|
Log-Analyse und Auswertung: AKM Virus hat auch mich erwischtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.05.2012, 20:15 | #1 |
| AKM Virus hat auch mich erwischt Hello gestern hat es unser Kinderkonto erwischt, obwohl nur Standardbenutzer eingestellt war Mein Vorteil allerdings ist , das das Admin-Konto noch einwandfrei funktioniert Win7 Home Premium , 64 Bit wäre es einfach möglich das Konto zu entfernen und ein neues Kinderkonto anzulegen ersuche um Rat mfg Michael Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.06.05 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jutta :: JUTTA-PC [Administrator] Schutz: Aktiviert 06.05.2012 23:03:13 mbam-log-2012-05-06 (23-03-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 384464 Laufzeit: 56 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\SERVICES\KeDetective131 (Trojan.Keservice) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jutta\Desktop\Skype und TS3\SoftonicDownloader_fuer_microsoft-net-framework.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jutta\Downloads\PDFConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kinder\Desktop\SoftonicDownloader_fuer_doodle-jump.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 07.05.2012 00:35:01 - Run 2 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Jutta\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,34% Memory free 7,73 Gb Paging File | 6,00 Gb Available in Paging File | 77,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,66 Gb Total Space | 367,60 Gb Free Space | 81,57% Space Free | Partition Type: NTFS Computer Name: JUTTA-PC | User Name: Jutta | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.06 21:38:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jutta\Desktop\OTL.exe PRC - [2012.05.06 13:37:19 | 000,271,360 | ---- | M] () -- C:\Users\Kinder\AppData\Roaming\DNS_Servicex86.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.02.02 03:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jutta\AppData\Local\Akamai\netsession_win.exe PRC - [2010.11.19 12:19:48 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.11.19 12:19:32 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.05.20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2010.01.04 13:05:26 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe PRC - [2006.11.02 14:34:32 | 001,196,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2005.08.31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE ========== Modules (No Company Name) ========== MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.01.21 00:23:20 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.01.21 00:23:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.19 12:11:34 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.10.18 12:26:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6728ef6a4c4b41eec6af6f48a7109457\System.Runtime.Remoting.ni.dll MOD - [2010.10.18 12:26:11 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\acf8a89816a4d13586a71a1f446e9d09\IAStorUtil.ni.dll MOD - [2010.10.18 12:26:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\46a97b15da5b620fbb606cb05b6573a3\System.Windows.Forms.ni.dll MOD - [2010.10.18 12:26:03 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.10.18 12:25:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.10.18 12:25:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f2060a0cf20f2536277761f4e517e906\System.Configuration.ni.dll MOD - [2010.10.18 12:25:44 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cd18fe55c106a2776b08ce297afe7f46\WindowsBase.ni.dll MOD - [2010.10.18 12:25:41 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.10.18 12:25:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.03.15 21:49:26 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2010.08.25 16:41:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.04.15 08:09:26 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.28 10:33:42 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.03.28 20:25:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.03.15 21:49:26 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV - [2011.03.15 21:49:26 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw) SRV - [2010.11.19 12:19:48 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.11.08 18:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.08.31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) [Auto | Running] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -- (SABSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.12 12:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2011.07.12 12:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2011.07.12 12:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2011.03.15 21:49:30 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp) DRV:64bit: - [2011.03.15 21:49:30 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf) DRV:64bit: - [2011.03.15 21:49:30 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.08.25 18:50:48 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.25 16:05:44 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.04.20 10:56:24 | 000,112,384 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.20 16:02:54 | 000,032,256 | R--- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys -- (SABKUTIL) DRV - [2005.09.21 11:17:26 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS -- (SABDIFSV) DRV - [2005.03.21 11:00:24 | 000,004,096 | R--- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum) DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\..\SearchScopes,DefaultScope = {9C678E69-C8BC-4CB8-88A8-64D0D6C01343} IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\..