| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JS:Iframe-KQ [Trj]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2012, 00:54
| #1 |
 | ![JS:Iframe-KQ [Trj] - Standard](images/icons/icon1.gif){kind=icon} JS:Iframe-KQ [Trj] Hallo habe mir laut Avast, einen Trojaner namens JS:Iframe-KQ [Trj] eingefangen. Dateipfad ist C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\1\41 und C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\C\93 Hab die Datein bei virustotal.com scannen lassen, dort haben (nur) 4 weitere Scanner einen Virus gefunden und zwar Sophos,Ikarus,Emsisoft und GDATA. Nun ist meine Frage wie "bedrohlich" dieser Virus ist, was er macht und wie ich ihn losbekomme  Hab auch mal HijackThis drüber laufen lassen, ich habe auf den ersten Blick nichts auffäliges gesehen bin aber sicher auch kein Experte. Bei mir laüft auch Spybot SD, der hat aber auch nichts gefunden. So hier mal der HT log und schon mal ein Danke im Vorraus Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:51:45, on 08.07.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Sandboxie\SandboxieRpcSs.exe C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe F:\Downloads\HiJackThis204.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe |
|
10.07.2012, 22:06
| #2 |
| /// Malware-holic   | JS:Iframe-KQ [Trj] hjt logs wollen wir keine sehen, ist auch oben so angepinnt.
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
11.07.2012, 11:13
| #3 |
| | JS:Iframe-KQ [Trj] Danke für die Antwort.
__________________Das HT nicht mehr gefragt ist habe ich dann auch gesehen, nur leider konnte ich dann meinen Eintrag nicht mehr editieren und da in der Anleitung steht man solle sein Beitrag nicht pushen habe ich erstmal gewartet. Sorry ;-) So hier ein aktueller OTL Scan, allerdings hat er mir keine Extra.txt erstellt. OTL.txt Code:
ATTFilter OTL logfile created on: 11.07.2012 11:32:01 - Run 5 OTL by OldTimer - Version 3.2.53.1 Folder = F:\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,59% Memory free 3,98 Gb Paging File | 2,65 Gb Available in Paging File | 66,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 26,46 Gb Total Space | 0,56 Gb Free Space | 2,10% Space Free | Partition Type: NTFS Drive F: | 122,59 Gb Total Space | 32,50 Gb Free Space | 26,51% Space Free | Partition Type: NTFS Drive G: | 488,23 Mb Total Space | 152,44 Mb Free Space | 31,22% Space Free | Partition Type: FAT Computer Name: BOOOOM | User Name: SeS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.08 12:54:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.04.10 12:17:02 | 000,024,336 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SandboxieRpcSs.exe PRC - [2012.04.10 12:17:02 | 000,018,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SandboxieDcomLaunch.exe PRC - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.02.01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.22 20:36:00 | 000,621,320 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 10:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 12:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2006.12.26 12:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe ========== Modules (No Company Name) ========== MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.04.12 18:37:19 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.04.12 18:37:19 | 000,166,400 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll MOD - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.07.04 12:02:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.06.23 08:03:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.09.13 11:10:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.04 11:57:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.02.26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.07.03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.04.10 12:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.11.04 21:33:18 | 000,296,592 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.04.29 06:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb) DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2008.09.25 09:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF D6 A4 D5 44 1A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {1de0de3c-0b5c-4f67-90c6-689623894991}:0.3 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.1 FF - prefs.js..extensions.enabledItems: csscoverage@spaghetticoder.org:0.2.4 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:4.0.1 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:3.5.9.1 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110508 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.09 20:25:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.05 09:41:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:02:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.28 01:16:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.10 21:00:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.09 20:25:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:02:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.28 01:16:28 | 000,000,000 | ---D | M] [2010.09.04 14:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Extensions [2010.09.04 14:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.09 10:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions [2012.01.05 16:27:37 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010.04.04 23:37:09 | 000,000,000 | ---D | M] ("Tab Preview") -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2011.06.03 08:44:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.24 16:01:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.01.22 14:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.05 09:41:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012.03.09 16:19:34 | 000,009,650 | ---- | M] () (No name found) -- C:\USERS\SES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDNYQYFL.DEFAULT\EXTENSIONS\CSSCOVERAGE@SPAGHETTICODER.ORG.XPI [2012.05.24 16:01:14 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\SES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDNYQYFL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.07.04 