Help: Is my computer ok again???
- Thread starter katkat76
- Start date
- Status
ComboFix 11-11-26.04 - Katrin 26.11.2011 21:39:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.548 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Katrin\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD218-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD218-FFA4-00EB-0D24-347CA8A3377C}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Katrin\Recent\Thumbs.db
c:\windows\IsUn0407.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-26 bis 2011-11-26 ))))))))))))))))))))))))))))))
.
.
2011-11-26 12:56 . 2011-11-26 12:56 -------- d-----w- c:\dokumente und einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Sun
2011-11-25 23:26 . 2011-11-25 23:25 611224 ----a-w- c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-25 23:26 . 2011-11-25 23:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-25 23:05 . 2011-11-25 23:06 -------- d-----w- c:\programme\Tracker Software
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-11-24 13:21 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 22:38 . 2011-11-23 22:38 -------- d-----w- C:\_OTL
2011-11-23 22:36 . 2011-11-23 22:36 -------- d-----w- c:\programme\ERUNT
2011-11-23 10:14 . 2011-11-23 10:14 -------- d-----w- c:\windows\system32\5048
2011-11-22 15:20 . 2011-11-22 15:20 -------- d-----w- c:\windows\system32\5047
2011-11-21 13:46 . 2011-11-21 13:46 -------- d-----w- c:\windows\system32\5045
2011-11-20 20:05 . 2011-11-20 20:05 -------- d-----w- c:\windows\system32\5044
2011-11-19 10:15 . 2011-11-19 10:15 -------- d-----w- c:\windows\system32\5043
2011-11-17 09:47 . 2011-11-17 09:47 -------- d-----w- c:\windows\system32\5042
2011-11-16 19:56 . 2011-11-16 19:56 -------- d-----w- c:\windows\system32\5041
2011-11-07 08:35 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-07 08:35 . 2011-11-07 08:35 -------- d-----w- c:\programme\Spybot - Search & Destroy 2
2011-11-07 08:25 . 2011-11-07 08:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 11:23 . 2011-10-30 11:23 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 23:25 . 2007-06-29 11:09 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-10 14:22 . 2006-09-13 15:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-09-13 18:14 604160 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-09-13 18:14 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-09-13 18:14 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2006-09-13 18:14 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:55 . 2006-09-13 18:14 672768 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:55 . 2006-09-13 18:14 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2006-09-13 18:14 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:54 . 2006-09-13 18:14 371200 ----a-w- c:\windows\system32\html.iec
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2011-08-12 06:13 . 2011-08-17 19:08 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-05-04 252136]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\programme\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Katrin\Startmenü\Programme\Autostart\
OpenOffice.org 2.2.lnk - c:\programme\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.02.2006 15:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.02.2006 16:01 29056]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\programme\Spybot - Search & Destroy 2\SDHookDrv32.sys [07.11.2011 09:35 38504]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\programme\Spybot - Search & Destroy 2\SDHookSvc.exe [07.11.2011 09:35 130976]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.12.2009 20:07 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.12.2009 20:07 135664]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [07.11.2011 09:35 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [07.11.2011 09:35 955816]
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-07 14:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 19:06]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 19:06]
.
2011-11-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-07 14:46]
.
2011-11-26 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2011-11-07 14:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://umlu.de/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://de.yahoo.com/fsc/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.umlu.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 21:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'lsass.exe'(748)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
Zeit der Fertigstellung: 2011-11-26 21:49:14
ComboFix-quarantined-files.txt 2011-11-26 20:48
.
Vor Suchlauf: 19 Verzeichnis(se), 36.903.071.744 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 37.015.511.040 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8856073A80DEB37AC6A8C6E36F9A208F
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.548 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Katrin\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD218-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD218-FFA4-00EB-0D24-347CA8A3377C}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Katrin\Recent\Thumbs.db
c:\windows\IsUn0407.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-26 bis 2011-11-26 ))))))))))))))))))))))))))))))
.
.