\SearchScopes\{4A171982-2165-4D65-A53E-012A209C133E}: "URL" = hxxp://www.google.at/search?q={searchTerms} IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\..\SearchScopes\{9C678E69-C8BC-4CB8-88A8-64D0D6C01343}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1521081041-758286099-483721656-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1521081041-758286099-483721656-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-1521081041-758286099-483721656-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-1521081041-758286099-483721656-1010\..\SearchScopes,DefaultScope = {10D505FB-35FD-4F5F-BEE5-01496A042011} IE - HKU\S-1-5-21-1521081041-758286099-483721656-1010\..\SearchScopes\{10D505FB-35FD-4F5F-BEE5-01496A042011}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} IE - HKU\S-1-5-21-1521081041-758286099-483721656-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Softonic)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at" FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jutta\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jutta\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2011.09.20 16:21:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.26 00:41:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.17 18:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\mozilla\Extensions [2012.05.05 09:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\mozilla\Firefox\Profiles\k5rrdbvy.default\extensions [2012.03.25 18:05:11 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Jutta\AppData\Roaming\mozilla\Firefox\Profiles\k5rrdbvy.default\extensions\ffxtlbr@babylon.com [2012.03.14 21:58:42 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Jutta\AppData\Roaming\mozilla\Firefox\Profiles\k5rrdbvy.default\extensions\ffxtlbra@softonic.com [2012.04.22 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\mozilla\Firefox\Profiles\k5rrdbvy.default\extensions\staged [2012.03.10 22:44:26 | 000,002,060 | ---- | M] () -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\k5rrdbvy.default\searchplugins\softonic.xml [2011.12.15 07:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.15 07:51:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.03.19 20:20:00 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\JUTTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K5RRDBVY.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012.01.19 15:06:30 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JUTTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K5RRDBVY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI File not found (No name found) -- C:\USERS\JUTTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K5RRDBVY.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.01.10 19:28:09 | 000,012,014 | ---- | M] () (No name found) -- C:\USERS\JUTTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K5RRDBVY.DEFAULT\EXTENSIONS\IMAGES@WINK.SU.XPI [2012.02.26 00:41:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.17 01:09:16 | 000,001,678 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.21 00:37:17 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.10.17 01:09:16 | 000,001,929 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.17 01:09:16 | 000,001,265 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.17 01:09:16 | 000,001,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.10.17 01:09:16 | 000,007,045 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.17 01:09:16 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.17 01:09:16 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Softonic) (Enabled) CHR - default_search_provider: search_url = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=49&cc= CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jutta\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jutta\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jutta\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Users\Jutta\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (SuperAdBlockerBHO Class) - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (SuperAdBlocker.com) O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{B4B3001E-0F56-4E51-8250-BDE11547EC55} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{B4B3001E-0F56-4E51-8250-BDE11547EC55} - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1521081041-758286099-483721656-1001\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found. O3 - HKU\S-1-5-21-1521081041-758286099-483721656-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Gast1\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1521081041-758286099-483721656-1001..\Run: [Akamai NetSession Interface] C:\Users\Jutta\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-1521081041-758286099-483721656-1001..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-21-1521081041-758286099-483721656-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1521081041-758286099-483721656-1010..\Run: [c9798u3A8Yxm3bS] C:\Users\Kinder\AppData\Roaming\DNS_Servicex86.exe () O4 - HKU\S-1-5-21-1521081041-758286099-483721656-1010..