|
Hi, das wird aus HJ ausgeblendet... Bitte ComboFix durchführen, Log posten... chris |
Ok ich mach den Combofix gleich, zuerst mal den MAM Bericht mit allen USB Sticks: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3975 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 11.04.2010 05:10:27 mbam-log-2010-04-11 (05-10-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|I:\|) Durchsuchte Objekte: 337591 Laufzeit: 4 Stunde(n), 46 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Habe gerade den ComboFix gemacht, hat brav alle 50 schritte gemacht, dan hat er neu hochgefahren und gesagt warten bis er log file erstellt, is aber nie gekommen das file. Hat er das wo hingespeichert, wenn ja wo? Wenn nein, hat er seine Arbeit trotzdem gemacht, oder soll ich ihn nochma machen? Ps: Er sagte mit vorher das die Datei "whitedir01" nicht gefunden wurde. lg |
So hier dein gewünschgter Log ComboFix 10-04-10.02 - Roby 11.04.2010 12:44:44.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3066.1989 [GMT 2:00] ausgeführt von:: c:\users\Roby\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\program files\QUAD Utilities c:\windows\system32\images c:\windows\system32\images\toolbar\calendar.gif c:\windows\system32\images\toolbar\crlogo.gif c:\windows\system32\images\toolbar\export.gif c:\windows\system32\images\toolbar\export_over.gif c:\windows\system32\images\toolbar\exportd.gif c:\windows\system32\images\toolbar\First.gif c:\windows\system32\images\toolbar\first_over.gif c:\windows\system32\images\toolbar\Firstd.gif c:\windows\system32\images\toolbar\gotopage.gif c:\windows\system32\images\toolbar\gotopage_over.gif c:\windows\system32\images\toolbar\gotopaged.gif c:\windows\system32\images\toolbar\grouptree.gif c:\windows\system32\images\toolbar\grouptree_over.gif c:\windows\system32\images\toolbar\grouptreed.gif c:\windows\system32\images\toolbar\grouptreepressed.gif c:\windows\system32\images\toolbar\Last.gif c:\windows\system32\images\toolbar\last_over.gif c:\windows\system32\images\toolbar\Lastd.gif c:\windows\system32\images\toolbar\Next.gif c:\windows\system32\images\toolbar\next_over.gif c:\windows\system32\images\toolbar\Nextd.gif c:\windows\system32\images\toolbar\Prev.gif c:\windows\system32\images\toolbar\prev_over.gif c:\windows\system32\images\toolbar\Prevd.gif c:\windows\system32\images\toolbar\print.gif c:\windows\system32\images\toolbar\print_over.gif c:\windows\system32\images\toolbar\printd.gif c:\windows\system32\images\toolbar\Refresh.gif c:\windows\system32\images\toolbar\refresh_over.gif c:\windows\system32\images\toolbar\refreshd.gif c:\windows\system32\images\toolbar\Search.gif c:\windows\system32\images\toolbar\search_over.gif c:\windows\system32\images\toolbar\searchd.gif c:\windows\system32\images\toolbar\up.gif c:\windows\system32\images\toolbar\up_over.gif c:\windows\system32\images\toolbar\upd.gif c:\windows\system32\images\tree\begindots.gif c:\windows\system32\images\tree\beginminus.gif c:\windows\system32\images\tree\beginplus.gif c:\windows\system32\images\tree\blank.gif c:\windows\system32\images\tree\blankdots.gif c:\windows\system32\images\tree\dots.gif c:\windows\system32\images\tree\lastdots.gif c:\windows\system32\images\tree\lastminus.gif c:\windows\system32\images\tree\lastplus.gif c:\windows\system32\images\tree\Magnify.gif c:\windows\system32\images\tree\minus.gif c:\windows\system32\images\tree\minusbox.gif c:\windows\system32\images\tree\plus.gif c:\windows\system32\images\tree\plusbox.gif c:\windows\system32\images\tree\singleminus.gif c:\windows\system32\images\tree\singleplus.gif . ((((((((((((((((((((((( Dateien erstellt von 2010-03-11 bis 2010-04-11 )))))))))))))))))))))))))))))) . 2010-04-11 11:05 . 2010-04-11 11:05 -------- d-----w- c:\users\Roby\AppData\Local\temp 2010-04-11 11:05 . 2010-04-11 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-10 23:47 . 2010-02-08 16:37 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\NAVEX15.SYS 2010-04-10 23:47 . 2010-02-08 16:37 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\NAVENG.SYS 2010-04-10 23:47 . 2010-02-08 16:37 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\NAVENG32.DLL 2010-04-10 23:47 . 2010-02-08 16:37 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\NAVEX32A.DLL 2010-04-10 23:47 . 2010-02-08 16:37 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\EECTRL.SYS 2010-04-10 23:47 . 2010-02-08 16:37 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\CCERASER.DLL 2010-04-10 23:47 . 2010-02-08 16:37 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\ECMSVR32.DLL 2010-04-10 23:47 . 2010-02-08 16:37 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\ERASER.SYS 2010-04-10 22:11 . 2010-04-10 22:11 -------- d-----w- C:\_OTL 2010-04-10 16:46 . 2010-04-10 16:46 -------- d-----w- c:\users\Roby\AppData\Roaming\Malwarebytes 2010-04-10 16:45 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-10 16:45 . 2010-04-10 16:45 -------- d-----w- c:\programdata\Malwarebytes 2010-04-10 16:45 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-08 18:37 . 