Home » Viren, Trojaner & Malware Forum » Internet Explorer bombadiert mich mit Werbung, Hohe CPU Auslastung! » Themenansicht
Internet Explorer bombadiert mich mit Werbung, Hohe CPU Auslastung! |
||
|---|---|---|
| #0
| ||
|
04.06.2010, 16:35
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
04.06.2010, 16:38
Member
Beiträge: 3716 |
||
|
|
|
|
|
05.06.2010, 14:43
...neu hier
Themenstarter Beiträge: 4 |
#3
Gmer Report kann ich leider nich posten da dass Programm immer abtürzt. Probiers nacher nochmal...
Hier die anderen Logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4169 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 04.06.2010 17:00:32 mbam-log-2010-06-04 (17-00-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 127593 Laufzeit: 10 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 11 Infizierte Dateien: 200 Infizierte Speicherprozesse: C:\Windows\System32\MPK\MPK.exe (Refog.Keylogger) -> No action taken. Infizierte Speichermodule: C:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: c:\windows\system32\mpk\mpk.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: system32\mpk\mpk.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (userinit.exe,C:\Windows\system32\MPK\MPK.exe) Good: (Userinit.exe) -> No action taken. Infizierte Verzeichnisse: C:\ProgramData\MPK (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\CPDM (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\REFOG Keylogger (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images (Refog.Keylogger) -> No action taken. Infizierte Dateien: C:\Users\Paul\downloads\setup_akl(2).exe (Trojan.Dropper) -> No action taken. C:\Users\Paul\downloads\setup_akl(3).exe (Trojan.Dropper) -> No action taken. C:\Users\Paul\downloads\setup_akl(4).exe (Trojan.Dropper) -> No action taken. C:\Users\Paul\downloads\setup_akl(5).exe (Trojan.Dropper) -> No action taken. C:\Users\Paul\downloads\setup_akl.exe (Trojan.Dropper) -> No action taken. C:\ProgramData\MPK\key.bin (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\M0000 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\REFOG Keylogger.lnk (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\D0000 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_6853645833 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_6888368171 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_6923096296 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_6957813426 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7027257523 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7062349421 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7096712384 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7131424074 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7166145833 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7200973264 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7235590278 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7303331944 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7361786690 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7396508102 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7431231713 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7529907986 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7564628472 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7599350694 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7634073148 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7668951389 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7703517824 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7738239931 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_7772962616 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_8329572338 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_8364294213 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_8711517014 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_8746238657 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_8780961111 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_8815684259 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_8850406482 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9162905093 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9197627315 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9232349768 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9267071991 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9301794676 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9336516319 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9371239352 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9405960648 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9440683333 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9475405440 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9510127662 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9544849884 