\RUNDL132.EXE
2011-03-26 17:00 . 2011-03-26 17:00	--------	d---a-w-	c:\windows\logo1_.exe
2011-03-26 17:00 . 2011-03-26 17:00	--------	d---a-w-	c:\windows\logo_1.exe
2011-03-26 16:41 . 2011-03-26 16:41	632064	----a-w-	c:\windows\SysWow64\msvcr80.dll
2011-03-26 16:41 . 2011-03-26 16:41	554240	----a-w-	c:\windows\SysWow64\msvcp80.dll
2011-03-26 16:41 . 2011-03-26 16:41	34048	----a-w-	c:\windows\SysWow64\eEmpty.exe
2011-03-26 16:41 . 2011-03-26 16:41	--------	d-----w-	c:\program files (x86)\Common Files\MicroWorld
2011-03-26 16:41 . 2011-03-26 16:41	--------	d-----w-	c:\programdata\MicroWorld
2011-03-26 15:52 . 2011-03-26 15:52	--------	d-----w-	c:\program files (x86)\Advanced Port Scanner
2011-03-26 10:11 . 2011-03-26 10:11	--------	d-----w-	c:\programdata\CA
2011-03-26 10:11 . 2011-03-26 10:11	--------	d-----w-	c:\program files (x86)\Common Files\Scanner
2011-03-26 10:11 . 2011-03-26 10:11	--------	d-----w-	c:\program files (x86)\CA
2011-03-26 09:39 . 2011-03-15 05:17	8424784	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{12F06164-8137-4651-A3DB-83E0120962EB}\mpengine.dll
2011-03-25 10:39 . 2011-03-25 10:39	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-03-25 10:39 . 2011-03-25 10:39	--------	d-----w-	c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2011-03-25 10:38 . 2011-03-25 10:38	--------	d-----w-	c:\programdata\!SASCORE
2011-03-25 10:38 . 2011-03-25 10:39	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-03-25 07:30 . 2009-08-19 21:50	24416	----a-r-	c:\windows\system32\AdobePDFUI.dll
2011-03-18 18:22 . 2011-03-18 18:22	--------	d-----w-	c:\program files\Recuva
2011-03-18 18:19 . 2002-02-18 17:40	6200	----a-w-	c:\windows\SysWow64\INT13EXT.VXD
2011-03-18 18:19 . 2011-03-18 18:19	--------	d-----w-	c:\program files (x86)\PC Inspector File Recovery
2011-03-18 18:18 . 2002-12-05 13:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-03-18 18:18 . 2002-12-05 13:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-03-18 18:18 . 2002-12-02 14:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-03-18 18:18 . 2002-12-02 12:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-03-18 18:18 . 2002-12-02 12:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-03-18 18:18 . 2011-03-18 18:18	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-03-18 18:18 . 2011-03-18 18:18	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-03-16 18:48 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-12 11:28 . 2011-03-12 11:28	103864	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-07 13:33 . 2011-03-07 13:33	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-03-05 11:17 . 2011-03-26 14:52	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2011-03-03 09:48 . 2011-03-03 09:48	--------	d-----w-	c:\users\***\AppData\Roaming\Jumping Bytes
2011-03-03 09:47 . 2011-03-03 09:47	--------	d-----w-	c:\program files (x86)\PureSync
2011-03-03 09:47 . 2011-03-03 09:47	--------	d-----w-	c:\program files (x86)\Common Files\Jumping Bytes
2011-02-28 23:07 . 2011-03-01 09:02	--------	d-----w-	c:\users\postgres
2011-02-28 23:05 . 2011-02-28 23:05	--------	d-----w-	c:\program files (x86)\PostgreSQL
2011-02-28 11:54 . 2011-02-28 11:55	--------	d-----w-	c:\users\***\AppData\Roaming\Luxology
2011-02-28 11:52 . 2011-02-28 11:52	--------	d-----w-	c:\users\***\AppData\Roaming\MAXON
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 16:44 . 2011-03-26 16:43	17147138	----a-w-	c:\windows\REGBK00.ZIP
2011-02-02 20:40 . 2010-05-18 05:57	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-02 17:11 . 2009-10-27 09:00	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-10 06:52	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:53 . 2011-02-10 06:52	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:31 . 2011-02-10 06:52	144384	----a-w-	c:\windows\system32\cdd.dll
2011-01-12 10:33 . 2011-01-06 12:27	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-01-07 08:07 . 2011-02-23 07:00	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-23 07:00	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-10 06:52	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-23 07:00	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 07:00	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-10 06:52	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-10 06:52	366080	----a-w-	c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-10 06:52	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2011-01-06 12:27 . 2011-01-06 12:27	53248	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-05 06:20 . 2011-02-10 06:52	612352	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-10 06:52	428032	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-10 06:52	3127808	----a-w-	c:\windows\system32\win32k.sys
2006-05-03 09:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="c:\program files (x86)\U-ABIT\uGuru\uGuru.exe" [2007-11-07 425984]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-30 136176]
"Eraser RiskMonitor"="c:\program files (x86)\East-Tec Eraser 2010\Launch.exe" [2008-11-03 44192]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2011-02-24 825408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2988488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-04-28 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-30 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CaISSDT"="c:\program files (x86)\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2011-03-26 258048]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-27 1038088]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681877900-919319930-2659170955-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-30 09:06]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681877900-919319930-2659170955-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-30 09:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0elrfldo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: lori (Life-of-request info): {6dfc4f52-26f0-4e5f-89c7-31d6de480db9} - %profile%\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - %profile%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files (x86)\Fiddler2\FiddlerHook
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Unlocker - c:\program files (x86)\Unlocker\uninst.exe
AddRemove-yEd Graph Editor - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-681877900-919319930-2659170955-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7DFEAAB-B149-8279-CF20-28AE5333E3FD}*]
"magelclknfagkifnlmopdcahme"=hex:6b,61,6a,6b,65,6c,6d,6d,6e,65,6c,64,62,69,61,
   65,69,68,68,6b,65,6b,00,6b
"namffnidlpbogeainkhgjnjcmhmm"=hex:6b,61,6a,6b,65,6c,6d,6d,6e,65,6c,64,62,69,
   61,65,69,68,68,6b,65,6b,00,6b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-28  12:40:11
ComboFix-quarantined-files.txt  2011-03-28 10:40
.
Vor Suchlauf: 16 Verzeichnis(se), 22.626.017.280 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 22.259.163.136 Bytes frei
.
- - End Of File - - 123806A0B07592E9A86A85B8CE7A9EB4

