Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Systray .exe stub - Keylogger? (https://www.trojaner-board.de/99206-systray-exe-stub-keylogger.html)

Esco 17.05.2011 14:25
Systray .exe stub - Keylogger?
 
Hallo erstmal,
seit Gestern ist imr auf gefallen, dass immer wenn ich einmal ^ drücke 2 kommen.
Da ich schoneinmal gehört habe das dies auf einen Keylogger hinweisen könnte, habe ich mit Avast einen Vierenscan durchgeführt, es wurde ein Trojaner gefunden & gelöscht, aber das Problem bestand weiterhin.
Daraufhin durchforstete ich die laufende prozesse und fand den prozess:
J0L4A23.exe Beschreibung: Systray .exe stub nach dem ich diesen prozess beendet habe erschien er wieder - nur mit einem anderen namen, wie z.B J0L2R56.exe. Zudem bekam ich einige Warnungen von Avast das ein Programm aus User\Appdata mit einer url Names www.facebook.com/....
in Verbindung trat.
Also hab ich mal Malwarebytes,OTL & HiJackThis durchlaufen lassen, ohne erfolg.(zu OTL kann ich nichts sagen, kp wie das ausgewertet wird)


OTL.txtOTL Logfile:
Code:
OTL logfile created on: 17.05.2011 15:01:06 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Eddy\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,40 Gb Total Space | 258,89 Gb Free Space | 44,76% Space Free | Partition Type: NTFS
Drive D: | 931,39 Gb Total Space | 450,45 Gb Free Space | 48,36% Space Free | Partition Type: NTFS
Drive E: | 120,24 Gb Total Space | 119,73 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
 