\Run: [Clownfish] File not found O4 - HKU\S-1-5-21-1521081041-758286099-483721656-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found F3:64bit: - HKU\S-1-5-21-1521081041-758286099-483721656-1010 WinNT: Load - (C:\Users\Kinder\LOCALS~1\Temp\msnfcv.cmd) - File not found F3 - HKU\S-1-5-21-1521081041-758286099-483721656-1010 WinNT: Load - (C:\Users\Kinder\LOCALS~1\Temp\msnfcv.cmd) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\S-1-5-21-1521081041-758286099-483721656-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1521081041-758286099-483721656-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1521081041-758286099-483721656-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-1521081041-758286099-483721656-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1521081041-758286099-483721656-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1521081041-758286099-483721656-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD17DBB-C9AE-4AFE-B42B-35A2102C5360}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmtb - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-1521081041-758286099-483721656-1010 Winlogon: Shell - (C:\Users\Kinder\AppData\Roaming\DNS_Servicex86.exe) - C:\Users\Kinder\AppData\Roaming\DNS_Servicex86.exe () O20 - HKU\S-1-5-21-1521081041-758286099-483721656-1010 Winlogon: UserInit - (C:\Users\Kinder\AppData\Roaming\DNS_Servicex86.exe) - C:\Users\Kinder\AppData\Roaming\DNS_Servicex86.exe () O20 - HKU\S-1-5-21-1521081041-758286099-483721656-1010 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SABWinLogon: DllName - (C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL (SuperAdBlocker.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2ea61798-a310-11e0-97b4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2ea61798-a310-11e0-97b4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2ea617ce-a310-11e0-97b4-1c7508bc707d}\Shell - "" = AutoRun O33 - MountPoints2\{2ea617ce-a310-11e0-97b4-1c7508bc707d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a4fb44ad-cec0-11e0-9a3f-1c7508bc707d}\Shell - "" = AutoRun O33 - MountPoints2\{a4fb44ad-cec0-11e0-9a3f-1c7508bc707d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.06 23:01:05 | 000,000,000 | ---D | C] -- C:\Users\Jutta\AppData\Roaming\Malwarebytes [2012.05.06 23:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.06 23:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.06 23:00:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.06 23:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.06 21:41:18 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jutta\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.06 21:38:19 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Jutta\Desktop\OTL.exe [2012.05.06 19:59:23 | 000,000,000 | ---D | C] -- C:\Users\Jutta\Desktop\Hüte [2012.05.04 17:39:00 | 000,000,000 | ---D | C] -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.04 17:32:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.03 20:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion [2012.04.15 08:09:26 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.04.10 20:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.10 20:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.04.10 20:00:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.04.10 01:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2012.04.10 01:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.04.09 19:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode [2012.04.09 19:09:39 | 000,000,000 | ---D | C] -- C:\Windows\XSxS [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.07 00:37:49 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2012.05.07 00:37:37 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2012.05.07 00:30:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.07 00:29:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1010UA.job [2012.05.07 00:28:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1010Core.job [2012.05.07 00:27:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.07 00:27:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.07 00:20:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.07 00:20:02 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2012.05.06 23:50:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1001UA.job [2012.05.06 23:00:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.06 21:41:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jutta\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.06 21:38:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jutta\Desktop\OTL.exe [2012.05.06 20:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1001Core.job [2012.05.06 20:35:23 | 000,000,680 | RHS- | M] () -- C:\Users\Jutta\ntuser.pol [2012.05.06 18:04:52 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.06 18:04:52 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.06 18:04:52 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.06 18:04:52 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.06 18:04:52 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.04 17:39:03 | 000,002,316 | ---- | M] () -- C:\Users\Jutta\Desktop\Google Chrome.lnk [2012.04.19 09:05:09 | 000,068,544 | ---- | M] () -- C:\Users\Jutta\Desktop\Gratis-GS-SPAR.pdf [2012.04.15 08:09:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.04.15 08:09:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.04.13 00:24:57 | 000,000,917 | ---- | M] () -- C:\user.js [2012.04.09 14:15:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.06 23:00:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.04 17:39:03 | 000,002,316 | ---- | C] () -- C:\Users\Jutta\Desktop\Google Chrome.lnk [2012.04.19 09:05:18 | 000,068,544 | ---- | C] () -- C:\Users\Jutta\Desktop\Gratis-GS-SPAR.pdf [2012.04.15 08:09:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.13 00:22:24 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1010UA.job [2012.04.13 00:22:23 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1010Core.job [2012.04.10 01:08:24 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.04.10 01:08:24 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.04.10 01:08:24 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.04.09 14:15:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012.01.21 