Trojaner-Board - Habe mir ebenfalls TR/Kazy.mekml.1 eingefangen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Habe mir ebenfalls TR/Kazy.mekml.1 eingefangen (https://www.trojaner-board.de/98231-habe-mir-ebenfalls-tr-kazy-mekml-1-eingefangen.html)

Hallo Arne

Die Daten sind wider da (-:

Hoffe nun funktioniert alles wider so wie es sollte.

Ich danke Dir tausend mallllll !!!!!!!!!!

Grusss und merrrrrccccccciiiiii¨
Boris

Wir sind aber noch nicht fertig. Bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo Arne

Nochmals ich. habe soeben festgestellt, dass wen ich auf start--> alle programme klicke, noch immer nichts angezeigt wird.
Weist Du warum dies so ist?

Danke und gruss

Führ erst bitte CF aus

Hallo
Hat etwas gedauert. nun ist habe ich das protokoll von CF;
ComboFix 11-05-16.03 - bga 17.05.2011 15:00:02.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.41.1031.18.1789.1102 [GMT 2:00]
ausgeführt von:: c:\users\bga\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-17 bis 2011-05-17 ))))))))))))))))))))))))))))))
.
.
2011-05-17 13:07 . 2011-05-17 14:15 -------- d-----w- c:\users\bga\AppData\Local\temp
2011-05-17 12:28 . 2011-05-17 12:28 -------- d-----w- c:\users\bga\AppData\Local\WinZip
2011-05-17 10:51 . 2011-05-17 10:51 -------- d-----w- C:\_OTL
2011-04-30 05:52 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-30 05:51 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-30 05:48 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B81CD58-DE26-452E-A8CE-B7F63E911E64}\mpengine.dll
2011-04-26 19:10 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 19:10 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 18:51 . 2011-04-26 18:51 -------- d--h--w- c:\users\bga\AppData\Roaming\Malwarebytes
2011-04-26 18:51 . 2011-05-17 12:10 -------- d--h--w- c:\programdata\Malwarebytes
2011-04-26 18:51 . 2011-05-17 12:14 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 06:05 . 2010-03-22 15:29 137656 ---ha-w- c:\windows\system32\drivers\avipbb.sys
2011-03-11 05:40 . 2011-04-16 09:13 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-16 09:13 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-16 09:14 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-16 09:17 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-16 09:17 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-16 09:15 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-16 09:14 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-16 09:16 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30 . 2011-04-16 09:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23 . 2011-04-16 09:16 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50 . 2011-04-16 09:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-23 05:06 . 2011-04-16 09:18 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-16 09:18 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-16 09:18 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-16 09:13 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-16 09:13 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-16 09:13 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-16 09:13 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 05:33 . 2011-03-10 14:04 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-10 14:04 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-10 14:04 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-04-16 09:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-16 09:16 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:36 . 2011-04-16 09:17 428032 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe" [2010-01-29 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-07-06 1721640]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-05 458844]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-17 281768]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]

Gruss Boris

PS: sieht alles viel besser aus!
Start--> kommen alle programme wider... (-:

Log ist aber unvollständig.

was heist dies?
habe alles rauskopîert...?

Sorry: Habe den fehler bemerkt. Hier nochmals das Log

Combofix Logfile:

Code:

ComboFix 11-05-16.03 - bga 17.05.2011  15:00:02.1.1 - x86

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.41.1031.18.1789.1102 [GMT 2:00]

ausgeführt von:: c:\users\bga\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\UNWISE.EXE

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-17 bis 2011-05-17  ))))))))))))))))))))))))))))))

.

.

2011-05-17 13:07 . 2011-05-17 14:15        --------        d-----w-        c:\users\bga\AppData\Local\temp

2011-05-17 12:28 . 2011-05-17 12:28        --------        d-----w-        c:\users\bga\AppData\Local\WinZip

2011-05-17 10:51 . 2011-05-17 10:51        --------        d-----w-        C:\_OTL

2011-04-30 05:52 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-30 05:51 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\explorer.exe

2011-04-30 05:48 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B81CD58-DE26-452E-A8CE-B7F63E911E64}\mpengine.dll

2011-04-26 19:10 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-26 19:10 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-26 18:51 . 2011-04-26 18:51        --------        d--h--w-        c:\users\bga\AppData\Roaming\Malwarebytes

2011-04-26 18:51 . 2011-05-17 12:10        --------        d--h--w-        c:\programdata\Malwarebytes

2011-04-26 18:51 . 2011-05-17 12:14        --------        d--h--w-        c:\program files\Malwarebytes' Anti-Malware

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-22 06:05 . 2010-03-22 15:29        137656        ---ha-w-        c:\windows\system32\drivers\avipbb.sys

2011-03-11 05:40 . 2011-04-16 09:13        1137664        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-16 09:13        1164288        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-08 05:38 . 2011-04-16 09:14        740864        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-03 05:29 . 2011-04-16 09:17        132608        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27 . 2011-04-16 09:17        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31 . 2011-04-16 09:15        2331136        ----a-w-        c:\windows\system32\win32k.sys