 

Themen zu Mehrere Trojaner und Sonstiges im Recycler
0x00000001, alternate, analytics, antivir, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, data recovery, downloader, eraser, error, excel, firefox, flash player, google, google analytics, google chrome, hijack, hijackthis, home, hängen, install.exe, langs, location, locker, logfile, mozilla thunderbird, oldtimer, otl.exe, pixel, plug-in, programdata, realtek, recycle, registry, richtlinie, safer networking, saver, scan, sched.exe, searchplugins, security, server, shell32.dll, shortcut, software, sptd.sys, start menu, studio, super, syswow64, total commander, trojaner, user agent, visual studio, webcheck, windows, windows xp, youtube downloader


« Sparkassen-Trojaner hat jetzt auch bei mir zugeschlagen | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( »


Ähnliche Themen: Mehrere Trojaner und Sonstiges im Recycler


  1. recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler
    Log-Analyse und Auswertung - 21.11.2011 (42)
  2. Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner?
    Log-Analyse und Auswertung - 08.04.2011 (34)
  3. Trojaner im Recycler auf externer Festplatte gefunden: TR/Autorun.nt
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (3)
  4. Abstürze und evt. Viren,Trojaner oder Sonstiges, --> Bitte Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 08.04.2010 (7)
  5. Glaube wurde Opfer von Spyware,Trojaner,Malerware oder Sonstiges!
    Log-Analyse und Auswertung - 21.02.2010 (9)
  6. Trojaner oder sonstiges über Messenger (wcoredg.exe)
    Plagegeister aller Art und deren Bekämpfung - 19.02.2010 (3)
  7. Trojaner namens RECYCLER geht nicht weg
    Plagegeister aller Art und deren Bekämpfung - 03.03.2009 (5)
  8. Variante von Win32/Kryptik.HY Trojaner - RECYCLER ?
    Plagegeister aller Art und deren Bekämpfung - 21.02.2009 (29)
  9. trojaner und sonstiges
    Plagegeister aller Art und deren Bekämpfung - 10.12.2008 (2)
  10. Trojaner in im Verzeichnis RECYCLER - 2008
    Log-Analyse und Auswertung - 14.10.2008 (5)
  11. Trojaner im Recycler?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2008 (0)
  12. Trojaner im Recycler
    Plagegeister aller Art und deren Bekämpfung - 05.11.2007 (2)
  13. hab ich Trojaner/adware/spyware oder sonstiges?
    Mülltonne - 16.03.2007 (0)
  14. Wieder Trojaner und Sonstiges Hilfe
    Plagegeister aller Art und deren Bekämpfung - 02.06.2005 (1)
  15. Trojaner im Recycler obwohl nix drin is (dc#.cab)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2005 (16)
  16. Viren, Trojaner und sonstiges...
    Plagegeister aller Art und deren Bekämpfung - 02.02.2005 (6)
  17. Trojaner im Recycler und Logfile
    Log-Analyse und Auswertung - 28.12.2004 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mehrere Trojaner und Sonstiges im Recycler - Combofix-Log: Code: Alles auswählen Aufklappen ATTFilter ComboFix 11-03-27.02 - *** 28.03.2011 12:33:56.1.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2769 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\cofix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: - Mehrere Trojaner und Sonstiges im Recycler...
Archiv
Du betrachtest: Mehrere Trojaner und Sonstiges im Recycler auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131