00:37:37 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.09.10 23:47:39 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe [2011.09.10 00:38:29 | 000,009,728 | ---- | C] () -- C:\Users\Jutta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.13 15:06:24 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.13 15:06:24 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini [2011.06.13 15:06:20 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI [2011.03.15 22:09:49 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.15 21:09:02 | 000,000,092 | ---- | C] () -- C:\Users\Jutta\AppData\Roaming\AbsoluteReminder.xml [2011.01.20 15:36:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.20 15:33:06 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.10.18 13:04:20 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.10.18 12:07:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.10.18 12:06:40 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe < End of report > die Scans sind natürlich vom Admin-Konto aus gemacht
__________________ www.taxi-forum.at |
07.05.2012, 07:41 | #2 |
/// Malwareteam | AKM Virus hat auch mich erwischtMein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Es wäre zwar möglich, das Konto einfach neu zu erstellen - dass damit der Schädling restlos entfernt wird, ist aber mehr als unwahrscheinlich. Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ |
07.05.2012, 12:36 | #3 |
| AKM Virus hat auch mich erwischt Zuerst mal DANKE für die schnelle Hilfe
__________________heute funktionierte auch das zweite Konto nicht mehr also machte ich mir die OTLPENet.exe CD, die wollte aber nicht so wirklich starten, aber ich kam in den WIN Reparaturmodus, den ließ ich mal durchlaufen, und siehe da, beide Konten funktionieren im Moment wieder . TDSSKiller.exe läßt sich nicht öffnen, sagt : ist keine zulässige WIN32-Anwendung Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-07 13:09:48 ----------------------------- 13:09:48.466 OS Version: Windows x64 6.1.7600 13:09:48.466 Number of processors: 4 586 0x2505 13:09:48.466 ComputerName: JUTTA-PC UserName: Jutta 13:09:49.605 Initialize success 13:14:37.761 AVAST engine defs: 12050700 13:18:22.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:18:22.151 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3 13:18:22.167 Disk 0 MBR read successfully 13:18:22.167 Disk 0 MBR scan 13:18:22.183 Disk 0 Windows 7 default MBR code 13:18:22.183 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048 13:18:22.198 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328 13:18:22.214 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461478 MB offset 31664128 13:18:22.229 Disk 0 scanning C:\Windows\system32\drivers 13:18:35.477 Service scanning 13:19:12.342 Modules scanning 13:19:12.357 Disk 0 trace - called modules: 13:19:12.389 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 13:19:12.389 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80070ec060] 13:19:12.404 3 CLASSPNP.SYS[fffff88001b1543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005113050] 13:19:13.715 AVAST engine scan C:\Windows 13:19:17.490 AVAST engine scan C:\Windows\system32 13:23:29.968 AVAST engine scan C:\Windows\system32\drivers 13:23:46.535 AVAST engine scan C:\Users\Jutta 13:30:17.692 Disk 0 MBR has been saved successfully to "C:\Users\Jutta\Desktop\MBR.dat" 13:30:17.708 The log file has been saved successfully to "C:\Users\Jutta\Desktop\aswMBR.txt"
__________________ |
07.05.2012, 14:39 | #4 | |
/// Malwareteam | AKM Virus hat auch mich erwischt Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
07.05.2012, 15:16 | #5 |
| AKM Virus hat auch mich erwischtCode:
ATTFilter ComboFix 12-05-07.02 - Jutta 07.05.2012 15:59:15.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3959.2629 [GMT 2:00] ausgeführt von:: c:\users\Jutta\Desktop\ComboFix.exe AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0407.exe c:\windows\XSxS . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-07 bis 2012-05-07 )))))))))))))))))))))))))))))) . . 2012-05-07 14:04 . 2012-05-07 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-07 14:04 . 2012-05-07 14:04 -------- d-----w- c:\users\Kinder\AppData\Local\temp 2012-05-07 13:13 . 2012-05-07 13:19 -------- d-----w- c:\program files\Trend Micro 2012-05-07 13:11 . 2012-05-07 13:11 42000 ----a-w- c:\windows\system32\drivers\tmpreflt.sys 2012-05-07 13:11 . 2012-05-07 13:11 339984 ----a-w- c:\windows\system32\drivers\tmwfp.sys 2012-05-07 13:11 . 2012-05-07 13:11 258064 ----a-w- c:\windows\system32\drivers\tmxpflt.sys 2012-05-07 13:11 . 2012-05-07 13:11 200720 ----a-w- c:\windows\system32\drivers\tmlwf.sys 2012-05-07 13:11 . 2012-05-07 13:11 1883152 ----a-w- c:\windows\system32\drivers\vsapint.sys 2012-05-07 13:11 . 2012-05-07 13:11 107536 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-05-06 21:01 . 2012-05-06 21:01 -------- d-----w- c:\users\Jutta\AppData\Roaming\Malwarebytes 2012-05-06 21:00 . 2012-05-06 21:00 -------- d-----w- c:\programdata\Malwarebytes 2012-05-06 21:00 . 2012-05-07 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-03 18:08 . 2012-05-07 13:41 -------- d-----w- c:\users\Kinder\AppData\Roaming\BrowserCompanion 2012-05-03 18:08 . 2012-05-03 18:08 -------- d-----w- c:\program files (x86)\BrowserCompanion 2012-05-03 17:33 . 2012-05-03 18:03 -------- d-----w- c:\users\Kinder\AppData\Roaming\redsn0w 2012-04-15 06:09 . 2012-04-15 06:09 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-12 22:22 . 2012-04-12 22:23 -------- d-----w- c:\users\Kinder\AppData\Local\Google 2012-04-12 22:22 . 2012-04-12 22:22 -------- d-----w- c:\users\Kinder\AppData\Local\Deployment 2012-04-12 22:22 . 