| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.07.2012, 11:26
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\users\Bloodhound5\AppData\Roaming\Qaonp
c:\users\Bloodhound5\AppData\Roaming\Unekgy
c:\users\Bloodhound5\AppData\Roaming\Utop
File::
c:\windows\system32\drivers\3002e.sys
Driver::
3002e
69p20cfih3.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
"EnableUIADesktopToggle"=-
Firefox::
FF - ProfilePath - c:\users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube-Videosuche
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.07.2012, 19:26
| #17 |
 | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Bitteschön:
__________________Code:
ATTFilter ComboFix 12-07-02.01 - Bloodhound5 03.07.2012 20:05:31.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3767.1925 [GMT 2:00]
ausgeführt von:: c:\users\Bloodhound5\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bloodhound5\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\3002e.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\auth.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\burnlib.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\dsp_sps.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_fhgaac.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_flac.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_lame.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_vorbis.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_wav.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_wma.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_classicart.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_crasher.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_ff.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_find_on_disk.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_hotkeys.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_jumpex.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_ml.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_nopro.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_orgler.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_skinmanager.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_timerestore.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_tray.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_undo.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_avi.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_cdda.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_dshow.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_flac.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_flv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_linein.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_midi.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mkv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mod.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mp3.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mp4.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_nsv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_swf.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_vorbis.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wav.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wave.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wm.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_addons.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_autotag.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_bookmarks.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_devices.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_disc.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_downloads.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_enqplay.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_history.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_impex.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_local.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_nowplaying.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_online.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_orb.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_playlists.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_plg.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_pmp.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_rg.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_transcode.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_wire.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ombrowser.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\out_disk.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\out_ds.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\out_wave.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\playlist.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_activesync.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_android.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_ipod.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_njb.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_p4s.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_usb.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_wifi.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\tagz.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\vis_avs.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\vis_milk2.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\vis_nsfs.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\winamp.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\winampa.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\auth.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\burnlib.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\dsp_sps.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_fhgaac.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_flac.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_lame.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_vorbis.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_wav.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_wma.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_classicart.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_crasher.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_ff.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_find_on_disk.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_hotkeys.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_jumpex.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_ml.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_nopro.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_orgler.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_skinmanager.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_timerestore.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_tray.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_undo.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_avi.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_cdda.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_dshow.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_flac.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_flv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_linein.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_midi.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mkv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mod.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mp3.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mp4.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_nsv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_swf.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_vorbis.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wav.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wave.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wm.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_addons.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_autotag.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_bookmarks.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_devices.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_disc.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_downloads.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_enqplay.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_history.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_impex.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_local.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_nowplaying.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_online.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_orb.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_playlists.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_plg.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_pmp.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_rg.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_transcode.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_wire.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ombrowser.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\out_disk.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\out_ds.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\out_wave.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\playlist.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_activesync.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_android.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_ipod.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_njb.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_p4s.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_usb.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_wifi.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\tagz.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\vis_avs.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\vis_milk2.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\vis_nsfs.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\winamp.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\winampa.lng
c:\users\Bloodhound5\AppData\Roaming\Qaonp
c:\users\Bloodhound5\AppData\Roaming\Unekgy
c:\users\Bloodhound5\AppData\Roaming\Unekgy\ucoxo.byi
c:\users\Bloodhound5\AppData\Roaming\Utop
c:\users\Bloodhound5\AppData\Roaming\Utop\ipiz.odq
c:\windows\TEMP\jna4379024768154559662.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_3002e
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-03 bis 2012-07-03 ))))))))))))))))))))))))))))))
.
.
2012-06-28 09:11 . 2012-06-28 09:11 -------- d-----w- C:\_OTL
2012-06-23 22:59 . 2012-06-23 22:59 -------- d-----w- c:\users\Bloodhound5\AppData\Local\Macromedia
2012-06-21 07:39 . 2012-06-21 07:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 07:39 . 2012-06-21 07:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 07:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 07:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 07:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 07:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 07:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 07:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 07:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 07:59 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 07:59 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 22:19 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 16:48 . 2012-06-13 16:48 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-06-12 15:14 . 2012-06-12 15:38 -------- d-----w- C:\mukke tob geb
2012-06-05 11:03 . 2012-06-05 11:07 -------- d-----w- c:\users\Bloodhound5\AppData\Local\Microsoft Games
2012-06-05 11:03 . 2012-06-05 11:03 -------- d-----w- c:\program files\Microsoft Games
2012-06-05 01:00 . 2012-06-05 01:00 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-05 01:00 . 2012-06-05 01:00 -------- d-----w- c:\windows\system32\Wat
2012-06-03 21:33 . 2012-06-03 21:33 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-06-03 21:32 . 2012-06-03 21:33 -------- d-----w- c:\program files (x86)\HTC
2012-06-03 21:32 . 2012-06-03 21:32 -------- d-----w- c:\program files (x86)\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 21:28 . 2012-04-04 20:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 21:28 . 2011-12-26 12:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-02_16.28.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-07-02 16:30 35544 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-28 02:11 . 2012-07-02 16:27 7512 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-28 02:11 . 2012-07-03 18:10 7512 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-12-26 09:18 . 2012-07-01 22:31 7984 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069408673-4186737391-3019578021-1000_UserData.bin
+ 2011-12-26 09:18 . 2012-07-02 16:30 7984 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069408673-4186737391-3019578021-1000_UserData.bin
+ 2012-07-03 18:11 . 2012-07-03 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 16:28 . 2012-07-02 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 16:28 . 2012-07-02 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-03 18:11 . 2012-07-03 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-03 18:11 . 2012-07-03 18:11 196608 c:\windows\Temp\jna3571595913067016161.dll
+ 2011-12-26 16:26 . 2012-07-03 16:37 399208 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-07-02 15:37 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-03 18:15 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-07-03 18:15 654400 c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-07-02 15:37 654400 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-07-03 18:15 106622 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-02 15:37 106622 c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-07-03 18:15 130240 c:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-07-02 15:37 130240 c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-07-02 16:27 439932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-03 18:10 439932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-03 16:42 . 2012-07-03 16:42 8451584 c:\windows\Installer\533cc89.msi
+ 2011-12-26 09:50 . 2012-07-03 18:10 43182064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069408673-4186737391-3019578021-1000-12288.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-01-06 147456]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19549320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
.