12:02:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.03.12 11:16:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.12 11:16:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.12 11:16:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.12 11:16:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.12 11:16:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.12 11:16:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\SeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F3494F8-0105-4984-ADC8-352E1E0ED309}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7268085-4667-4E4A-A163-973C5B533D2E}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {01FF51E9-C771-4CD3-AD62-C9FB5AEF55A5} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2538218) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {23036C23-ECDE-47F5-A908-BEC94EE0456F} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2251481) ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3ADBA5AF-E4B1-45B1-AF09-C49CFC4EA898} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2465367) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} - Microsoft Visual C++ 2005 Express Edition - DEU Service Pack 1 (KB926748) ActiveX: {AEA17EF2-EF36-485F-8105-3465692A8C7B} - Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB932234) ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB971090) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.08 12:54:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- F:\Desktop\OTL.exe [2012.06.27 13:12:19 | 000,000,000 | ---D | C] -- F:\Desktop\*** Trikot [2012.06.26 17:03:32 | 000,000,000 | ---D | C] -- C:\Users\SeS\AppData\Local\Macromedia [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.11 11:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.11 11:12:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.09 00:41:43 | 000,022,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.09 00:41:43 | 000,022,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.08 13:39:33 | 000,000,000 | ---- | M] () -- C:\Users\SeS\defogger_reenable [2012.07.08 12:56:30 | 000,302,592 | ---- | M] () -- F:\Desktop\hrid37ww.exe [2012.07.08 12:54:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe [2012.07.05 09:41:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.07.04 23:03:59 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.04 23:03:59 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.04 23:03:59 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.04 23:03:59 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.04 18:10:55 | 000,209,439 | ---- | M] () -- F:\Desktop\grundprinzipien-20091028.pdf [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.07.03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.06.27 19:16:01 | 000,562,144 | ---- | M] () -- F:\Eigene Dokumente\Einladung.pdf [2012.06.27 19:07:52 | 000,181,479 | ---- | M] () -- F:\Eigene Dokumente\Einladung.psd [2012.06.27 19:07:20 | 000,205,444 | ---- | M] () -- F:\Eigene Dokumente\Einladung.jpg [2012.06.27 18:44:48 | 000,201,064 | ---- | M] () -- F:\Eigene Dokumente\Einladung1.jpg [2012.06.14 03:38:34 | 001,654,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.08 13:39:33 | 000,000,000 | ---- | C] () -- C:\Users\SeS\defogger_reenable [2012.07.08 12:56:29 | 000,302,592 | ---- | C] () -- F:\Desktop\hrid37ww.exe [2012.07.04 18:10:55 | 000,209,439 | ---- | C] () -- F:\Desktop\grundprinzipien-20091028.pdf [2012.06.27 18:44:45 | 000,201,064 | ---- | C] () -- F:\Eigene Dokumente\Einladung1.jpg [2012.06.27 18:36:48 | 000,205,444 | ---- | C] () -- F:\Eigene Dokumente\Einladung.jpg [2012.06.27 18:27:00 | 000,562,144 | ---- | C] () -- F:\Eigene Dokumente\Einladung.pdf [2012.06.27 18:23:37 | 000,181,479 | ---- | C] () -- F:\Eigene Dokumente\Einladung.psd [2012.05.14 11:13:19 | 000,002,086 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.04.12 21:49:34 | 000,007,601 | ---- | C] () -- C:\Users\SeS\AppData\Local\Resmon.ResmonCfg [2012.01.13 14:59:58 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{D3A54969-E7EB-4D76-A5D0-5168CAA3A995} [2011.12.08 05:03:35 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{EAC6D661-0EED-4FEC-813E-238AC50ACDB1} [2011.10.16 01:08:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.08.31 22:43:22 | 000,039,586 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.07.06 18:07:18 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI [2011.06.30 01:16:55 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{18D59C89-51F3-48CC-AC65-C8F6B064C312} [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.02.16 23:59:21 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2010.11.15 14:27:30 | 000,000,218 | ---- | C] () -- C:\Users\SeS\.recently-used.xbel [2010.09.23 19:44:30 | 000,003,584 | ---- | C] () -- C:\Users\SeS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.23 14:57:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.08.15 17:17:00 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.06.15 13:46:46 | 000,017,408 | ---- | C] () -- C:\Users\SeS\AppData\Local\WebpageIcons.db ========== LOP Check ========== [2010.04.14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\CadSoft [2010.09.16 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Canneverbe Limited [2011.09.08 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\DVDVideoSoft [2011.06.03 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.08 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\GetRightToGo [2010.11.15 14:26:49 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\gtk-2.0 [2011.10.08 20:13:29 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\KeePass [2010.06.28 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Notepad++ [2010.04.12 18:38:56 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\OpenOffice.org [2011.02.17 03:14:47 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\picajet.com [2010.04.19 02:41:57 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Subversion [2010.09.04 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Thunderbird [2012.01.10 20:22:14 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Wuala [2012.04.11 15:07:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.03.13 13:58:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.05.30 20:43:30 | 000,000,000 | ---D | M] -- C:\BlueJ [2012.07.07 13:47:08 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2010.05.02 20:22:34 | 000,000,000 | ---D | M] -- C:\cygwin [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.03.13 13:58:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.03.14 18:43:38 | 000,000,000 | ---D | M] -- C:\Intel [2010.07.20 21:43:33 | 000,000,000 | ---D | M] -- C:\Medion [2010.04.14 12:55:04 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.05.14 11:12:06 | 000,000,000 | R--D | M] -- C:\Program Files [2012.05.04 16:47:38 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.03.13 13:58:18 | 000,000,000 | -HSD | M] -- C:\Programme [2010.03.13 13:58:19 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.05.14 11:18:57 | 000,000,000 | R--D | M] -- C:\Sandbox [2012.07.11 11:35:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.26 01:56:23 | 000,000,000 | ---D | M] -- C:\Temp [2010.09.23 14:58:20 | 000,000,000 | R--D | M] -- C:\Users [2012.07.05 09:41:31 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.11.15 14:27:30 | 000,000,218 | ---- | M] () -- C:\Users\SeS\.recently-used.xbel [2012.07.08 13:39:33 | 000,000,000 | ---- | M] () -- C:\Users\SeS\defogger_reenable [2012.07.11 11:35:47 | 004,456,448 | -HS- | M] () -- C:\Users\SeS\ntuser.dat [2012.07.11 11:35:47 | 000,262,144 | -HS- | M] () -- C:\Users\SeS\ntuser.dat.LOG1 [2010.03.13 13:58:34 | 000,000,000 | -HS- | M] () -- C:\Users\SeS\ntuser.dat.LOG2 [2010.03.14 19:32:01 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TM.blf [2010.03.14 19:32:01 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TMContainer00000000000000000001.regtrans-ms [2010.03.14 19:32:01 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TMContainer00000000000000000002.regtrans-ms [2010.03.13 14:28:53 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.03.13 14:28:53 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.03.13 14:28:53 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.03.09 15:39:51 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TM.blf [2012.03.09 15:39:51 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TMContainer00000000000000000001.regtrans-ms [2012.03.09 15:39:51 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TMContainer00000000000000000002.regtrans-ms [2010.03.13 13:58:34 | 000,000,020 | -HS- | M] () -- C:\Users\SeS\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:63238B95 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7311BB85 < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-08 17:19:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: hrid37ww.exe; Driver: C:\Users\SeS\AppData\Local\Temp\ugldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89298536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8EC997BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x89298F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x892A3D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x892A3DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x892A3F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x892A3CE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8EC99BAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x892A3D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x89299146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x892992CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x892A3F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x892998CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89298584]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8EC9989E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x892981EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x892985D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8929D2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8929A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x892A3DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x892A3DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x892A3F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x892A3D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x892A3E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x892A3D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x892A3F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8EC99A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8929A15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x89299E9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89298620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8929866E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8929974A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89298276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89298426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x892983CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x89299A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x89299B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89298496]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8EC99AE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x892995CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x892986BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8EC99954]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8ECB1744]
Code 99B50BFC ZwTraceEvent
Code 99B50BFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E503C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E89D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E90D80 4 Bytes [36, 85, 29, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E90DA8 4 Bytes [BA, 97, C9, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E90E08 4 Bytes [52, 8F, 29, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E90E5C 8 Bytes [7A, 3D, 2A, 89, C6, 3D, 2A, ...] {JP 0x3f; SUB CL, [ECX-0x76d5c23a]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E90E68 4 Bytes [48, 3F, 2A, 89]
.text ...