2012-04-12 22:22 -------- d-----w- c:\users\Kinder\AppData\Local\Apps 2012-04-12 21:48 . 2012-04-13 13:43 -------- d-----w- c:\users\Kinder\AppData\Local\Adobe 2012-04-12 21:48 . 2012-04-12 21:48 -------- d-----w- c:\users\Kinder\AppData\Roaming\gizza 2012-04-12 21:44 . 2012-04-12 21:44 -------- d-----w- c:\users\Kinder\AppData\Local\ElevatedDiagnostics 2012-04-10 18:00 . 2012-04-10 18:00 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-10 18:00 . 2012-04-10 18:00 -------- d-----r- c:\program files (x86)\Skype 2012-04-09 23:07 . 2012-05-07 13:46 -------- d-----w- c:\program files (x86)\JDownloader 2012-04-09 23:05 . 2012-04-09 23:05 -------- d-----w- c:\users\Kinder\AppData\Roaming\DAEMON Tools Lite 2012-04-09 23:05 . 2012-04-09 23:05 -------- d-----w- c:\programdata\DAEMON Tools Lite 2012-04-09 17:10 . 2012-04-09 17:10 -------- d-----w- c:\program files (x86)\Xenocode 2012-04-09 17:09 . 2012-04-09 17:09 -------- d-----w- c:\users\Kinder\AppData\Local\XboxMB 2012-04-09 17:09 . 2012-04-09 17:09 -------- d-----w- c:\users\Kinder\AppData\Local\Xenocode 2012-04-09 16:57 . 2012-04-09 16:57 -------- d-----w- c:\users\Kinder\AppData\Local\Apple . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-15 06:09 . 2011-10-07 19:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-24 00:14 . 2011-09-10 21:47 21520 ----a-w- c:\windows\DCEBoot64.exe 2012-03-20 06:24 . 2012-03-05 07:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-03-20 06:24 . 2011-11-24 06:59 824144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-03-11 19:06 . 2011-11-24 06:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-03-05 07:00 . 2011-12-14 16:55 824144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}] 2012-03-21 13:07 225584 ----a-w- c:\program files (x86)\BrowserCompanion\jsloader.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2006-11-02 1196032] "Akamai NetSession Interface"="c:\users\Jutta\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-11-19 265984] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976] . c:\users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ tcbhn.lnk - c:\users\Jutta\AppData\Roaming\BrowserCompanion\tcbhn.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-10-18 704032] Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-07 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon] 2007-08-01 07:28 176128 ----a-w- c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 SABDIFSV;SABDIFSV;c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 5632] R1 SABKUTIL;SABKUTIL;c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 32256] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SearchAnonymizer;SearchAnonymizer;c:\users\Gast1\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088] R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x] R3 KeDetective131;KeDetective131;c:\windows\system32\Drivers\KeDetective131.sys [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-11-19 255744] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528] S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x] S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2012-05-07 595960] S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2012-05-07 917768] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners . 2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 06:09] . 2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1010Core.job - c:\users\Kinder\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 22:22] . 2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1521081041-758286099-483721656-1010UA.job - c:\users\Kinder\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 22:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.at/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll FF - ProfilePath - c:\users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\k5rrdbvy.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Softonic) FF - prefs.js: browser.startup.homepage - hxxp://www.google.at FF - prefs.js: keyword.URL - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.softonic_i.hmpg - true FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=13&cc= FF - user.js: extensions.softonic_i.dfltSrch - true FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.softonic_i.dnsErr - true FF - user.js: extensions.softonic_i.newTab - true FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=15&cc= FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.softonic_i.id - 286696ae00000000000018f46a8cf16a FF - user.js: extensions.softonic_i.instlDay - 15409 FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5 FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5 FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.521:44 FF - user.js: extensions.softonic_i.prtnrId - softonic FF - user.js: extensions.softonic_i.prdct - softonic FF - user.js: extensions.softonic_i.aflt - SD FF - user.js: extensions.softonic_i.smplGrp - eng7 FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault_chrome FF - user.js: extensions.softonic_i.instlRef - MON00016 FF - user.js: extensions.softonic_i.dfltLng - de FF - user.js: extensions.softonic_i.excTlbr - false FF - user.js: extensions.BabylonToolbar_i.id - 286696ae00000000000018f46a8cf16a FF - user.js: extensions.BabylonToolbar_i.hardId - 286696ae00000000000018f46a8cf16a FF - user.js: extensions.BabylonToolbar_i.instlDay - 15422 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:48 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babclient FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=10588 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - FF - user.js: extensions.BabylonToolbar_i.instlRef - std . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) Toolbar-!{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) Toolbar-!{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Ocs_SM - c:\users\Gast1\AppData\Roaming\OCS\SM\SearchAnonymizer.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-NoIPDUC - c:\users\Jutta\Desktop\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-05-07 16:11:09 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-05-07 14:11 . Vor Suchlauf: 10 Verzeichnis(se), 393.456.070.656 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 394.804.858.880 Bytes frei . - - End Of File - - 3B88DCC46AD4F8EFA7073246B793E905