Computer Name: EDDY-PC | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Eddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Eddy\AppData\Local\Temp\J0L4A23.exe (Microsoft Corporation)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.22\deploy\LoLLauncher.exe ()
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Eddy\Desktop\crap\HiJackThis204.exe (Trend Micro Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.44\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe (D-Link Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ArchiCrypt Stealth 4\IJStealth4Svc.exe (Softwareentwicklung Remus)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Eddy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (jswpsapi) -- C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (StealthInjectorService) -- C:\Program Files (x86)\ArchiCrypt Stealth 4\IJStealth4Svc.exe (Softwareentwicklung Remus)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Gun) -- C:\Windows\SysNative\Gun64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 26 25 7A 40 9D CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.22 16:37:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.01 02:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.04.14 21:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Extensions
[2011.04.15 15:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\5455qrjd.default\extensions
[2011.04.15 15:25:06 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\5455qrjd.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011.04.15 15:25:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\5455qrjd.default\extensions\engine@conduit.com
[2011.03.21 15:52:38 | 000,000,923 | ---- | M] () -- C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\5455qrjd.default\searchplugins\conduit.xml
[2011.04.16 12:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) --
[2011.04.23 00:40:25 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\EDDY\APPDATA\LOCAL\{932ADBF2-C2B2-48E8-8F5C-D5285565712F}
[2011.05.01 02:41:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [4E3E0230AEBB4E96]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate]  File not found
O4 - Startup: C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{21717cbc-134a-11e0-a769-b9d32cc93015}\Shell - "" = AutoRun
O33 - MountPoints2\{21717cbc-134a-11e0-a769-b9d32cc93015}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{3004089d-ef1d-11df-8ae9-f6603ebf231a}\Shell - "" = AutoRun
O33 - MountPoints2\{3004089d-ef1d-11df-8ae9-f6603ebf231a}\Shell\AutoRun\command - "" = G:\Setup\rsrc\autorun.exe
O33 - MountPoints2\{3004089d-ef1d-11df-8ae9-f6603ebf231a}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{9ccfa43c-f3e8-11df-a913-fe053557f910}\Shell - "" = AutoRun
O33 - MountPoints2\{9ccfa43c-f3e8-11df-a913-fe053557f910}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{9eddf481-2aff-11e0-80fb-e079aa721f14}\Shell - "" = AutoRun
O33 - MountPoints2\{9eddf481-2aff-11e0-80fb-e079aa721f14}\Shell\AutoRun\command - "" = K:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1031" /heur:80 /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\Alwil Software\Avast5") - C:\Windows\SysWow64\aswBoot.exe (AVAST Software)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.17 15:00:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2011.05.16 22:46:26 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Malwarebytes
[2011.05.16 22:46:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.16 22:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.16 22:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.16 22:46:14 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.16 22:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.16 22:36:56 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Eddy\Desktop\mbam-setup.exe
[2011.05.11 16:36:33 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.11 16:36:33 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.11 16:36:32 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.11 16:36:28 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.11 16:36:27 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.07 03:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.05 02:24:55 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{0763ECA8-DBB9-45D7-91CC-173184BEE510}
[2011.05.04 17:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame
[2011.05.04 17:22:42 | 000,000,000 | ---D | C] -- C:\Game
[2011.05.04 14:24:30 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{0CFA61EF-54D1-43E7-B4EF-B689AD883717}
[2011.04.30 22:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.04.30 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011.04.27 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\SSC
[2011.04.27 23:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WoW UI Designer
[2011.04.27 15:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SW-Tukupdater
[2011.04.27 15:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SW-Tukupdater
[2011.04.27 12:47:41 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.27 12:47:41 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.27 12:43:02 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 12:43:02 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.27 12:40:51 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.27 12:40:51 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.27 12:40:51 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.27 12:40:51 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.27 12:40:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.27 12:40:51 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.27 12:40:51 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.27 12:36:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.27 12:36:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.04.24 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{68256A58-EC1D-436A-B043-60163392E703}
[2011.04.23 16:48:51 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{CF4F9EA3-E973-4E15-A0F3-7913EFEDAA48}
[2011.04.23 13:32:38 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{69CA5F75-54DB-4442-9725-A12530E92EC1}
[2011.04.23 00:40:25 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{932ADBF2-C2B2-48E8-8F5C-D5285565712F}
[2011.04.23 00:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2011.04.22 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Darksiders
[2011.04.22 10:56:51 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{C74215E5-49BF-4EF7-9848-7A505AF65AD9}
[2011.04.21 21:13:50 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{52D45E1F-A810-4D3C-B014-239B8469243E}
[2011.04.21 19:06:35 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{EE223D89-C992-4357-868C-135F69848DAC}
[2011.04.21 13:09:31 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{42D510BE-9EB1-4967-9F62-B85E78D5D04F}
[2011.04.20 13:09:43 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{51134862-C322-4499-9EEA-4E375360382A}
[2011.04.19 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{7C8BECF7-1099-4D4F-8141-48D15650ADD5}
[2011.04.19 01:07:31 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{B2EAAD9A-2250-45D2-89B6-34914A97AF3D}
[2011.04.18 19:22:34 | 000,000,000 | -H-D | C] -- C:\Users\Eddy\Documents\Runes of Magic
[2011.04.18 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runes of Magic
[2011.04.18 19:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runes of Magic
[2011.04.18 13:07:00 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{7F7F4843-BD51-4D6E-A44C-CE328F12C669}
[2011.04.18 12:20:51 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\{CD396F77-C0C9-4F0C-9DDE-D56BBEDB6239}
[2011.04.17 19:51:56 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamTorrent 1.0
[2011.04.17 19:51:56 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\StreamTorrent
[2011.04.17 19:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Eddy\Documents\*.tmp files -> C:\Users\Eddy\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.17 15:00:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2011.05.17 14:42:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.16 22:46:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.16 22:37:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Eddy\Desktop\mbam-setup.exe
[2011.05.16 15:43:36 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.16 15:43:36 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.16 15:35:32 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.04 17:34:24 | 000,030,840 | ---- | M] () -- C:\Windows\SysNative\Gun64.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Eddy\Documents\*.tmp files -> C:\Users\Eddy\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.16 22:46:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 17:34:24 | 000,030,840 | ---- | C] () -- C:\Windows\SysNative\Gun64.sys
[2011.04.27 23:51:10 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WoW UI Designer 1.1.110.lnk
[2011.04.14 23:13:47 | 001,574,212 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.26 03:23:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.01.28 23:23:15 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2010.12.29 20:40:00 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.29 20:39:59 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.12.29 20:39:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.22 22:53:04 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2010.12.22 16:32:25 | 000,235,000 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010.12.22 16:32:25 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010.12.13 23:00:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.13 22:39:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
--- --- ---


Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6593

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.05.2011 10:57:16
mbam-log-2011-05-17 (10-57-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 631320
Laufzeit: 2 Stunde(n), 23 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Ich hoffe mir kann da jemand so schnell wie möglich helfen, es macht mich wahnsinnig mmich nirgends sicher einloggen zu können.

gruß
eddy

//E Eben noch einen Malwarebytes quickscan gemacht:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6593

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.05.2011 15:28:14
mbam-log-2011-05-17 (15-28-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166043
Laufzeit: 3 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg 17.05.2011 14:43
sehe es mir an.

markusg 17.05.2011 14:50
1. deinstaliere mal spybot, es stört die reinigung und außerdem finde ich persönlich, dass es nicht mehr sonderlich nützlich ist, zb nur 1 update pro woche..

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\Eddy\AppData\Local\Temp\J0L4A23.exe (Microsoft Corporation)
O4 - HKCU..\Run: [4E3E0230AEBB4E96] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] File not found
:Files
C:\Users\Janet\peload3E.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Esco 17.05.2011 16:11
der prozess heißt jetzt j0l8002.exe...befehl ändern?

markusg 17.05.2011 16:33
lass mal so und füge das andere hinzu, starte weder neu noch spiele im taskmanager rumm, sonst wirds die unendliche geschichte.

Esco 17.05.2011 17:28
Hat sich erledigt durch diese fix dinges wurde alles geklärt ;)

markusg 17.05.2011 17:29
nein, wurde es nicht. wir haben nur das gelöscht was in dem log sichtbar war. bitte hochladen wie beschrieben, wenn fertig bescheid geben dann gehts weiter.

Esco 17.05.2011 18:12
...kam mit dem Upload gerät nicht klar, hab es jetzt wo anders hochgeladen

hxxp://www59.zippyshare.com/v/82137694/file.html

markusg 17.05.2011 18:27
wo ist da das problem im upload channel? einfach durchsuchen datei auswählen, usernamen und themen link und dann absenden...
ok weiter gehts.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Esco 17.05.2011 18:59
Das mit dem Themenlink ging nicht.
Hab das Prog jetzt einal durchlaufenlassen und das war der log:

Combofix Logfile:
Code:
ComboFix 11-05-16.04 - Eddy 17.05.2011  19:39:45.1.4 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.8190.6190 [GMT 2:00]
ausgeführt von:: c:\users\Eddy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\recycle.bin\Recycle.Bin.exe
c:\users\Eddy\AppData\Local\{932ADBF2-C2B2-48E8-8F5C-D5285565712F}
c:\users\Eddy\AppData\Local\{932ADBF2-C2B2-48E8-8F5C-D5285565712F}\chrome.manifest
c:\users\Eddy\AppData\Local\{932ADBF2-C2B2-48E8-8F5C-D5285565712F}\chrome\content\_cfg.js
c:\users\Eddy\AppData\Local\{932ADBF2-C2B2-48E8-8F5C-D5285565712F}\chrome\content\overlay.xul
c:\users\Eddy\AppData\Local\{932ADBF2-C2B2-48E8-8F5C-D5285565712F}\install.rdf
c:\users\Eddy\AppData\Roaming\MSA
c:\users\Eddy\AppData\Roaming\MSA\userid.dat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-17 bis 2011-05-17  ))))))))))))))))))))))))))))))
.
.
2011-05-17 17:46 . 2011-05-17 17:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-17 15:22 . 2011-05-17 16:43        --------        d-----w-        C:\_OTL
2011-05-17 06:43 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB6173F4-1AB1-435A-920D-598A33BB6B6E}\mpengine.dll
2011-05-16 20:46 . 2011-05-16 20:46        --------        d-----w-        c:\users\Eddy\AppData\Roaming\Malwarebytes
2011-05-16 20:46 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-16 20:46 . 2011-05-16 20:46        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-16 20:46 . 2011-05-16 20:46        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-16 20:46 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-11 14:36 . 2011-04-09 06:45        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-11 14:36 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 14:36 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 14:36 . 2011-03-25 03:23        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2011-05-11 14:36 . 2011-03-25 03:23        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2011-05-11 14:36 . 2011-03-25 03:23        324608        ----a-w-        c:\windows\system32\drivers\usbport.sys
2011-05-11 14:36 . 2011-03-25 03:22        52224        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2011-05-11 14:36 . 2011-03-25 03:22        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2011-05-11 14:36 . 2011-03-25 03:22        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2011-05-11 14:36 . 2011-03-25 03:22        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys
2011-05-05 00:24 . 2011-05-05 00:25        --------        d-----w-        c:\users\Eddy\AppData\Local\{0763ECA8-DBB9-45D7-91CC-173184BEE510}
2011-05-04 15:34 . 2011-05-04 15:34        30840        ----a-w-        c:\windows\system32\Gun64.sys
2011-05-04 15:22 . 2011-05-04 15:22        --------        d-----w-        C:\Game
2011-05-04 12:24 . 2011-05-04 12:24        --------        d-----w-        c:\users\Eddy\AppData\Local\{0CFA61EF-54D1-43E7-B4EF-B689AD883717}
2011-04-30 20:39 . 2011-04-30 20:39        --------        d-----w-        c:\program files (x86)\Valve
2011-04-27 21:52 . 2011-04-27 21:52        --------        d-----w-        c:\users\Eddy\AppData\Local\SSC
2011-04-27 21:51 . 2011-04-27 21:51        --------        d-----w-        c:\program files (x86)\WoW UI Designer
2011-04-27 13:14 . 2011-04-27 13:15        --------        d-----w-        c:\program files (x86)\SW-Tukupdater
2011-04-27 10:47 . 2011-02-26 06:23        2870272        ----a-w-        c:\windows\explorer.exe
2011-04-27 10:47 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\SysWow64\explorer.exe
2011-04-27 10:43 . 2011-03-12 12:03        662528        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-27 10:43 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-04-27 10:40 . 2011-03-11 06:23        1657216        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-04-27 10:40 . 2011-03-11 06:23        187264        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-04-27 10:40 . 2011-03-11 06:23        166272        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-04-27 10:40 . 2011-03-11 06:23        148352        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-04-27 10:40 . 2011-03-11 06:23        410496        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-04-27 10:40 . 2011-03-11 06:22        107904        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-04-27 10:40 . 2011-03-11 06:22        27008        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-04-27 10:40 . 2011-03-11 06:18        2566144        ----a-w-        c:\windows\system32\esent.dll
2011-04-27 10:40 . 2011-03-11 06:15        96768        ----a-w-        c:\windows\system32\fsutil.exe
2011-04-27 10:40 . 2011-03-11 05:39        1686016        ----a-w-        c:\windows\SysWow64\esent.dll
2011-04-27 10:40 . 2011-03-11 05:37        74240        ----a-w-        c:\windows\SysWow64\fsutil.exe
2011-04-27 10:36 . 2011-02-18 06:33        31232        ----a-w-        c:\windows\system32\prevhost.exe