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9614294329 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9649017593 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9683739815 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9718462153 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9787905093 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9822628125 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9857408565 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9892072917 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40332_9926795139 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0100405440 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0135129514 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0169855556 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0204579282 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0239296991 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0274019213 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0412909491 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0447632060 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0482353125 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_0517075347 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_1524020602 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_1558742824 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_1662909606 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_5537357176 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6752114120 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6786836227 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6821559028 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6856282060 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6891003588 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6925725810 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6960450810 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_6995169560 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_7029895949 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\I40333_7064614468 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\1\S0000 (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\REFOG Keylogger\Jetzt bestellen!.lnk (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\REFOG Keylogger\REFOG Keylogger im Internet.lnk (Refog.Keylogger) -> No action taken. C:\ProgramData\MPK\REFOG Keylogger\REFOG Keylogger.lnk (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Brazilian.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\French.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\German.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Italian.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Japanese.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\key.bin (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\libeay32.dll (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\logstart.vbs (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\loguninstall.vbs (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\MPK.exe (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\MPK64.exe (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\MpkNetInstall.exe (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\MPKView.exe (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Portuguese.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Romanian.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Spanish.lng (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\ssleay32.dll (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\trial_Standard.ini (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\zlib1.dll (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\update.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_russian.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_russian.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_english.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_english.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_german.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_german.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_russian.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_russian.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_russian.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\english.