__________________ www.taxi-forum.at |
08.05.2012, 06:29 | #6 |
/// Malwareteam | AKM Virus hat auch mich erwischt Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter REGISTRY:: [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}] FIREFOX:: FF - ProfilePath - c:\users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\k5rrdbvy.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Softonic) FF - prefs.js: browser.startup.homepage - hxxp://www.google.at FF - prefs.js: keyword.URL - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.softonic_i.hmpg - true FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=13&cc= FF - user.js: extensions.softonic_i.dfltSrch - true FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.softonic_i.dnsErr - true FF - user.js: extensions.softonic_i.newTab - true FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=15&cc= FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.softonic_i.id - 286696ae00000000000018f46a8cf16a FF - user.js: extensions.softonic_i.instlDay - 15409 FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5 FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5 FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.521:44 FF - user.js: extensions.softonic_i.prtnrId - softonic FF - user.js: extensions.softonic_i.prdct - softonic FF - user.js: extensions.softonic_i.aflt - SD FF - user.js: extensions.softonic_i.smplGrp - eng7 FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault_chrome FF - user.js: extensions.softonic_i.instlRef - MON00016 FF - user.js: extensions.softonic_i.dfltLng - de FF - user.js: extensions.softonic_i.excTlbr - false FF - user.js: extensions.BabylonToolbar_i.id - 286696ae00000000000018f46a8cf16a FF - user.js: extensions.BabylonToolbar_i.hardId - 286696ae00000000000018f46a8cf16a FF - user.js: extensions.BabylonToolbar_i.instlDay - 15422 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:48 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babclient FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=10588 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - FF - user.js: extensions.BabylonToolbar_i.instlRef - std FOLDER:: c:\program files (x86)\BrowserCompanion CLEARJAVACACHE:: Wichtig:
Schritt 2: MBAM vollständig
__________________ --> AKM Virus hat auch mich erwischt |
13.05.2012, 11:35 | #7 |
/// Malwareteam | AKM Virus hat auch mich erwischt Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
14.05.2012, 00:08 | #8 |
| AKM Virus hat auch mich erwischt Sorry, hatte diese Woche viel um die Ohren , aber jetzt gehts weiter ComboFix hat im Prinzip funktioniert, hat aber nach dem Neustart mit einer Fehlermeldung geantwortet Hier ein Screenshot : hxxp://up.picr.de/10479199cx.jpg
__________________ www.taxi-forum.at |
14.05.2012, 00:24 | #9 |
| AKM Virus hat auch mich erwischt Hier ist mal das erste Logfile
__________________ www.taxi-forum.at |
14.05.2012, 01:24 | #10 |
| AKM Virus hat auch mich erwischtCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.13.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jutta :: JUTTA-PC [Administrator] Schutz: Deaktiviert 14.05.2012 01:44:11 mbam-log-2012-05-14 (01-44-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 390519 Laufzeit: 35 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\SERVICES\KeDetective131 (Trojan.Keservice) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jutta\Desktop\Skype und TS3\SoftonicDownloader_fuer_microsoft-net-framework.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jutta\Downloads\PDFConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kinder\Desktop\SoftonicDownloader_fuer_doodle-jump.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.13.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jutta :: JUTTA-PC [Administrator] Schutz: Deaktiviert 14.05.2012 02:35:41 mbam-log-2012-05-14 (02-35-41).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 390646 Laufzeit: 40 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)
__________________ www.taxi-forum.at |
14.05.2012, 07:42 | #11 |
/// Malwareteam | AKM Virus hat auch mich erwischt Schritt 1: DDS Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
Schritt 2: ESET ESET Online Scanner
Macht der Rechner noch Probleme?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
14.05.2012, 19:54 | #12 |