2010-04-08 18:37 -------- d-----w- c:\users\Roby\AppData\Roaming\PACE Anti-Piracy 2010-04-08 18:37 . 2010-04-08 18:37 -------- d-----w- c:\users\Roby\AppData\Local\PACE Anti-Piracy 2010-04-08 18:20 . 2010-04-08 18:20 -------- d-----w- c:\programdata\Sonoma Wire Works 2010-04-08 18:09 . 2008-08-12 16:57 368640 ----a-w- c:\windows\system32\ReWire.dll 2010-04-08 18:09 . 2008-08-12 16:57 233472 ----a-w- c:\windows\system32\REX Shared Library.dll 2010-04-08 17:57 . 2010-04-08 17:58 -------- d-----w- c:\programdata\Line 6 2010-04-08 17:47 . 2010-04-08 17:47 -------- d-----w- c:\program files\Common Files\Digidesign 2010-04-06 05:52 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\Scxpx86.dll 2010-04-06 05:52 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSxpx86.dll 2010-04-06 05:52 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys 2010-04-06 05:52 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys 2010-04-06 05:52 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys 2010-03-26 13:51 . 2010-03-26 13:57 -------- d-----w- c:\programdata\TrackMania 2010-03-26 07:01 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\Scxpx86.dll 2010-03-26 07:01 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSxpx86.dll 2010-03-26 07:01 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys 2010-03-26 07:01 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys 2010-03-26 07:01 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys 2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys 2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll 2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll 2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys 2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll 2010-03-23 18:20 . 2010-03-23 18:29 -------- d-----w- c:\users\Roby\AppData\Roaming\TS3Client 2010-03-23 18:14 . 2010-03-23 18:14 -------- d-----w- c:\programdata\boost_interprocess . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-11 11:06 . 2010-01-04 15:18 -------- d-----w- c:\program files\Common Files\Akamai 2010-04-11 10:37 . 2008-06-24 18:36 12 ----a-w- c:\windows\bthservsdp.dat 2010-04-10 22:09 . 2009-02-09 20:21 -------- d-----w- c:\users\Roby\AppData\Roaming\skypePM 2010-04-10 22:09 . 2008-05-12 06:46 786910 ----a-w- c:\windows\system32\perfh007.dat 2010-04-10 22:09 . 2008-05-12 06:46 193284 ----a-w- c:\windows\system32\perfc007.dat 2010-04-10 21:15 . 2009-02-13 08:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-10 18:22 . 2009-02-09 20:19 -------- d-----w- c:\users\Roby\AppData\Roaming\Skype 2010-04-10 17:06 . 2010-03-01 13:36 -------- d-----w- c:\users\Roby\AppData\Roaming\KeePass 2010-04-10 14:30 . 2009-05-04 16:24 -------- d-----w- c:\programdata\Kodak 2010-04-10 14:25 . 2009-04-15 14:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-03-30 20:36 . 2009-05-23 08:36 -------- d-----w- c:\users\Roby\AppData\Roaming\uTorrent 2010-03-29 22:51 . 2008-05-11 21:08 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-25 23:29 . 2010-01-02 13:48 786800 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll 2010-03-22 10:52 . 2009-05-14 06:54 8592 ----a-w- c:\program files\PHILIPSPLUGIN_INSTALLER.txt 2010-03-22 10:52 . 2008-05-11 21:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-11 13:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-11 08:16 . 2008-05-11 20:54 -------- d-----w- c:\programdata\Microsoft Help 2010-03-08 07:37 . 2008-05-11 21:15 -------- d-----w- c:\program files\Common Files\InstallShield 2010-03-02 21:51 . 2010-03-02 21:51 -------- d-----w- c:\users\Roby\AppData\Roaming\My Games 2010-03-01 12:58 . 2008-09-15 08:51 -------- d-----w- c:\programdata\Messenger Plus! 2010-02-26 11:02 . 2010-02-26 11:02 -------- d-----w- c:\program files\iPod 2010-02-26 11:02 . 2009-10-12 06:40 -------- d-----w- c:\program files\Common Files\Apple 2010-02-26 10:59 . 2010-02-26 10:59 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-25 13:58 . 2008-09-13 16:47 120304 ----a-w- c:\users\Roby\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 09:16 . 2009-12-31 10:21 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 10:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 10:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 10:00 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 10:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-11 07:29 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 07:28 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 07:28 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-12 10:32 . 2010-03-12 07:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-08 07:02 . 2008-10-21 08:08 6944 ----a-w- c:\users\Roby\AppData\Local\d3d9caps.dat 2010-02-04 11:14 . 2010-02-07 10:22 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100206.035\NAVENG.SYS 2010-02-04 11:14 . 2010-02-07 10:22 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100206.035\NAVEX15.SYS 2010-01-25 12:00 . 