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\german.gif (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> No action taken. C:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. Hier die Uninstall Liste: Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.2 - Deutsch Adobe Shockwave Player 11.5 Advanced IP Scanner v1.5 Advanced RAR Password Recovery (remove only) Air Video Server 2.2.6u1 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour CamStudio Canon Inkjet Printer Driver Add-On Module Canon MP780 CASIO FA-124 Catalyst Control Center - Branding Firebird SQL Server - MAGIX Edition Free YouTube to MP3 Converter version 3.3 Google Chrome Google Earth Google Update Helper HijackThis 2.0.2 ICQ6.5 ImgBurn iTunes Java(TM) 6 Update 18 JDownloader Kaspersky Internet Security 2010 Kaspersky Internet Security 2010 Labtec WebCam Labtec® Camera-Treiber Lern-o-Mat Logitech Audio Echo Cancellation Component Logitech Video Enumerator LogMeIn MAGIX 3D Maker (embeded) MAGIX Filme auf DVD 7 Trial 7.0.1.4 (D) MAGIX Foto Manager 8 6.0.1.457 (D) MAGIX Fotobuch 3.6 MAGIX Fotos auf CD & DVD 8 deluxe 8.0.0.14 (D) MAGIX Online Druck Service 3.4.3.0 (D) MAGIX Screenshare 4.3.6.1987 (D) MAGIX Xtreme Foto Designer 6 6.0.25.0 (D) Malwarebytes' Anti-Malware Microsoft Choice Guard Microsoft Halo Trial Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MobileMe Control Panel Mozilla Firefox (3.6.3) Mozilla Thunderbird (2.0.0.24) Mp3tag v2.45a MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MVision Notepad++ O&O PartitionManager Professional OpenOffice.org 3.2 QuickTime Safari Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB978380) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Skype™ 4.1 Songr SoundMAX Spybot - Search & Destroy Steam TCM Combo Set TmNationsForever Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb981726) Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VirtualCloneDrive Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.3 Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Messenger Windows Live-Uploadtool Windows Media Player Firefox Plugin WinRAR WinSCP 4.1.9 xp-AntiSpy 3.97-6 |
|
|
|
|
|
|
05.06.2010, 21:07
Member
Beiträge: 3716 |
#4
lösche die funde vom malwarebytes mit malwarebytes, erstelle und poste combofix log
|
|
|
|
|
|
|
06.06.2010, 21:13
...neu hier
Themenstarter Beiträge: 4 |
#5
ComboFix 10-06-06.01 - Paul 06.06.2010 20:49:07.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1023.414 [GMT 2:00] ausgeführt von:: c:\users\Paul\Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Ccocua.exe c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job . ((((((((((((((((((((((( Dateien erstellt von 2010-05-06 bis 2010-06-06 )))))))))))))))))))))))))))))) . 2010-06-06 19:01 . 2010-06-06 19:03 -------- d-----w- c:\users\Paul\AppData\Local\temp 2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-04 14:48 . 2010-06-04 14:48 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes 2010-06-04 14:48 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-04 14:48 . 2010-06-04 14:48 -------- d-----w- c:\programdata\Malwarebytes 2010-06-04 14:48 . 2010-06-04 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-04 14:48 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-03 17:03 . 2010-06-03 17:04 10530 ---ha-w- C:\aaw7boot.cmd 2010-06-03 16:11 . 2010-06-03 17:19 -------- d-----w- c:\programdata\Lavasoft 2010-06-03 13:53 . 2010-06-03 15:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-03 13:53 . 2010-06-03 15:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-06-03 12:48 . 2010-06-03 12:48 -------- d-----w- c:\windows\Sun 2010-06-03 12:48 . 2003-07-06 12:07 372736 ----a-w- c:\windows\system32\IJL_11.DLL 2010-05-26 16:56 . 2010-05-26 18:53 -------- d-----w- c:\program files\Common Files\Steam 2010-05-26 16:56 . 2010-06-04 21:35 -------- d-----w- c:\program files\Steam 2010-05-26 10:41 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-25 10:25 . 2010-05-25 10:26 -------- d-----w- c:\users\Paul\AppData\Local\Songr 2010-05-25 10:25 . 2010-05-25 10:25 -------- d-----w- c:\program files\Songr 2010-05-14 09:30 . 2010-05-14 09:30 -------- d-----w- c:\program files\AirVideoServer 2010-05-14 09:17 . 2010-05-17 15:43 -------- d-----w- C:\jexepackres 2010-05-12 15:04 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-09 18:29 . 2010-05-09 18:29 -------- d-----w- c:\program files\ElcomSoft 2010-05-09 14:57 . 2010-05-09 15:39 -------- d-----w- c:\users\Paul\AppData\Roaming\Notepad++ 2010-05-09 14:57 . 2010-05-09 14:57 -------- d-----w- c:\program files\Notepad++ . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-06 18:59 . 2009-11-27 15:36 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype 2010-06-06 18:12 . 2009-11-27 15:01 -------- d-----w- c:\programdata\Kaspersky Lab 2010-06-06 16:18 . 2009-11-27 15:38 -------- d-----w- c:\users\Paul\AppData\Roaming\skypePM 2010-06-05 23:38 . 2009-12-05 14:18 -------- d-----w- c:\program files\LogMeIn 2010-06-03 23:03 . 2009-12-05 13:48 -------- d-----w- c:\users\Paul\AppData\Roaming\vlc 2010-06-03 22:58 . 2009-07-14 08:47 643628 ----a-w- c:\windows\system32\perfh007.dat 2010-06-03 22:58 . 2009-07-14 08:47 126188 ----a-w- c:\windows\system32\perfc007.dat 2010-06-03 21:36 . 2010-03-05 18:43 -------- d-----w- c:\program files\JDownloader 2010-06-03 15:52 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2010-06-01 21:19 . 