.text ntkrnlpa.exe!NtTraceEvent 82ED963A 5 Bytes JMP 99B50C00
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8301DC64 5 Bytes JMP 8ECAE61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83036290 5 Bytes JMP 8ECB0116 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8304B3D7 4 Bytes CALL 8929A959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 83050A45 5 Bytes JMP 99B50D40
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 830650C0 5 Bytes JMP 99B50DE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830651E0 4 Bytes CALL 8929A96F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestPort + 2 83093687 5 Bytes JMP 99B50CA0
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830EF11A 7 Bytes JMP 8ECB1748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[344] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[452] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[552] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text ...
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1416] kernel32.dll!SetUnhandledExceptionFilter 762BF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1416] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1516] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1648] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetBinaryTypeW + 70 762D69F4 1 Byte [62]
.text ...
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
11.07.2012, 21:30
| #4 | |
| /// Malware-holic | JS:Iframe-KQ [Trj]Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.07.2012, 13:54
| #5 |
| | JS:Iframe-KQ [Trj] So hier mein Logfile von combofix. Code:
ATTFilter ComboFix 12-07-13.03 - SeS 14.07.2012 13:54:40.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2038.1104 [GMT 2:00]
ausgeführt von:: f:\desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\app
c:\programdata\app\Textaizer Pro\Projects\Default.mpr
c:\programdata\app\Textaizer Pro\Projects\Lene.mpr
c:\programdata\app\Textaizer Pro\Sources\Balloons.png
c:\programdata\app\Textaizer Pro\Sources\Beatles.txt
c:\programdata\app\Textaizer Pro\Sources\CiegaSordomuda.txt
c:\programdata\app\Textaizer Pro\Sources\Congrats.txt
c:\programdata\app\Textaizer Pro\Sources\Greetings.txt
c:\programdata\app\Textaizer Pro\Sources\Heer Bommel.jpg
c:\programdata\app\Textaizer Pro\Sources\Lene Marlin.jpg
c:\programdata\app\Textaizer Pro\Sources\Shakespeare.txt
c:\programdata\app\Textaizer Pro\Sources\Shakira.jpg
c:\programdata\app\Textaizer Pro\Sources\Stones.txt
c:\programdata\app\Textaizer Pro\Sources\Tin Tin.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Burlap.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Canvas.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Concrete.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Cork.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Gaze.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Jeans.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Lightwood.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Sandstone.jpg
c:\programdata\gema
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Magic Speed.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Reach-a-Mail.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Smart PC.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Hilfe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery entfernen.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery im Internet.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery.lnk
c:\programdata\xml3A21.tmp
c:\programdata\xml541F.tmp
c:\programdata\xml5604.tmp
c:\programdata\xml56B0.tmp
c:\programdata\xmlADFE.tmp
c:\programdata\xmlB493.tmp
c:\programdata\xmlB494.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-14 bis 2012-07-14 ))))))))))))))))))))))))))))))
.
.