2011-11-26 12:56 . 2011-11-26 12:56 -------- d-----w- c:\dokumente und einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Sun
2011-11-25 23:26 . 2011-11-25 23:25 611224 ----a-w- c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-25 23:26 . 2011-11-25 23:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-25 23:05 . 2011-11-25 23:06 -------- d-----w- c:\programme\Tracker Software
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-11-24 13:21 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 22:38 . 2011-11-23 22:38 -------- d-----w- C:\_OTL
2011-11-23 22:36 . 2011-11-23 22:36 -------- d-----w- c:\programme\ERUNT
2011-11-23 10:14 . 2011-11-23 10:14 -------- d-----w- c:\windows\system32\5048
2011-11-22 15:20 . 2011-11-22 15:20 -------- d-----w- c:\windows\system32\5047
2011-11-21 13:46 . 2011-11-21 13:46 -------- d-----w- c:\windows\system32\5045
2011-11-20 20:05 . 2011-11-20 20:05 -------- d-----w- c:\windows\system32\5044
2011-11-19 10:15 . 2011-11-19 10:15 -------- d-----w- c:\windows\system32\5043
2011-11-17 09:47 . 2011-11-17 09:47 -------- d-----w- c:\windows\system32\5042
2011-11-16 19:56 . 2011-11-16 19:56 -------- d-----w- c:\windows\system32\5041
2011-11-07 08:35 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-07 08:35 . 2011-11-07 08:35 -------- d-----w- c:\programme\Spybot - Search & Destroy 2
2011-11-07 08:25 . 2011-11-07 08:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 11:23 . 2011-10-30 11:23 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 23:25 . 2007-06-29 11:09 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-10 14:22 . 2006-09-13 15:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-09-13 18:14 604160 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-09-13 18:14 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-09-13 18:14 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2006-09-13 18:14 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:55 . 2006-09-13 18:14 672768 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:55 . 2006-09-13 18:14 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2006-09-13 18:14 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:54 . 2006-09-13 18:14 371200 ----a-w- c:\windows\system32\html.iec
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2011-08-12 06:13 . 2011-08-17 19:08 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-05-04 252136]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\programme\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Katrin\Startmenü\Programme\Autostart\
OpenOffice.org 2.2.lnk - c:\programme\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.02.2006 15:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.02.2006 16:01 29056]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\programme\Spybot - Search & Destroy 2\SDHookDrv32.sys [07.11.2011 09:35 38504]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\programme\Spybot - Search & Destroy 2\SDHookSvc.exe [07.11.2011 09:35 130976]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.12.2009 20:07 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.12.2009 20:07 135664]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [07.11.2011 09:35 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [07.11.2011 09:35 955816]
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-07 14:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 19:06]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 19:06]
.
2011-11-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-07 14:46]
.
2011-11-26 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2011-11-07 14:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://umlu.de/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://de.yahoo.com/fsc/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.umlu.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 21:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'lsass.exe'(748)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
Zeit der Fertigstellung: 2011-11-26 21:49:14
ComboFix-quarantined-files.txt 2011-11-26 20:48
.
Vor Suchlauf: 19 Verzeichnis(se), 36.903.071.744 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 37.015.511.040 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8856073A80DEB37AC6A8C6E36F9A208F
jeffce
Emeritus
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN 
SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!!
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
------------
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)
----------
Clean up with OTL:
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
------------
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)
----------
Clean up with OTL:
- Right-click and Run as Administrator OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Open Internet Explorer
- Click on Tools > Internet Options
- Press Security tab
- Select Internet zone then place check next to Enable Protected Mode if not already done
- Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
- Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Hi Jeff,
THANK YOU SO MUCH for your help!!! I know that you can´t promise that everything is really gone, but we just hope and of course I change my passwords again.
One more thing: I actually never use Internet Explorer, only firefox.
DO you have some tips to make firefox more secure?
AND: CAn I actually delete IE completely as I don´t use it anyways?
Thanks again for you help and in case you ever come to Berlin, I invite you for dinner ;-)!
Katrin
THANK YOU SO MUCH for your help!!! I know that you can´t promise that everything is really gone, but we just hope and of course I change my passwords again.
One more thing: I actually never use Internet Explorer, only firefox.
DO you have some tips to make firefox more secure?
AND: CAn I actually delete IE completely as I don´t use it anyways?
Thanks again for you help and in case you ever come to Berlin, I invite you for dinner ;-)!
Katrin
jeffce
Emeritus
Hi,
You are more than welcome!!
Be sure to keep your Internet Explorer up to date though because that is the browser that Windows uses to perform all of its updates. (BTW...no you can't delete IE). As for Firefox I would download and install these two add-ons to make it more secure >> Ad Block Plus and No Script
Thank you LOL!! If you are making anything with kroketten u. a good pils I am there.
- Status