2011-04-27 10:36 . 2011-02-18 05:33        31232        ----a-w-        c:\windows\SysWow64\prevhost.exe
2011-04-25 23:02 . 2011-04-25 23:02        469256        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\dcb5b6091cc039c2e\InstallManager_WLE_WLE.exe
2011-04-25 23:01 . 2011-04-25 23:01        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a596cbeb1cc039c22\MeshBetaRemover.exe
2011-04-25 22:59 . 2011-04-25 22:59        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\5f71d63c1cc039c14\DSETUP.dll
2011-04-25 22:59 . 2011-04-25 22:59        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\5f71d63c1cc039c14\DXSETUP.exe
2011-04-25 22:59 . 2011-04-25 22:59        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\5f71d63c1cc039c14\dsetup32.dll
2011-04-25 22:58 . 2011-04-25 22:58        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\5bd170641cc039c13\DSETUP.dll
2011-04-25 22:58 . 2011-04-25 22:58        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\5bd170641cc039c13\DXSETUP.exe
2011-04-25 22:58 . 2011-04-25 22:58        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\5bd170641cc039c13\dsetup32.dll
2011-04-24 11:04 . 2011-04-24 11:04        --------        d-----w-        c:\users\Eddy\AppData\Local\{68256A58-EC1D-436A-B043-60163392E703}
2011-04-23 14:48 . 2011-04-23 14:48        --------        d-----w-        c:\users\Eddy\AppData\Local\{CF4F9EA3-E973-4E15-A0F3-7913EFEDAA48}
2011-04-23 11:32 . 2011-04-23 11:32        --------        d-----w-        c:\users\Eddy\AppData\Local\{69CA5F75-54DB-4442-9725-A12530E92EC1}
2011-04-22 11:21 . 2011-04-22 11:28        --------        d-----w-        c:\program files (x86)\Darksiders
2011-04-22 08:56 . 2011-04-22 21:22        --------        d-----w-        c:\users\Eddy\AppData\Local\{C74215E5-49BF-4EF7-9848-7A505AF65AD9}
2011-04-21 19:13 . 2011-04-21 19:13        --------        d-----w-        c:\users\Eddy\AppData\Local\{52D45E1F-A810-4D3C-B014-239B8469243E}
2011-04-21 17:06 . 2011-04-21 17:06        --------        d-----w-        c:\users\Eddy\AppData\Local\{EE223D89-C992-4357-868C-135F69848DAC}
2011-04-21 11:09 . 2011-04-21 11:09        --------        d-----w-        c:\users\Eddy\AppData\Local\{42D510BE-9EB1-4967-9F62-B85E78D5D04F}
2011-04-20 11:09 . 2011-04-20 11:10        --------        d-----w-        c:\users\Eddy\AppData\Local\{51134862-C322-4499-9EEA-4E375360382A}
2011-04-19 11:08 . 2011-04-19 23:09        --------        d-----w-        c:\users\Eddy\AppData\Local\{7C8BECF7-1099-4D4F-8141-48D15650ADD5}
2011-04-18 23:07 . 2011-04-18 23:07        --------        d-----w-        c:\users\Eddy\AppData\Local\{B2EAAD9A-2250-45D2-89B6-34914A97AF3D}
2011-04-18 17:14 . 2011-04-24 19:32        --------        d-----w-        c:\program files (x86)\Runes of Magic
2011-04-18 11:07 . 2011-04-18 11:07        --------        d-----w-        c:\users\Eddy\AppData\Local\{7F7F4843-BD51-4D6E-A44C-CE328F12C669}
2011-04-18 10:20 . 2011-04-18 10:20        --------        d-----w-        c:\users\Eddy\AppData\Local\{CD396F77-C0C9-4F0C-9DDE-D56BBEDB6239}
2011-04-17 17:51 . 2011-04-17 17:51        --------        d-----w-        c:\users\Eddy\AppData\Roaming\StreamTorrent
2011-04-17 17:51 . 2011-04-17 17:51        --------        d-----w-        c:\program files (x86)\StreamTorrent 1.0
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\SysWow64\xlivefnt.dll
2011-03-19 21:44 . 2010-12-29 18:40        189248        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2011-03-19 21:43 . 2010-12-29 18:39        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2011-03-11 06:19 . 2011-04-13 14:08        1395712        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 14:08        1359872        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 14:08        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-13 14:08        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-03-08 21:24 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:14 . 2011-04-13 14:06        976896        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 14:06        740864        ----a-w-        c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-27 10:41        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 10:41        347648        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-13 14:06        182272        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-13 14:06        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-13 14:06        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 14:08        3133440        ----a-w-        c:\windows\system32\win32k.sys
2011-03-02 15:26 . 2010-12-29 18:42        189480        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2011-02-26 01:23 . 2011-02-26 01:23        41872        ----a-w-        c:\windows\SysWow64\xfcodec.dll
2011-02-26 01:23 . 2011-02-26 01:23        27536        ----a-w-        c:\windows\system32\xfcodec64.dll