c:\users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-13 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-14 9319424]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-13 303616]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-01-06 116096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 10:38 153232 ---ha-w- c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:28]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-23 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-23 2040352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF18141.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-03 20:21:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-03 18:21
ComboFix2.txt 2012-07-02 16:31
.
Vor Suchlauf: 17 Verzeichnis(se), 39.464.570.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 39.249.907.712 Bytes frei
.
- - End Of File - - 68106D272BFCAC2AF1E281C314F55633
|
|
04.07.2012, 16:19
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
|
10.07.2012, 00:37
| #19 |
| | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Hallo cosinus, sorry fürs späte Antworten, war unterwegs. Hier die Logs: gmer.log Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-09 03:39:11
Windows 6.1.7601 Service Pack 1
Running: 3p19qney.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2D 0x65 0x06 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x8D 0x1B 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x7A 0xAD 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2D 0x65 0x06 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x8D 0x1B 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x7A 0xAD 0x31 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:10:57 on 09.07.2012 OS: Windows 7 Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job" - "Google Inc." - C:\Users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job" - "Google Inc." - C:\Users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVG Anti-Rootkit Driver" (Avgrkx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx64.sys "AVG AVI Loader Driver" (Avgldx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx64.sys "AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx64.sys "AVG TDI Driver" (Avgtdia) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdia.sys "AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsdrivera.sys "AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsfiltera.sys "AVGIDSHA" (AVGIDSHA) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsha.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f "StubPath" - "Expert System S.p.A." - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? - (File not found | COM-object registry key not found) {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgse.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.2.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll {CC962137-2E78-4F94-975E-FC0C07DBD78F} "IE Developer Toolbar" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll {CC7E636D-39AA-49b6-B511-65413DA137A1} "IE Developer Toolbar BHO" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL {F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - ? - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Shortcut exists | File not found) "desktop.ini" - ? - C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "CrashPlan Tray.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk (Shortcut exists | File not found) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\Bloodhound5\AppData\Local\Apps\2.0\E13RC1TE.5Q0\JBRZPWXO.93D\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" "masce" - "DT Soft Ltd" - rundll32.exe "C:\Users\Bloodhound5\AppData\Roaming\masce.dll",HrEditPhonebookEntry (File is exclusively opened, access blocked) "Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVG_TRAY" - "AVG Technologies CZ, s.r.o." - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe "AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe "CrashPlan Backup Service" (CrashPlanService) - "CrashPlan" - C:\Program Files\CrashPlan\CrashPlanService.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe "KMService" (KMService) - ? - C:\Windows\system32\srvany.exe (File not found) "LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ===[ Logfile end ]=========================================[ Logfile end ]=== Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 21:15:47
-----------------------------
21:15:47.912 OS Version: Windows x64 6.1.7601 Service Pack 1
21:15:47.912 Number of processors: 4 586 0x2505
21:15:47.912 ComputerName: ALIENBABY-X UserName: Bloodhound5
21:15:48.192 Initialize success
21:15:51.515 AVAST engine defs: 12070900
21:15:56.601 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:15:56.601 Disk 0 Vendor: INTEL_SSDSA2M160G2GC 2CV102M3 Size: 152627MB BusType: 11
21:15:56.601 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
21:15:56.601 Disk 1 Vendor: FUJITSU_MHY2200BH 0000000B Size: 190782MB BusType: 11
21:15:56.617 Disk 0 MBR read successfully
21:15:56.617 Disk 0 MBR scan
21:15:56.617 Disk 0 Windows 7 default MBR code
21:15:56.632 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
21:15:56.632 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
21:15:56.648 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 138189 MB offset 29566976
21:15:56.648 Disk 0 scanning C:\Windows\system32\drivers
21:16:01.359 Service scanning
21:16:12.123 Modules scanning
21:16:12.123 Disk 0 trace - called modules:
21:16:12.139 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:16:12.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043e1060]
21:16:12.154 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004194060]
21:16:12.154 Scan finished successfully
21:28:00.174 Disk 0 MBR has been saved successfully to "C:\Users\Bloodhound5\Desktop\MBR.dat"
21:28:00.189 The log file has been saved successfully to "C:\Users\Bloodhound5\Desktop\aswMBR.txt"
Danke für deine Hilfe! |
|
10.07.2012, 12:33
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. |
| adobe, bho, browser, combofix, document, explorer, fehlermeldung, firefox, firefox 13.0.1, flash player, format, google, google earth, helper, hängen, igdpmd64.sys, index, internet, logfile, mozilla, plug-in, programme, realtek, registry, scan, searchscopes, security, seiten, senden, software, spam, version=1.0, windows |
Linear-Darstellung
