| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.07.2012, 19:38
| #1 |
| |  TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? Am 10.07.12 wurde mir beim Surfen der Download einer pdf-Datei mit der vierstelligen Nummer als Titel zum Download angeboten. Da mir das unseriös vorkam, da ich kein Download angefordert hatte habe ich rechts oben im Dialogfeld das weiße Kreuz auf rotem Quadrat geklickt , um das Dialogfeld zu schliessen. Meine Vermutung: Genau mit diesem Vorgang habe ich mir die Malware auf den Rechner geladen, denn wenige Sekunden später meldete mein aktuelles Avira Free Antivirus den Schädling TR/Crypt.ZPack.Gen8 und nahm ihn in Quarantäne. Daraufhin lies ich den Spywareterminator 2012, CCleaner und Malwarebytes durchlaufen. Ich bin mir nicht sicher, ob mein Rechner zuvor "clean"war: Zuvor meldete mir Avira am 17.6.12 beim Update von phonostar die Datei APPL/Yabector.Gen5 und nahm diesen in Quarantäne, wo er jetzt noch mit dem TR/Crypt.ZPack.Gen8 liegt. Zuvor hatte ich am 29.02.12 vermutlich das Bundespolizei-Virus. Die Dateien dazu, die Malwarebytes an diesem Tag um 09:03 in Quarantäne nahm, sind PUM.HiJack.StartMenu und Malware.Trace. Ach ja- seit Längerem habe ich noch eine Amazon Toolbar in der Systemsteuereung unter Programmen stehen, kann sie aber nicht entfernen. Probleme mit der Rechnergeschwindigkeit oder sonstige verdächtige Vorkommnisse hatte ich in den letzten Monaten seit Februar nicht. Nun bin ich aber doch stutzig geworden, ob die o.g. Vorkommnisse zusammenhängen. Ich würde gerne wissen, was ich mit den Dateien machen soll, die sich in Quarantäne von AntiVir und Malwarebytes befinden. Welche minimalen bzw. welche sicheren Maßnahmen empfehlt ihr? Logs von OTL, Malwarebytes und GMER habe ich angehängt. Ich danke euch jetzt schon für euren fachkundigen Rat! --------- OTL logfile created on: 10.07.2012 17:50:02 - Run 4 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Program Files\Hilfsprogramme\OTL Oldtimer Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,91% Memory free 4,23 Gb Paging File | 2,72 Gb Available in Paging File | 64,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 258,05 Gb Total Space | 168,91 Gb Free Space | 65,46% Space Free | Partition Type: NTFS Drive D: | 7,97 Gb Total Space | 0,97 Gb Free Space | 12,17% Space Free | Partition Type: NTFS Drive X: | 160,09 Gb Total Space | 53,28 Gb Free Space | 33,28% Space Free | Partition Type: NTFS Drive Y: | 39,65 Gb Total Space | 10,61 Gb Free Space | 26,77% Space Free | Partition Type: NTFS Computer Name: 03-PC | User Name: chronos | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\RAUM_1\Desktop\Defogger.exe () PRC - C:\Programme\Hilfsprogramme\OTL Oldtimer\OTL.exe (OldTimer Tools) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== MOD - C:\Users\RAUM_1\Desktop\Defogger.exe () MOD - C:\Programme\Hilfsprogramme\WinRAR\RarExt.dll () MOD - C:\Programme\Hilfsprogramme\DiskDefrag\Auslogics Disk Defrag\ausshellext.dll () MOD - C:\Programme\Common Files\Acronis\Common\gc.dll () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Macromedia Licensing Service) -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe () SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Viewpoint Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) ========== Driver Services (SafeList) ========== DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {307E6955-6CF9-4791-A645-558FBCD6A46B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.* IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox10\components [2012.05.03 09:08:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox10\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox 13\components [2012.06.10 11:21:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox 13\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox7\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox7\plugins [2008.09.02 12:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Extensions [2012.02.29 13:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions [2010.06.24 15:25:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.17 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.10 11:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions [2012.06.10 11:21:55 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.04.23 22:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox10\extensions [2012.05.03 09:08:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox10\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.02.29 13:05:57 | 000,773,933 | ---- | M] () (No name found) -- C:\USERS\CHRONOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQNN3MJF.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.04.10 17:10:06 | 000,312,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10751 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (TBSB03603 Class) - {5C9BE6C7-015B-4C06-BDB8-205163FA5F2C} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Programme\Copernic\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000..\Run: [Vidalia] C:\Program Files\Hilfsprogramme\vidaliaBundle\Vidalia Bundle\Vidalia\vidalia.exe () O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004..\Run: [RfxSrvTray] "C:\Program Files\RadioFX\Tobit Radio.fx\Client\rfx-tray.exe" File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes\161\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = File not found O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24DD98CD-B228-4DFA-91EA-1A3FEB3250F2}: NameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.08 21:39:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.06.14 15:12:55 | 000,182,852 | ---- | M] () - X:\autokosten betriebsausgabe test.pdf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 11:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2009.12.03 23:30:22 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vcredist_x86.