2011-02-24 05:32 . 2011-04-16 09:14        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-16 09:16        981504        ----a-w-        c:\windows\system32\wininet.dll

2011-02-24 05:30 . 2011-04-16 09:16        44544        ----a-w-        c:\windows\system32\licmgr10.dll

2011-02-24 04:23 . 2011-04-16 09:16        386048        ----a-w-        c:\windows\system32\html.iec

2011-02-24 03:50 . 2011-04-16 09:16        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-02-23 05:06 . 2011-04-16 09:18        311296        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-02-23 05:05 . 2011-04-16 09:18        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-02-23 05:05 . 2011-04-16 09:18        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:05 . 2011-04-16 09:13        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:05 . 2011-04-16 09:13        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:05 . 2011-04-16 09:13        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:05 . 2011-04-16 09:13        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys

2011-02-19 05:33 . 2011-03-10 14:04        802304        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-19 05:32 . 2011-03-10 14:04        1074176        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-19 05:32 . 2011-03-10 14:04        739840        ----a-w-        c:\windows\system32\d2d1.dll

2011-02-19 05:32 . 2011-04-16 09:16        34304        ----a-w-        c:\windows\system32\atmlib.dll

2011-02-19 03:37 . 2011-04-16 09:16        294912        ----a-w-        c:\windows\system32\atmfd.dll

2011-02-18 05:36 . 2011-04-16 09:17        428032        ----a-w-        c:\windows\system32\vbscript.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe" [2010-01-29 67128]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-13 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-07-06 1721640]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-05 458844]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-17 281768]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 136176]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 136176]

R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]

S0 SafeBoot;SafeBoot; [x]

S0 SbAlg;SbAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S1 RsvLock;RsvLock; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 176128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]

S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance        REG_MULTI_SZ           ASBroker

Bioscrypt        REG_MULTI_SZ           ASChannel

GPSvcGroup        REG_MULTI_SZ           GPSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11        451872        ---ha-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc10af481fed05.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 06:05]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc10af49236303.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 06:05]

.

2011-04-26 c:\windows\Tasks\HPCeeScheduleForbga.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.ch/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=92&bd=all&pf=cmnb

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-HASP HL Device Driver - c:\windows\System32\UNWISE.EXE

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1020)

c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\STacSV.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe

c:\windows\system32\conhost.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Hewlett-Packard\Shared\hpqToaster.exe

c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-05-17  16:21:09 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-05-17 14:21

.

Vor Suchlauf: 2 Verzeichnis(se), 200'741'158'912 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 195'811'987'456 Bytes frei

.

- - End Of File - - 9C1DFBBA71CB9C6338C9CFE8BB74928F

--- --- ---

Hallo

Ich möchte hier ein spezielles Dankeschön an alle helfer von Trojanerboard aussprechen!!!
Ich finde dies, was Ihr hier leistet nicht selbstverständlich.
Für einen Computerdeppen wie mich hätte es in einer Situation wie ich hatte nur noch eine möglichkeit gegeben!! Computer wegwerfen und einen neuen Kaufen. Dank der Hilfe von Arne konnte das Problem auf meinem Computer jedoch gelöst werden. Ich bin Überglückich!!!!!!!!!!! :taenzer:

Vielen vielen Dank für euren Einsatz und die Tolle unterstützung.....:heilig:

Gruss aus der Schweiz
Boris

Es geht aber noch weiter:

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hy
Wen ich versuche den OSAM Log hochzuladen kommt immer; ungültige Datei...?
Was kann ich machen?

GMER Logfile:

Code:

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-19 11:39:38

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725025A9A364 rev.PC2OC70E

Running: 0e9dd4x4.exe; Driver: C:\Users\bga\AppData\Local\Temp\uwldqpow.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text                                                                                                                                 ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                  82E53589 1 Byte  [06]

.text                                                                                                                                 ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82E78092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

?                                                                                                                                     C:\windows\System32\Drivers\SafeBoot.sys                                                         Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

.text                                                                                                                                 C:\windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x8FA1C000, 0x2D5526, 0xE8000020]

.text                                                                                                                                 C:\windows\system32\drivers\hardlock.sys                                                         section is writeable [0xAA211400, 0x87EE2, 0xE8000020]

.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAA2B5620]  C:\windows\system32\drivers\hardlock.sys                                                         entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAA2B5620]

.protectÿÿÿÿhardlockunknown last code section [0xAA2B5400, 0x5126, 0xE0000020]                                                        C:\windows\system32\drivers\hardlock.sys                                                         unknown last code section [0xAA2B5400, 0x5126, 0xE0000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice                                                                                                                        \Driver\tdx \Device\Tcp                                                                          mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device                                                                                                                                \Driver\ACPI_HAL \Device\00000074                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice                                                                                                                        \Driver\tdx \Device\Udp                                                                          mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027135da290                      

Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027135da290 (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Öffne die OSAM.log mit dem Editor. Kopiere alles und füg das hier in deinem nächsten beitrag ein.