| AKM Virus hat auch mich erwischt Also so funktioniert eigentlich alles normal, keine Probleme im Moment, hier sind die log Files [CODE].DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30 Run by Jutta at 18:25:11 on 2012-05-14 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3959.2339 [GMT 2:00] . AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Users\Jutta\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Users\Jutta\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.at/ mStart Page = hxxp://acer.msn.com uInternet Settings,ProxyOverride = *.local;<local> BHO: SuperAdBlockerBHO Class: {00000000-6c30-11d8-9363-000ae6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB: !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No File TB: !{B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun uRun: [Akamai NetSession Interface] "C:\Users\Jutta\AppData\Local\Akamai\netsession_win.exe" mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: Interfaces\{EAD17DBB-C9AE-4AFE-B42B-35A2102C5360} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EAD17DBB-C9AE-4AFE-B42B-35A2102C5360}\2416C6A75627F474 : DhcpNameServer = 10.0.200.1 195.3.95.67 213.33.98.136 TCP: Interfaces\{EAD17DBB-C9AE-4AFE-B42B-35A2102C5360}\84F6D65613 : DhcpNameServer = 192.168.2.1 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll Notify: !SABWinLogon - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000d7} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL {00000000-6C30-11D8-9363-000AE6309654} {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {43C6D902-A1C5-45c9-91F6-FD9E90337E18} BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {9030D464-4C02-4ABF-8ECC-5164760863C6} {963B125B-8B21-49A2-A3A8-E37092276531} {DBC80044-A445-435b-BC74-9C25C1C588A9} {CCAC5586-44D7-4c43-B64A-F042461A97D2} TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\k5rrdbvy.default\ . ============= SERVICES / DRIVERS =============== . R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-10-18 321104] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-20 868896] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-18 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-14 654408] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-11-19 255744] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-17 144640] R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-10-18 260640] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-27 2886528] R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?] R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?] R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-18 2320920] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-10-18 243232] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?] R3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2012-5-7 595960] R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2012-5-7 917768] S1 SABDIFSV;SABDIFSV;C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys [2005-9-21 5632] S1 SABKUTIL;SABKUTIL;C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS [2007-2-20 32256] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SearchAnonymizer;SearchAnonymizer;"C:\Users\Gast1\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe" --> C:\Users\Gast1\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-17 50432] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-05-13 23:42:19 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-13 22:42:46 -------- d-----w- C:\$RECYCLE.BIN 2012-05-13 22:34:52 -------- d-----w- C:\ComboFix 2012-05-10 06:44:28 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-10 06:44:28 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-10 06:44:27 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-10 06:44:27 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-05-10 06:44:27 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-05-10 06:44:27 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-05-10 06:44:27 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-05-10 06:44:27 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-05-10 06:44:27 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-05-10 06:44:27 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-09 06:09:56 -------- d-----w- C:\Windows\SysWow64\Wat 2012-05-09 06:09:56 -------- d-----w- C:\Windows\System32\Wat 2012-05-08 22:18:28 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2012-05-08 22:18:28 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2012-05-08 22:04:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-05-08 22:00:51 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-05-08 21:42:01 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-05-08 21:42:01 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-05-08 21:42:00 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-05-08 21:42:00 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-05-08 21:42:00 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-05-08 21:42:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-05-08 21:42:00 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-05-08 18:54:46 -------- d-----w- C:\Users\Jutta\AppData\Roaming\redsn0w 2012-05-08 06:16:56 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2012-05-08 06:15:53 612352 ----a-w- C:\Windows\System32\vbscript.dll 2012-05-08 06:13:54 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe 2012-05-08 06:12:29 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-05-07 15:00:29 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-05-07 15:00:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-05-07 15:00:29 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-05-07 15:00:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-05-07 15:00:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-05-07 15:00:28 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-05-07 15:00:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-05-07 14:44:51 42768 ----a-w- C:\Windows\System32\drivers\tmpreflt.sys 2012-05-07 14:44:51 342288 ----a-w- C:\Windows\System32\drivers\tmxpflt.sys 2012-05-07 14:44:51 2077456 ----a-w- C:\Windows\System32\drivers\vsapint.sys 2012-05-07 13:56:57 98816 ----a-w- C:\Windows\sed.exe 2012-05-07 13:56:57 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-07 13:56:57 256000 ----a-w- C:\Windows\PEV.exe 2012-05-07 13:56:57 208896 ----a-w- C:\Windows\MBR.exe 2012-05-07 13:13:51 -------- d-----w- C:\Program