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.07.10 17:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job [2012.07.10 17:47:49 | 000,000,000 | ---- | M] () -- C:\Users\chronos\defogger_reenable [2012.07.10 16:49:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 16:49:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 08:48:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.10 08:48:46 | 2143,879,168 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 10:36:40 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2012.07.04 16:30:40 | 000,638,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.04 16:30:40 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.04 16:30:40 | 000,130,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.04 16:30:40 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.14 10:19:23 | 000,708,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 17:47:49 | 000,000,000 | ---- | C] () -- C:\Users\chronos\defogger_reenable [2012.07.05 10:35:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2012.02.28 17:05:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2010.09.06 20:26:43 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.02.17 21:59:15 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.02.17 21:59:06 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.16 13:00:32 | 000,001,074 | RH-- | C] () -- C:\Users\chronos\XrxWm.ini [2008.10.16 13:00:31 | 000,000,522 | RH-- | C] () -- C:\Users\chronos\xw45cpdy.dyc [2007.08.11 21:41:08 | 000,000,086 | ---- | C] () -- C:\Users\chronos\AppData\Roaming\wklnhst.dat [2007.08.10 20:03:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.08.09 18:36:21 | 000,000,680 | RHS- | C] () -- C:\Users\chronos\ntuser.pol [2007.08.09 15:23:34 | 000,007,680 | ---- | C] () -- C:\Users\chronos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.08 16:00:41 | 000,000,095 | ---- | C] () -- C:\Users\chronos\AppData\Local\fusioncache.dat ========== LOP Check ========== [2007.09.08 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ACD Systems [2007.08.09 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Acronis [2008.11.11 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Alien Skin [2008.01.08 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ASCOMP Software [2012.01.29 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Auslogics [2009.02.04 10:18:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Copernic [2007.08.08 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DataDesign [2010.06.25 09:37:13 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DeepBurner [2010.07.13 08:33:56 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\JAM Software [2008.03.31 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\McNeel [2010.03.14 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\OpenOffice.org [2011.01.13 23:21:29 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar GmbH [2009.10.02 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar-Player [2012.02.28 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Spyware Terminator [2007.08.11 21:41:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Template [2011.05.31 16:13:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Tobit [2008.05.16 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\WinBatch [2007.09.08 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\ACD Systems [2012.02.01 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Auslogics [2012.07.08 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Canon [2008.10.16 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\CDZilla [2009.02.04 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Copernic [2007.08.15 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DataDesign [2009.06.11 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DeepBurner [2012.05.30 18:12:50 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\elsterformular [2010.07.13 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\JAM Software [2010.03.27 01:24:06 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\McNeel [2011.03.30 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia [2011.03.30 11:16:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia Ovi Suite [2009.10.15 13:49:24 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Octoshape [2010.02.10 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\OpenOffice.org [2011.03.29 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PC Suite [2012.02.01 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PeaZip [2009.10.02 10:50:59 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar GmbH [2012.06.17 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar-Player [2007.10.20 19:54:52 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Template [2010.09.06 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Tobit [2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.07.09 22:35:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.10 17:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job ========== Purity Check ========== < End of report > |
| Themen zu TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? |
| ad-aware, adobe, antivirus, appl/yabector.gen5, avg, avira, bho, defender, desktop, error, explorer, firefox, format, home, intranet, logfile, malware, nicht sicher, object, plug-in, realtek, registry, scan, schädling, searchscopes, sekunden, software, spyware, symantec, vcredist, vista |
Baum-Darstellung