2012-07-14 12:06 . 2012-07-14 12:06 -------- d-----w- c:\users\Mcx1-BOOOOM\AppData\Local\temp
2012-07-14 12:06 . 2012-07-14 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 07:19 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6907A30A-D1EA-47F7-9561-FB1E3812474E}\mpengine.dll
2012-07-11 20:22 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:01 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 19:01 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 19:01 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 19:01 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 19:01 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:01 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 19:01 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 19:01 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 19:00 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:00 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 19:00 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 19:00 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 19:00 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 19:00 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 19:00 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-04 10:02 . 2012-07-04 10:02 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-04 10:02 . 2012-07-04 10:02 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-26 15:03 . 2012-06-26 15:03 -------- d-----w- c:\users\SeS\AppData\Local\Macromedia
2012-06-23 06:14 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 06:14 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 06:14 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 06:14 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 06:14 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 06:14 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 06:14 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 06:14 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 06:14 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:36 . 2012-04-11 13:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:36 . 2011-05-31 11:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2010-03-14 17:39 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-04-03 14:50 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-04-15 23:48 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-03-14 17:39 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-03-14 17:39 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-03-14 17:39 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-07-01 07:13 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-03-14 17:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-01 04:44 . 2012-06-13 05:39 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 05:39 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 05:39 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 05:39 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 05:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 05:39 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 05:39 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 05:39 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-04 10:02 . 2011-05-23 20:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{F355C53D-68AA-437A-9E32-E7EBE595795B}"
[HKEY_CLASSES_ROOT\CLSID\{F355C53D-68AA-437A-9E32-E7EBE595795B}]
2011-11-04 19:33 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-11-04 19:33 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 452880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\SeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:36]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\SeS\AppData\Roaming\Mozilla\Firefox\Profiles\udnyqyfl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14 14:09:10
ComboFix-quarantined-files.txt 2012-07-14 12:09
.
Vor Suchlauf: 928.653.312 Bytes frei
Nach Suchlauf: 731.164.672 Bytes frei
.
- - End Of File - - 1EB3D5328BBF6AAA93BAA34347CCF9BA
|
|
15.07.2012, 18:52
| #6 |
| /// Malware-holic | JS:Iframe-KQ [Trj] malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> JS:Iframe-KQ [Trj] |
|
16.07.2012, 23:16
| #7 |