2009-11-27 15:38 -------- d-----w- c:\users\Paul\AppData\Roaming\ICQ 2010-05-17 16:15 . 2010-02-27 23:00 -------- d-----w- c:\program files\Google 2010-05-12 18:47 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-12 18:47 . 2009-12-01 15:45 -------- d-----w- c:\programdata\Microsoft Help 2010-05-12 09:21 . 2009-10-14 02:21 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-08 09:50 . 2010-04-26 19:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-05-08 09:49 . 2009-11-26 17:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-08 09:44 . 2010-04-26 19:16 -------- d-----w- c:\program files\DVDVideoSoft 2010-05-08 09:43 . 2010-01-30 14:05 -------- d-----w- c:\program files\AVS4YOU 2010-05-08 09:43 . 2010-01-30 14:06 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-05-08 09:42 . 2010-02-04 13:19 -------- d-----w- c:\program files\AlbumArtDownloader 2010-05-05 15:10 . 2010-02-09 18:28 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-05-05 15:10 . 2010-02-09 18:28 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-05-02 17:10 . 2010-05-02 17:09 -------- d-----w- c:\program files\iTunes 2010-05-02 17:09 . 2010-05-02 17:09 -------- d-----w- c:\program files\iPod 2010-05-02 17:09 . 2009-11-30 16:15 -------- d-----w- c:\program files\Common Files\Apple 2010-05-02 17:02 . 2010-05-02 17:02 -------- d-----w- c:\program files\Bonjour 2010-05-02 16:55 . 2010-05-02 16:55 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-04-30 12:32 . 2010-04-30 12:32 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2010-04-23 11:33 . 2010-04-23 11:33 -------- d-----w- c:\users\Paul\AppData\Roaming\ImgBurn 2010-04-23 11:27 . 2010-04-23 11:27 -------- d-----w- c:\program files\ImgBurn 2010-04-21 16:44 . 2010-04-20 16:27 -------- d-----w- c:\program files\Common Files\MAGIX Shared 2010-04-21 16:37 . 2010-04-20 16:28 -------- d-----w- c:\users\Paul\AppData\Roaming\MAGIX 2010-04-21 16:32 . 2010-04-20 16:09 -------- d-----w- c:\programdata\MAGIX 2010-04-21 16:32 . 2010-04-20 16:08 -------- d-----w- c:\program files\MAGIX 2010-04-20 17:21 . 2009-11-26 17:25 127544 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-20 16:19 . 2010-04-20 16:19 -------- d-----w- c:\program files\Common Files\xara 2010-04-13 17:29 . 2010-04-13 17:29 -------- d--h--w- c:\program files\CanonBJ 2010-04-11 14:39 . 2010-01-25 14:26 -------- d-----w- c:\users\Paul\AppData\Roaming\dvdcss 2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll 2010-03-14 13:24 . 2010-03-14 13:24 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-08 21:33 . 2010-04-14 10:39 427520 ----a-w- c:\windows\system32\vbscript.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "WireLessMouse "="c:\program files\TCM\TCM COMBO SET\MouseDrv.exe" [2005-04-28 286720] "WireLessKeyboard "="c:\program files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe" [2005-06-22 614400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984] c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-03-06 16:58 1060376 ----a-w- c:\program files\Labtec\WebCam10\WebCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-26 16:57 1238352 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] 2007-03-29 09:05 90112 ----a-w- c:\program files\MAGIX\Filme_auf_DVD_7_e-version\Trayserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] S2 ekoiggrbdfpcqs;ekoiggrbdfpcqs;c:\windows\system32\qpearmhc.exe [2009-02-06 82000] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . Inhalt des "geplante Tasks" Ordners 2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:00] 2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:00] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://de.ask.com?o=15788&l=dis mStart Page = hxxp://www.bigseekpro.com/splitcam/{505EFB34-3E55-4C60-B208-799DFA6CF77E} uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4kkld0ew.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4kkld0ew.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - SafeBoot-klmdb.sys MSConfigStartUp-V71IQL7HI7 - c:\windows\Ccocua.exe AddRemove-QcDrv - c:\program files\Common Files\Labtec\QCDRV\BIN\SETUP.EXE . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OOPM02.00.00.01PRO"="1681337FF550574654A45B4615772ED09F326B66C88FEF72EF5416C6DB4195E89789948EE220E8CD5EB30E6211B5599900A85CAC58A6213676DB1177D45BBAA00E92D358163FA09FD12B936AA713E67E3E7779DAF4C71E65529BBFFDF9EB85BBDF0A4900443294173A0B8A1CC072CAC2294DCFE55DD555CDB7933EA8FDFB84AEC564B84D35BE1176F6D50BD5D9FBAD13E561E068E57B6D23AFCA996BA8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794A9C6AECB7A5D1407A8613C4F54D8599810F003CD5D445683ED34F729244C85F8533B281488D918463F5824C43A7C8BE1FE8752F8183E42201C1ED453AB3CB1B1DAD67BFDAF191BF3441F41292031D2914E40E5CFE92D217302520B501B5C2802BA7D6A582B625F34F9169598D2312070C079C8D170D7BB3C00C7CE27FEA0AAC017E4F3CE1C76C413634F0604A3AA0A5E5A4268D24D7A824F3EAD37AF69702253D7F7F75EA68B49AB48135CAE66404B4E64DF18FDA64408