2011-02-24 06:30 . 2011-04-13 14:08        476160        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-24 06:29 . 2011-04-13 14:06        1197056        ----a-w-        c:\windows\system32\wininet.dll
2011-02-24 06:24 . 2011-04-13 14:06        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2011-02-24 05:32 . 2011-04-13 14:08        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-13 14:06        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-02-24 05:30 . 2011-04-13 14:06        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05 . 2011-04-13 14:06        482816        ----a-w-        c:\windows\system32\html.iec
2011-02-24 04:24 . 2011-04-13 14:06        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-02-24 04:23 . 2011-04-13 14:06        386048        ----a-w-        c:\windows\SysWow64\html.iec
2011-02-24 03:50 . 2011-04-13 14:06        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16 . 2011-04-13 14:08        461312        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-13 14:08        401920        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-13 14:08        161792        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-13 14:05        157696        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-13 14:05        286720        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-13 14:05        126464        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-13 14:05        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-02-19 06:37 . 2011-03-09 13:37        1135104        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 13:37        1540608        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 13:37        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 06:36 . 2011-04-13 14:07        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-03-09 13:37        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 13:37        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-02-19 05:32 . 2011-04-13 14:07        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-13 14:07        367104        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-13 14:07        294912        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-02-18 06:37 . 2011-04-13 14:08        612352        ----a-w-        c:\windows\system32\vbscript.dll
2011-02-18 05:36 . 2011-04-13 14:08        428032        ----a-w-        c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45        2355224        ----a-w-        c:\program files (x86)\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
c:\users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-11-18 0]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-2-26 3502992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-3-30 202240]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-547 revA\wirelesscm.exe [2010-11-11 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-19 1038088]
R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [2008-09-26 954368]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 StealthInjectorService;Stealth Service Helper;c:\program files (x86)\ArchiCrypt Stealth 4\IJStealth4Svc.exe [2006-08-01 145920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-13 248936]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\5455qrjd.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
AddRemove-Fraps - d:\papa\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1748170318-617275836-2261935102-1001\Software\SecuROM\License information*]
"datasecu"=hex:f3,4b,3d,c5,82,15,aa,e1,fd,bc,3d,d0,82,ca,26,d9,84,97,61,22,53,
  0f,cd,46,eb,a7,ba,5f,a9,ac,a6,b9,76,19,cd,3d,0d,81,c6,d7,05,c4,03,10,2e,61,\
"rkeysecu"=hex:8c,d9,66,0e,17,2b,d7,ce,e8,c9,0b,45,86,2e,64,e4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-17  19:48:18
ComboFix-quarantined-files.txt  2011-05-17 17:48
.
Vor Suchlauf: 12 Verzeichnis(se), 277.790.183.424 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 282.960.703.488 Bytes frei
.
- - End Of File - - 10608765134DEB5A65273B2D97974B5C
--- --- ---

markusg 17.05.2011 20:06
öffne den arbeitsplatz qoobox rechtsklick auf quarantain, packen und wieder hochladen bitte.

Esco 17.05.2011 20:42
hxxp://www59.zippyshare.com/v/87755712/file.html

markusg 18.05.2011 10:48
hi, machst du onlinebanking oder einkäufe oder sonst was wichtiges mit dem pc?

Esco 18.05.2011 12:57
Ebanking oder nicht, nur abund an kaufe ich was über Pay Pal.
Ansonsten, das wichtigste danach auf meinem Pc wären meine Spiele Accounts

markusg 18.05.2011 14:01
ok.
gut das wir noch weiter gemacht haben. du hast einen spyeye trojaner, der hatts auf alles abgesehen, mit dem sich geld machen lässt.
da wir nicht 100 %ig garantieren können das wir das system sauber bekommen:

- daten sichern, sichere alles an dokumenten bildern etc.
nichts illegales wie keygens cracks etc.
- pc formatieren. ich erkläre dir, falls erwünscht, wies geht.
- pc absichern.
ich kann dir zeigen, wie du mit elativ einfachen mitteln einen wirksamen schutz erreichst.
- passwörter endern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131