Trojaner-Board - Ihr Windowssystem blockiert

Das kam vom Combofix raus:

Danke im Vorraus

LG

Combofix Logfile:
Code:
ComboFix 12-02-29.01 - dellpc 29.02.2012  18:05:17.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.1170 [GMT 1:00]

ausgeführt von:: c:\users\dellpc\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.
  ADS - Windows: deleted 24 bytes in 1 streams. 

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Registration

c:\program files\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{190880A8-4A2A-40A2-B043-8741A08838E3}.crmlog

c:\program files\Registration\R000000000001.clb

c:\programdata\NOTEPAD.EXE-x.txt

c:\programdata\RUNDLL32.EXE-x.txt

c:\users\dellpc\AppData\Local\fmdldr.dat

c:\users\dellpc\AppData\Local\fmdldr_navps.dat

c:\users\dellpc\AppData\Roaming\Sagauf

c:\users\dellpc\AppData\Roaming\Sagauf\qiur.tmp

c:\users\dellpc\AppData\Roaming\Sagauf\qiur.yfy

c:\windows\bwUnin-6.1.4.36-8876480L.exe

c:\windows\bwUnin-8.1.1.87-8876480SL.exe

c:\windows\IsUn0407.exe

c:\windows\IsUn0410.exe

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\struct~.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-28 bis 2012-02-29  ))))))))))))))))))))))))))))))

.

.

2012-02-29 17:13 . 2012-02-29 17:14        --------        d-----w-        c:\users\dellpc\AppData\Local\temp

2012-02-29 17:13 . 2012-02-29 17:13        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-29 14:17 . 2012-02-29 16:39        --------        d-----w-        C:\_OTL

2012-02-29 13:16 . 2012-02-29 13:39        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-29 10:52 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{24092F12-E314-40C6-B59A-B3FF812430CF}\mpengine.dll

2012-02-29 08:57 . 2012-02-29 16:41        --------        d-----w-        c:\programdata\Spyware Terminator

2012-02-29 08:57 . 2012-02-29 08:57        --------        d-----w-        c:\users\dellpc\AppData\Roaming\Spyware Terminator

2012-02-29 08:57 . 2012-02-29 08:57        --------        d-----w-        c:\program files\Spyware Terminator

2012-02-28 10:35 . 2012-02-28 10:35        --------        d-----w-        c:\users\dellpc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-02-28 09:07 . 2012-02-28 09:07        --------        d-----w-        c:\users\dellpc\AppData\Roaming\PDAppFlex

2012-02-28 08:27 . 2012-02-28 08:27        --------        d-----w-        c:\users\dellpc\AppData\Roaming\com.adobe.dmp.contentviewer

2012-02-28 08:17 . 2012-02-28 22:22        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe

2012-02-28 08:15 . 2012-02-28 08:15        --------        d-----w-        c:\programdata\ALM

2012-02-27 09:44 . 2012-02-27 23:23        --------        d-----w-        C:\Adobe Creative Suite 5.5 Design Standard

2012-02-27 09:33 . 2012-02-27 09:33        --------        d-----w-        c:\users\dellpc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-02-27 09:33 . 2012-02-27 09:33        --------        d-----w-        c:\program files\Adobe Download Assistant

2012-02-26 05:57 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys

2012-02-25 17:42 . 2012-02-25 17:42        97240        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll

2012-02-25 17:42 . 2012-02-25 17:42        2106216        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-02-25 17:42 . 2012-02-25 17:42        1998168        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_43.dll

2012-02-25 17:42 . 2012-02-25 17:42        134104        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-02-25 17:42 . 2012-02-25 17:42        437208        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll

2012-02-25 17:42 . 2012-02-25 17:42        801752        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll

2012-02-25 17:42 . 2012-02-25 17:42        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll

2012-02-25 17:42 . 2012-02-25 17:42        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll

2012-02-25 17:42 . 2012-02-25 17:42        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll

2012-02-25 17:42 . 2012-02-25 17:42        45016        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll

2012-02-25 17:42 . 2012-02-25 17:42        1911768        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll

2012-02-25 17:42 . 2012-02-25 17:42        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll

2012-02-15 07:00 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-15 06:56 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-02-15 06:56 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2012-02-04 09:32 . 2012-02-04 09:32        --------        d-----w-        c:\users\dellpc\AppData\Roaming\pdfforge

2012-02-04 09:32 . 1998-06-24 00:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX

2012-02-04 09:32 . 2001-10-28 16:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll

2012-02-04 09:32 . 1998-07-06 17:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL

2012-02-04 09:32 . 1998-07-06 17:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL

2012-02-04 09:32 . 1998-07-06 17:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL

2012-02-04 09:32 . 2012-02-04 09:33        --------        d-----w-        c:\program files\PDFCreator

2012-02-04 09:32 . 1998-07-06 00:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL

2012-02-04 09:29 . 2012-02-04 09:29        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-04 06:45 . 2012-02-05 07:02        --------        d-----w-        c:\users\dellpc\AppData\Local\ServUpdater

2012-02-04 06:45 . 2012-02-04 06:45        --------        d-----w-        c:\users\dellpc\AppData\Local\PosService

2012-02-04 06:45 . 2012-02-04 06:45        --------        d-----w-        c:\users\dellpc\AppData\Local\PowerOffer

2012-01-31 20:37 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-31 20:37 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-31 20:37 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-01-31 20:37 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-01-31 20:37 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-31 20:37 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-29 11:22 . 2009-03-03 12:54        2516        --sha-w-        c:\programdata\KGyGaAvL.sys

2012-01-29 04:10 . 2009-10-03 04:33        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-10 14:24 . 2009-03-01 02:58        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-25 17:42 . 2012-02-25 17:42        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2008-12-26 09:57 . 2008-10-26 17:05        122880        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-11-13 20:58        3913000        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2009-12-31 10:53        2349080        ----a-w-        c:\program files\myBabylon_English\tbmyBa.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-28 39408]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-24 30192]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-01-17 90112]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]

"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0RwcLkRen c:\windows\system32\RwcLkCfg\0RwcLkRen c:\windows\system32\RwcLkCfg\0RwcLkRen c:\windows\system32\RwcLkCfg\0\0RwcLkRen c:\windows\system32\RwcLkCfg

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

.

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-28 19:23]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 13:15]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 13:15]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://google.de/

mStart Page = hxxp://search.findeer.com

uInternet Settings,ProxyServer = 38.121.78.74:443

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{37013225-A5FC-42C4-9233-51450E4D7F05}: NameServer = 176.31.229.24,176.31.229.25

TCP: Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {4819DFDF-ABC4-488C-A323-919848C51175}

FF - ProfilePath - c:\users\dellpc\AppData\Roaming\Mozilla\Firefox\Profiles\wq5tfbbo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.startup.homepage -  hxxp://search.findeer.com

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)

AddRemove-Faraon - c:\windows\IsUn0410.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-29 18:14

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-589096113-633288889-816648927-1000\Software\Corel\CorelDRAW]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-589096113-633288889-816648927-1000\Software\Corel\CorelDRAW\14.0]

@DACL=(02 0000)

"UILang"="ENU"

"Schedule"=hex:28,00,00,00,02,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,ff,

   ff,ff,ff,ff,ff,ff,ff,04,00,02,00,ff,ff,ff,ff,ff,ff,ff,ff

"OriginalSchedule"=hex:34,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,02,00,

   00,00,ff,ff,ff,ff,ff,ff,ff,ff,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,04,00,02,\

"CacheNumber"=dword:00000002

"Launches"=dword:00000000

"totallaunchcount"=dword:00000006

"LastCache"=dword:00000001

"MessageSequencePosition"="WEmpyAllBucketsSequencer@3@0"

"StartDate"="1236112473"

"LastLaunchCount"="0"

.

[HKEY_USERS\S-1-5-21-589096113-633288889-816648927-1000\Software\Magnet\Handlers\LimeWire\Type]

@DACL=(02 0000)

"urn:sha1"=dword:00000000

.

Zeit der Fertigstellung: 2012-02-29  18:16:46

ComboFix-quarantined-files.txt  2012-02-29 17:16

.

Vor Suchlauf: 12 Verzeichnis(se), 162.141.478.912 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 162.059.247.616 Bytes frei

.

- - End Of File - - A48ECF7A702265D7153DF23ACAFA6BCB
--- --- ---