922565BF1972289B38A6D5B8DB704914B0B55CC6AE74073FC46BC98ECF24D50282E3854664341944FE7350E1EC274D6D66FADB54F22A89EADB42ADE41776484D2DECD590684D85F2CBF1ED7D8C78284226ACF3FBB8E746F1C3FC6C9AF94DA567B4F5D3C4CD60A51E5697E87D891ADF235DA2BC1894912D9FBCF41911F0DE6EF3D3F8B1EE121426E06B2031B486C2ECC40E7982E4EE11A7619F47FB10C96414B9D2B3D5FD081327FCEC8BE7DCF9AD3D014C11438202538CC8D3D51440239C7D2393A958C5558B3D55CC1D64922F1A30D3C18E33F8DFC72C0C58448FB17447863F869F88FC73316EF193DA315445CC9B5EAC583A30E964478441FBD356042C7E4235A0E5BEB0BA397EDE110C08AD8D48655D1B73F459A09431B32B7904EF14A701B879A68B2D618B4BDDCE67F5B127F35339482E7AB979BD33E8C2CD7529CB3AF6C2BF34476065CACBD4E46BCA69E9CEB23992EDD4EAEFE0503077CFC7F2A5DEC494C42DB694084D181DEDF095C4A9FD366BF2EAFD9F880F72EBC2B4016877372B072661886490616D224307CC863C9BB170A590D2604C502892616584749B55128441D749C5C94629E4047047C500B39E7EA97E950BC61D242DD4FC9CD8ED3F040DB749EEFB02AF50F793A3416CD2C619DDC3866BCB0AE3B95BE24DF8A9D171303270A24FA00D450C8699CA5C3919CBE3EB7DB3DCA7298764CF93DB2BD0ACD9E99D950826A2402326C900C49C40B9A9621BA0BDD7F7BE5CC24FB35F2B89E6DCA60914CB9143755A10927724E9E7A13E9CEE3F962FE6E4AD15B3D5C45166EE5003C39E7917988D6DDC47712F116ABE5B4101ABE09574BEB9C26DCE2C5C4A367FBC32ABCD9D" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2010-06-06 21:06:59 ComboFix-quarantined-files.txt 2010-06-06 19:06 Vor Suchlauf: 3.083.243.520 Bytes frei Nach Suchlauf: 3.274.096.640 Bytes frei - - End Of File - - B89D4E000815EFCF28EA653A606E7E43 |
|
|
|
|
|
|
06.06.2010, 21:29
...neu hier
Themenstarter Beiträge: 4 |
#6
Also das mit Gmer hat jetzt doch geklappt... Hier das Log:
GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-06 21:27:55 Windows 6.1.7600 Running: hje2eisp.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kglcapod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8834CBD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8834E52C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8834E782] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8834E9FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8834D450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8834DB32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8834DF3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8834D5F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8834DE14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8834C7D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8834DCD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8834C992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8834E06E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8834FCB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8834D0EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8834D1EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8834DD72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8834F6A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x88350672] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8834D752] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8834F734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8834FD64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8834DFDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8834D4D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8834DEAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8834CDD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8834FCDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8834E110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8834CCFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8834EC3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8835007C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8834F9CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8834E49A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8834E360] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8834F442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x88350554] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8834D86C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8834D30C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8834ECF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8834F82E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x883501BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x883502A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x883503C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8834F5CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8834CF4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8834CEA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8834FF32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8834D02E] INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830383F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020FB4 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830386F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830391A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C538E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C733D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1397 82C7A664 4 Bytes [D0, CB, 34, 88] {ROR BL, 0x1; XOR AL, 0x88} .text ntoskrnl.exe!KeRemoveQueueEx + 13BF 82C7A68C 8 Bytes [2C, E5, 34, 88, 82, E7, 34, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 1403 82C7A6D0 4 Bytes JMP C7F52F09 .text ntoskrnl.exe!KeRemoveQueueEx + 142F 82C7A6FC 4 Bytes CALL B79BF783 .text ntoskrnl.exe!KeRemoveQueueEx + 1453 82C7A720 4 Bytes [32, DB, 34, 88] {XOR BL, BL; XOR AL, 0x88} .