| | JS:Iframe-KQ [Trj] So nun der Malewarebytes Log. Das einzige das er als Virus gefunden hat war der Decrypthelper, den ich mir hier mal für nen Kollegen gesaugt habe  Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 SeS :: BOOOOM [Administrator] 16.07.2012 14:37:19 mbam-log-2012-07-16 (14-37-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 497764 Laufzeit: 2 Stunde(n), 2 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 F:\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
17.07.2012, 17:53
| #8 |
| /// Malware-holic | JS:Iframe-KQ [Trj] ein fehlalarm. lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.07.2012, 20:30
| #9 |
| | JS:Iframe-KQ [Trj]Code:
ATTFilter Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen Adobe Systems Incorporated 04.04.2010 1,14GB 1.0 -->notwendig Adobe Digital Editions 12.04.2010 -->notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.07.2012 6,00MB 11.3.300.265 -->notwendig Adobe Flash Player 9 ActiveX Adobe Systems, Inc. 04.04.2010 2,65MB 9.0.45.0 -->notwendig Adobe Reader 9.5.1 - Deutsch Adobe Systems Incorporated 28.04.2012 118MB 9.5.1 -->notwendig AppInventor Setup Google Inc. 04.11.2011 1.1 -->notwendig AuthenTec TrueSuite AuthenTec, Inc. 05.04.2010 6,54MB 2.0.0.57 -->unbekannt avast! Free Antivirus AVAST Software 05.07.2012 7.0.1456.0 -->notwendig BlueJ 2.5.3 Deakin University 30.05.2010 -->notwendig Boost C++ Libraries 1.44 22.10.2010 -->notwendig CCleaner Piriform 22.06.2012 3.20 -->notwendig DartPro 2.9.0.0 RuSyS 26.08.2011 --unnötig Dia (nur entfernen) 14.04.2010 -->notwendig Diablo II 31.08.2011 -->notwendig DivX-Setup DivX, Inc. 22.11.2010 2.1.2.2 -->notwendig DVD Flick 1.3.0.7 Dennis Meuwissen 11.10.2010 1.3.0.7 -->unbekannt EAGLE 5.8.0 CadSoft Computer GmbH 14.04.2010 5.8.0 -->notwendig Free YouTube to MP3 Converter version 3.10.8.815 DVDVideoSoft Ltd. 08.09.2011 45,3MB -->notwendig Ghost Recon 21.05.2010 -->notwendig GNUARM 4.1.1 GNU 02.05.2010 4.1.1 -->notwendig HP Customer Participation Program 13.0 HP 09.07.2010 13.0 -->notwendig HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 HP 09.07.2010 13.0 -->notwendig HP Imaging Device Functions 13.0 HP 09.07.2010 13.0 -->notwendig HP Photosmart Essential 3.5 HP 09.07.2010 3.5 -->notwendig HP Smart Web Printing 4.51 HP 09.07.2010 4.51 -->notwendig HP Solution Center 13.0 HP 09.07.2010 13.0 -->notwendig HP Update Hewlett-Packard 09.03.2012 3,98MB 5.003.001.001 -->notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 14.08.2010 54,2MB 8.15.10.1930 -->notwendig Internet-TV für Windows Media Center Microsoft Corporation 27.09.2010 13,6MB 4.2.2.0 -->unbekannt Java DB 10.5.3.0 Sun Microsystems, Inc 28.03.2010 28,4MB 10.5.3.0 -->notwendig Java(TM) 6 Update 29 Sun Microsystems, Inc. 28.03.2010 97,1MB 6.0.290 -->notwendig Java(TM) SE Development Kit 6 Update 18 Sun Microsystems, Inc. 28.03.2010 150MB 1.6.0.180 -->notwendig KeePass Password Safe 2.16 Dominik Reichl 11.08.2011 5,35MB -->notwendig Launch Manager V1.4.8 Wistron Corp. 14.03.2010 1.4.8 -->notwendig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 16.07.2012 18,7MB 1.62.0.1300 -->notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 38,8MB 4.0.30319 -->notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 2,93MB 4.0.30319 -->notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 22.10.2010 51,9MB 4.0.30319 -->notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 22.10.2010 10,6MB 4.0.30319 -->notwendig Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 22.10.2010 83,4MB 4.0.30319 -->notwendig Microsoft Help Viewer 1.0 Microsoft Corporation 22.10.2010 3,97MB 1.0.30319 -->unbekannt Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 22.10.2010 1,95MB 1.0.30319 -->unbekannt Microsoft Office Visio Professional 2007 Microsoft Corporation 08.02.2012 12.0.6612.1000 -->notwendig Microsoft Silverlight Microsoft Corporation 12.05.2012 60,4MB 4.1.10329.0 -->notwendig Microsoft Small Basic v0.95 Microsoft Corporation 29.05.2011 7,35MB 0.9.5.0 -->notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 27.09.2010 1,72MB 3.1.0000 -->notwendig Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 22.10.2010 3,69MB 3.5.8080.0 -->notwendig Microsoft Visual C++ 2005 Express Edition - DEU Microsoft Corporation 22.10.2010 -->notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001 -->notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 19.04.2011 598KB 9.0.30729.5570 -->notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.03.2010 