| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten reinWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
03.06.2012, 13:37
| #1 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.06.2012, 14:42
| #2 |
 | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Done:
__________________[code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-03.01 - Adrian ***** 03.06.2012 15:09:27.1.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.41.1031.18.16360.13489 [GMT 2:00]
ausgeführt von:: c:\users\Adrian *****\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-03 bis 2012-06-03 ))))))))))))))))))))))))))))))
.
.
2012-06-03 12:39 . 2012-06-03 12:39 -------- d-----w- c:\users\Adrian *****\AppData\Local\Google
2012-06-03 12:14 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB5F5EA7-1E13-4D0E-89FC-98DFF164CDBC}\mpengine.dll
2012-06-02 21:57 . 2012-06-02 22:00 -------- d-----w- C:\Blog
2012-06-02 20:02 . 2012-06-02 20:02 -------- d-----w- C:\_OTL
2012-06-02 10:07 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 21:39 . 2012-05-31 20:31 595968 ----a-w- C:\OTL.exe
2012-05-31 16:49 . 2012-06-02 11:15 -------- d-----w- c:\program files (x86)\Panda Security
2012-05-31 10:56 . 2012-05-31 10:56 -------- d-----w- c:\program files (x86)\ESET
2012-05-31 07:56 . 2012-05-31 08:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-31 07:56 . 2012-05-31 07:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-30 16:07 . 2012-05-30 16:07 -------- d-----w- c:\users\Adrian *****\AppData\Roaming\Malwarebytes
2012-05-30 16:07 . 2012-05-30 16:07 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 14:59 . 2012-05-30 14:59 -------- d-----w- c:\programdata\Samsung
2012-05-24 22:15 . 2012-05-24 22:15 -------- d-----w- c:\users\Adrian *****\AppData\Roaming\FrontDesign
2012-05-24 22:14 . 2012-05-24 22:14 -------- d-----w- c:\program files (x86)\FrontDesign
2012-05-21 17:34 . 2012-05-30 14:53 -------- d-----w- c:\users\a0273787
2012-05-21 16:53 . 2012-05-21 16:53 -------- d-----w- c:\users\Adrian *****\AppData\Roaming\Crosshairs Embedded
2012-05-21 16:20 . 2012-05-30 19:04 -------- d-----w- c:\users\Adrian *****\AppData\Roaming\controlSUITE
2012-05-21 16:17 . 2012-05-21 16:19 -------- d-----w- c:\program files\controlSUITE
2012-05-15 12:35 . 2012-05-15 12:34 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 12:31 . 2012-05-15 12:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-15 12:26 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-14 21:01 . 2012-05-14 21:01 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-12 17:11 . 2012-05-12 17:11 -------- d-----w- c:\programdata\Ant
2012-05-12 10:36 . 2012-05-12 10:36 -------- d--h--w- c:\programdata\Common Files
2012-05-12 10:31 . 2012-05-12 15:53 -------- d-----w- c:\programdata\MFAData
2012-05-11 23:56 . 2012-05-11 23:56 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 22:10 . 2008-01-18 23:10 154168 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2012-05-10 20:25 . 2012-05-10 20:25 -------- d-----w- c:\program files\Windows Imaging
2012-05-10 20:25 . 2012-05-10 20:25 -------- d-----w- c:\program files\Windows AIK
2012-05-10 11:01 . 2012-04-21 01:16 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-10 11:01 . 2012-04-21 01:16 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 11:01 . 2012-04-21 01:16 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 11:01 . 2012-04-21 01:16 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-10 11:01 . 2012-04-21 01:15 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-10 11:01 . 2012-04-21 01:15 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-10 11:01 . 2012-04-21 01:15 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-09 15:05 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 15:05 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 15:05 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 15:05 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 15:05 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 15:05 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 15:05 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 15:03 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 15:03 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 15:03 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:03 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 15:03 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:03 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-07 17:43 . 2012-06-02 10:42 -------- d-----w- c:\users\Adrian *****\AppData\Roaming\AllDup
2012-05-07 17:43 . 2012-05-07 17:43 -------- d-----w- c:\programdata\AllDup
2012-05-07 17:43 . 2010-10-13 04:42 2369456 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
2012-05-07 17:43 . 2010-06-11 07:50 89888 ----a-w- c:\windows\SysWow64\mtFrame.ocx
2012-05-07 17:43 . 2010-03-25 07:33 171752 ----a-w- c:\windows\SysWow64\mtRTF2.ocx
2012-05-07 17:43 . 2009-12-29 15:00 1000992 ----a-w- c:\windows\SysWow64\TList8.ocx
2012-05-07 17:43 . 2009-10-12 21:02 44736 ----a-w- c:\windows\SysWow64\mtSubclass.dll
2012-05-07 17:43 . 2009-10-12 21:01 77504 ----a-w- c:\windows\SysWow64\mtScrollContainer.ocx
2012-05-07 17:43 . 2008-01-29 04:57 450560 ----a-w- c:\windows\SysWow64\fldrvw90.ocx
2012-05-07 17:43 . 2010-08-20 18:53 86016 ----a-w- c:\windows\SysWow64\mtSplitter.ocx
2012-05-07 17:43 . 2012-05-07 17:43 -------- d-----w- c:\program files (x86)\AllDup
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 15:35 . 2006-11-01 11:07 334720 ----a-w- c:\windows\system32\RootkitRevealer.exe
2012-05-15 12:34 . 2011-11-05 09:33 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 08:21 . 2012-05-04 08:21 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CE42E1C-E1AB-4A9C-B000-68B8CD41F3DC}\gapaengine.dll
2012-04-22 09:04 . 2012-04-22 09:04 159527 ----a-w- c:\windows\FlyChart Uninstaller.exe
2012-04-22 09:03 . 2012-04-22 08:59 159866 ----a-w- c:\windows\FlyChart Uninstaller.exe.bak
2012-04-04 16:47 . 2012-01-21 20:23 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-03 15:10 . 2012-04-03 15:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 15:10 . 2011-08-23 13:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 23:42 . 2012-03-26 23:42 138360 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-26 23:42 . 2012-03-26 23:42 138360 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-19 16:09 . 2012-03-19 16:09 49152 ----a-w- c:\windows\system32\AntUsbCIv2.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 116648]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gpslc64;gpslc64;c:\windows\system32\Drivers\gpslc64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 116648]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R4 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-29 3483600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe [2011-08-09 918144]
R4 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe [2011-08-09 947328]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
R4 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.08\AsusFanControlService.exe [2011-09-19 1406080]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-08-26 134944]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5899240]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 MsDepSvc;Webbereitstellungs-Agent-Dienst;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:10]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 12:39]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 12:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-01 12856936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.heise.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adrian *****\AppData\Roaming\Mozilla\Firefox\Profiles\k00bo4vt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-DS4 Default Content 4.0.0.16 - c:\3d\DAZ 3D\Studio\My Library\Uninstallers\Remove-DS4 Default Content.exe
AddRemove-iNTERNET Turbo - c:\program files (x86)\iNTERNET Turbo\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Adrian *****\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-03 15:30:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-03 13:30
.
Vor Suchlauf: 9 Verzeichnis(se), 50'661'609'472 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 50'132'103'168 Bytes frei
.
- - End Of File - - A9AFCDB1B8979A93CB6A6BF4E70D7755
|
|
| Themen zu Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein |
| .html, avira, browser, dasselbe, essen, essentials, flash, funde, gefunde, kaspersky, malwarebytes, nerve, nervende, nichts, popup, popup-fenster, problem, rechts, scans, schei, sämtliche, thema, werbung |
Hybrid-Darstellung