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F802000, 0x267978, 0xE8000020] .text peauth.sys 93D53C9D 28 Bytes [C4, 68, 92, 2D, 51, A0, E5, ...] .text peauth.sys 93D53CC1 28 Bytes [C4, 68, 92, 2D, 51, A0, E5, ...] ? C:\Users\Paul\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\Users\Paul\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74AC2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74AA5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74AA56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74AC250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74AB8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74AB4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74AB50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74AB51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74AB66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74AB82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74AB8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74AB907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74ABE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5748] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74AB4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM02.00.00.01PRO 1681337FF550574654A45B4615772ED09F326B66C88FEF72EF5416C6DB4195E89789948EE220E8CD5EB30E6211B5599900A85CAC58A6213676DB1177D45BBAA00E92D358163FA09FD12B936AA713E67E3E7779DAF4C71E65529BBFFDF9EB85BBDF0A4900443294173A0B8A1CC072CAC2294DCFE55DD555CDB7933EA8FDFB84AEC564B84D35BE1176F6D50BD5D9FBAD13E561E068E57B6D23AFCA996BA8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794A9C6AECB7A5D1407A8613C4F54D8599810F003CD5D445683ED34F729244C85F8533B281488D918463F5824C43A7C8BE1FE8752F8183E42201C1ED453AB3CB1B1DAD67BFDAF191BF3441F41292031D2914E40E5CFE92D217302520B501B5C2802BA7D6A582B625F34F9169598D2312070C079C8D170D7BB3C00C7CE27FEA0AAC017E4F3CE1C76C413634F0604A3AA0A5E5A4268D24D7A824F3EAD37AF69702253D7F7F75EA68B49AB48135CAE66404B4E64DF18FDA64408922565BF1972289B38A6D5B8DB704914B0B55CC6AE74073FC46BC98ECF24D50282E3854664341944FE7350E1EC274D6D66FADB54F22A89EADB42ADE41776484D2DECD590684D85F2CBF1ED7D8C78284226ACF3FBB8E746F1C3FC6C9AF94DA567B4F5D3C ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
|
|
07.06.2010, 16:04
Member
Beiträge: 3716 |
#7
deinstaliere spybot, starte neu, update malwarebytes, komplett scan, neues log posten + berichten wie der pc läuft.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Wie oben beschrieben habe ich zuerst die Suche benutzt. Leider nichts passendes zu meinen gefundenen Schädlingen entdeckt! Undzwar werde ich seit gestern mit Werbung vom Internet Explorer bombadiert! Kaspersky meldete mir: rootkit.win32.tdss.d... Kaspersky konnte ihn nach 2 Versuchen nicht erfolgreich löschen... also hab ich mich ein bisschen im Internet umgesehen und fand auf der Kaspersky Seite ein Remover... nach dem ausführen meldete Ineternet Security nichts mehr... Werbung war trotzdem weiterhin da... also mal Sypbot Search and Destroy drüber laufen lassen.. hat einiges gefunden und entfernt. Trotzalledem, Werbung kommt immernoch. In den Prozessen fällt mir ein komischer Prozess namens Ccocua.exe auf... also mal entfernt bis jetzt kommt keine Werbung mehr... Aber meine CPU-Auslastung macht mich stutzig dass da noch mehr ist... läuft auf 40 % Auslastung ohne dass ich was mach.
Vielleicht könnt ihr mir weiter helfen. Habe übrigens Win 7 auf neusten Updates...
Also hier einmal mein Hijackthis File:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:41, on 04.06.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\MPK\MPK.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exe
C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\MPK\MPKView.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15788&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{505EFB34-3E55-4C60-B208-799DFA6CF77E}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\MPK\MPK.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Filme_auf_DVD_7_e-version\TrayServer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [V71IQL7HI7] C:\Windows\Ccocua.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ekoiggrbdfpcqs - Helper - c:\windows\system32\qpearmhc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 9901 bytes