596KB 9.0.30729.4148 -->notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 22.10.2010 599KB 9.0.30729.4974 -->notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 -->notwendig Microsoft Visual C++ 2010 Express - DEU Microsoft Corporation 22.10.2010 10.0.30319 -->notwendig Mozilla Firefox 13.0.1 (x86 de) Mozilla 04.07.2012 36,8MB 13.0.1 -->notwendig Mozilla Maintenance Service Mozilla 04.07.2012 309KB 13.0.1 -->unbekannt Mozilla Thunderbird (3.1.11) Mozilla 10.07.2011 3.1.11 (de) -->notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10.07.2010 1,27MB 4.20.9870.0 -->unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 12.07.2010 1,33MB 4.20.9876.0 -->unbekannt NetBeans IDE 6.8 NetBeans.org 28.03.2010 6.8 -->notwendig Notepad App Sun Microsystems, Inc. 04.11.2011 -->unbekannt Notepad++ 28.06.2010 5.6.8 -->notwendig OpenOffice.org 3.2 OpenOffice.org 12.04.2010 355MB 3.2.9483 -->notwendig PC Inspector smart recovery 16.02.2011 4.50 -->unbekannt PDF-Viewer Tracker Software Products Ltd 29.04.2010 30,4MB 2.0.50.0 -->unbekannt PDFCreator Frank Heindörfer, Philip Chinery 31.05.2010 1.0.0 -->notwendig PicaJet Photo Recovery 1.0.1 Beta PicaJet.Com 17.02.2011 1.0.1 Beta -->notwendig Picasa 3 Google, Inc. 12.08.2011 3.8 -->notwendig PlayReady PC Runtime x86 Microsoft Corporation 19.07.2010 1,65MB 1.3.0 -->unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.08.2010 6.0.1.6167 -->notwendig Recover My Files GetData Pty Ltd 17.02.2011 14,6MB 4.6.8.1012 -->notwendig Recuva Piriform 17.02.2011 1.39 -->notwendig Sandboxie 3.68 (32-bit) SANDBOXIE L.T.D 14.05.2012 3.68 -->notwendig Shop for HP Supplies HP 09.07.2010 13.0 -->unnötig SiSoftware Sandra Lite 2010.SP2 SiSoftware 15.08.2010 67,4MB 16.52.2010.7 -->notwendig Skype™ 5.9 Skype Technologies S.A. 18.06.2012 19,2MB 5.9.123 -->notwendig Smart Flash Recovery v4.4 Smart PC Solutions 17.02.2011 4.4 -->notwendig SopCast 3.4.0 www.sopcast.com 18.09.2011 3.4.0 -->notwendig Spybot - Search & Destroy Safer Networking Limited 09.03.2012 1.6.2 -->notwendig Stellar Phoenix Photo Recovery v3.5 Stellar Information Systems Ltd 17.02.2011 9,60MB -->notwendig Synaptics Pointing Device Driver Synaptics 14.03.2010 10.0.14.0 -->unbekannt Textaizer Pro v4.0 APP Helmond 22.08.2011 5,45MB -->unbekannt TinyCAD 2.60.01 TinyCAD 14.04.2010 2.60.01 -->notwendig TmNationsForever Nadeo 28.07.2011 -->notwendig TortoiseSVN 1.6.7.18415 (32 bit) TortoiseSVN 19.04.2010 18,3MB 1.6.18415 -->notwendig Veetle TV Veetle, Inc 30.04.2012 0.9.19 -->notwendig VLC media player 1.1.5 VideoLAN 03.01.2011 1.1.5 -->notwendig Windows Live Anmelde-Assistent Microsoft Corporation 27.09.2010 1,93MB 5.000.818.5 -->unbekannt Windows Live Essentials Microsoft Corporation 27.09.2010 14.0.8117.0416 -->unbekannt Windows Live Sync Microsoft Corporation 27.09.2010 2,79MB 14.0.8117.416 -->unbekannt Windows Live-Uploadtool Microsoft Corporation 27.09.2010 224KB 14.0.8014.1029 -->unbekannt Windows Media Player Firefox Plugin Microsoft Corp 05.04.2010 296KB 1.0.0.8 -->unbekannt WinRAR 21.03.2010 -->notwendig Wuala LaCie 31.08.2011 1.0.367.0 -->notwendig Wuala CBFS LaCie 12.11.2011 3.2.101.0 -->notwendig Wuala OverlayIcons LaCie 31.08.2011 1.0.0.1 -->notwendig XBCD 1.07 Redcl0ud 29.05.2010 1.07 -->notwendig ZDFmediathek Version 2.1.6 ZDF 11.01.2012 -->notwendig |
|
19.07.2012, 21:42
| #10 |
| /// Malware-holic | JS:Iframe-KQ [Trj] deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: DartPro DVD Flick Internet-TV Java: alle Download der kostenlosen Java-Software downloade java jre instalieren deinstaliere: PC Inspector PDF-Viewer Spybot : verzichte lieber drauf, und behalte malwarebytes. Windows Live : alle die du nicht benötigst. öffne CCleaner analysieren bereinigen. öffne otl, cleanup pc startet neu, teste wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu JS:Iframe-KQ [Trj] |
| adobe, antivirus, avast, bho, bonjour, computer, converter, emsisoft, firefox, flash player, frage, google, hijack, hijackthis, internet, internet explorer, launch, mozilla, mp3, notification, plug-in, realtek, safer networking, scan, security, software, system, trojan.iframeref!ik, trojaner, trojaner js:iframe-kq, virus, virustotal.com, windows |
![JS:Iframe-KQ [Trj]](iconimages/plagegeister-aller-art-deren-bekaempfung/js-iframe-kq-trj_ltr.gif)
Linear-Darstellung