2010-02-24 10:41 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 10:41 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 10:41 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 10:41 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 10:41 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 10:41 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 10:41 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 10:41 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-25 08:21 . 2010-02-24 10:41 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-23 09:26 . 2010-02-24 10:41 2048 ----a-w- c:\windows\system32\tzres.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "Skytel"="Skytel.exe" [2007-11-21 1826816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-06-24 18:44 3085824 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Roby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VolumeWheel 1.1.lnk] path=c:\users\Roby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VolumeWheel 1.1.lnk backup=c:\windows\pss\VolumeWheel 1.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-02-15 17:07 141608 ----a-w- d:\programme\Itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DEBUG FLAW BODY CLOCK"="c:\programdata\Debug bib delete.7gfbnm" "BitTorrent DNA"="c:\users\Roby\Program Files\DNA\btdna.exe" "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "ehTray.exe"=c:\windows\ehome\ehTray.exe "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="d:\programme\Itunes\iTunesHelper.exe" "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" "LManager"=c:\progra~1\LAUNCH~1\LManager.exe "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" show "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):69,ea,43,81,05,35,ca,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-24 717296] R2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856] R2 gupdate1c9d4ca2f141f60;Google Update Service (gupdate1c9d4ca2f141f60);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 133104] R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-06-24 3484672] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x] R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX1.sys [2009-01-28 530816] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-09-15 47616] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984] S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-06-24 43184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\SYMDS.SYS [2009-11-05 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS [2010-02-04 172592] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\ccHPx86.sys [2010-02-25 501888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys [2009-10-28 343088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\Ironx86.SYS [2010-02-27 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS [2010-02-04 340016] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] S2 HopperP;WiFi Hopper (Vista);c:\windows\system32\DRIVERS\hopperp.sys [2008-02-18 15360] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 SBSDWSCService;SBSD Security Center Service;d:\programme\Spy Bot\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-01-02 102448] S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-04-11 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07] 2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:28] 2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:28] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://apps.facebook.com/treasureisle/index.php?ref=bookmark mStart Page = hxxp://de.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\PrxerDrv.dll Trusted Zone: line6.net FF - ProfilePath - c:\users\Roby\AppData\Roaming\Mozilla\Firefox\Profiles\ur1c3dsz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Roby\Program Files\DNA\plugins\npbtdna.dll FF - plugin: d:\programme\Itunes\Mozilla Plugins\npitunes.dll FF - plugin: d:\programme\Xvid\DivX\DivX Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-AlcoholAutomount - d:\programme\Alcohol 120%\Alcohol 120\axcmd.exe MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-04-11 13:05 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2010-04-11 13:14:50 ComboFix-quarantined-files.txt 2010-04-11 11:14 Vor Suchlauf: 16 Verzeichnis(se), 60.993.454.080 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 60.957.261.824 Bytes frei - - End Of File - - 1E54A06A65357E2FB1A6EE33342FD39E |
Hi, in dem Log sind mehrere Sachen auffällig: - arbeitest du über ein Proxy? Code: Component Name: PrxerDrv.dllDie Runkeys der Files sind noch in der Reg (aber auf Run- gesetzt)... Lass dieses File bei virustotal.com prüfen (es gibt gleichnamige Malware: c:\windows\system32\ieUnatt.exe Wie verhält sich der Rechner? chris |
Hey, Ja Profixier verwende ich in der Schule, da dort einiges geblockt wird und ich das über ein externen Proxy umgehe. |
Hi, dann lass Dich mal nicht erwischen... Was macht die Fileanalyse und wie verhält sich der Rechner? Sonst bohren wir noch weiter... chris |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 10:28 Uhr. |
Copyright ©2000-2025, Trojaner-Board