Files\Trend Micro 2012-05-07 13:11:58 339984 ----a-w- C:\Windows\System32\drivers\tmwfp.sys 2012-05-07 13:11:58 200720 ----a-w- C:\Windows\System32\drivers\tmlwf.sys 2012-05-07 13:11:58 107536 ----a-w- C:\Windows\System32\drivers\tmtdi.sys 2012-05-06 21:01:05 -------- d-----w- C:\Users\Jutta\AppData\Roaming\Malwarebytes 2012-05-06 21:00:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-06 21:00:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-15 06:09:26 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-04-15 06:09:26 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-24 00:14:20 21520 ----a-w- C:\Windows\DCEBoot64.exe 2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec 2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 18:25:31,56 =============== Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 15.03.2011 20:07:57 System Uptime: 14.05.2012 02:33:53 (16 hours ago) . Motherboard: Acer | | TravelMate 5742G Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU | 2533/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 364,469 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP83: 07.05.2012 17:00:38 - Windows Update RP84: 08.05.2012 23:34:09 - Windows Update RP85: 11.05.2012 03:00:12 - Windows Update RP86: 13.05.2012 23:46:42 - ComboFix created restore point . ==== Installed Programs ====================== . Acer Backup Manager Acer Crystal Eye webcam Acer ePower Management Acer eRecovery Management Acer Registration Acer ScreenSaver Acer Updater Acer VCM Acrobat.com Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.1 MUI Adobe Setup Adobe Shockwave Player 11.6 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Akamai NetSession Interface Apple Application Support Apple Software Update Backup Manager Advance BrowserCompanion Canon IJ Network Tool Canon Utilities Easy-PhotoPrint EX Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack für 2007 Office System Corel WinDVD DealPly Fraps (remove only) Google Chrome Identity Card Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Java Auto Updater Java(TM) 6 Update 30 Junk Mail filter update Launch Manager LogMeIn Hamachi Malwarebytes Anti-Malware Version 1.61.0.1400 Microsoft Choice Guard Microsoft Office 2000 Premium Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft_VC100_CRT_SP1_x86 MorphVOX Pro Mozilla Firefox 8.0.1 (x86 de) MSVC80_x86_v2 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) No-IP DUC NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 PDF Settings PX Profile Update Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.8 Super Ad Blocker swMSM TeamSpeak 3 Client TeamViewer 7 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) web'n'walk Manager 1.6 Welcome Center Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer WinRAR 4.10 (32-Bit) WolfTeam-DE . ==== End Of File =========================== Code:
ATTFilter C:\Users\Jutta\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application C:\Users\Jutta\Downloads\Facemoods.exe probably a variant of Win32/InstallCore.A application C:\Users\Kinder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F5PW9Q6S\1market[2].htm HTML/Iframe.B.Gen virus C:\Users\Kinder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F5PW9Q6S\firstload_com[1].htm HTML/ScrInject.B.Gen virus C:\Users\Kinder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F5PW9Q6S\main[1].htm JS/Kryptik.NJ trojan C:\Users\Kinder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X5I1YSOK\b9c50[1].pdf JS/Exploit.Pdfka.PKP trojan
__________________ www.taxi-forum.at |
14.05.2012, 22:04 | #13 | |
/// Malwareteam | AKM Virus hat auch mich erwischtZitat:
Ansonsten sind wir durch, logfiles sind sauber! Lass uns noch kritische Software aktualisieren: Schritt 1: Adobe Reader update Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.
Schritt 2: Adobe Shockwave Player update Dein Shockwave-Player ist veraltet. Um den Shockwave Player zu aktualisieren, gehe bitte wie folgt vor:
Schritt 3: Java update Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 4: Mozilla Firefox update Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
...und noch ein wenig aufräumen: ComboFix Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. TFC Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
14.05.2012, 22:32 | #14 |
| AKM Virus hat auch mich erwischt OK, danke erst mal für die ausführliche Hilfe, die Punkte abzuarbeiten wird ein bisschen dauern. Dies ist das Laptop meiner Frau, auf der es ein eingeschränktes Konto für unsere Buben (13+15) gibt die leider einiges anklicken was sie nicht sollen. Was mich allerdings sehr wundert, ist das mein TrendMicro diese Viren nicht abgefangen hat, obwohl er immer aktuell ist. Danke mfg Michael
__________________ www.taxi-forum.at |
14.05.2012, 22:40 | #15 |
/// Malwareteam | AKM Virus hat auch mich erwischt Antivirenprogramme können diesen Typ Spftware, der vom User durch Klick gestartet wird oder eine auf dem Rechner vorhandene Sicherheitslücke ohne Zutun des Users nutzt, nicht aufhalten. Sie können dann höchstens feststellen, dass Malware im Arbeitsspeicher oder auf der Festplatte befindlich ist und zum Handeln auffordern...quasi eine Art Airbag für den Nutzer!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Themen zu AKM Virus hat auch mich erwischt |
0x00000001, akm virus, dateisystem, einfach, eingestellt, entferne, entfernen, erwischt, funktionier, gestellt, heuristiks/extra, heuristiks/shuriken, hijacker.application, home, home premium, hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?ext=%s, install.exe, launch, neues, plug-in, premium, pup.toolbardownloader, search the web, searchqu toolbar, searchscopes, version=1.0, virus, vorteil |