| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/sirefef.16896 und tr/atraps.gen2; wie bekomme ich die weg?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
11.09.2012, 15:16
| #1 |
| /// Selecta Jahrusso   |  tr/sirefef.16896 und tr/atraps.gen2; wie bekomme ich die weg? Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.09.2012, 21:02
| #2 |
| | tr/sirefef.16896 und tr/atraps.gen2; wie bekomme ich die weg? Hallo,
__________________hätte gerne früher geaantwortet, aber der PC hat sich nur noch im abgesicherten Modus sarten lassen. Nach Neustart ging das Fenster von ComboFix mehrmals auf und direkt wieder zu. Ich konnte nichts öffnen oder anklicken. Konnte den PC nur mit der Powertaste ausschalten. Ich bin dann irgendwann über den Adminaccount reingegangen in dem ich sonst nie bin. Code:
ATTFilter ComboFix 12-09-11.02 - Admin 11.09.2012 21:40:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16366.14394 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\Installer\{5c5eea11-aaa1-99c9-2255-cb68e6cb1d7b}\@
c:\windows\Installer\{5c5eea11-aaa1-99c9-2255-cb68e6cb1d7b}\U\00000001.@
c:\windows\Installer\{5c5eea11-aaa1-99c9-2255-cb68e6cb1d7b}\U\80000000.@
c:\windows\Installer\{5c5eea11-aaa1-99c9-2255-cb68e6cb1d7b}\U\800000cb.@
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-11 bis 2012-09-11 ))))))))))))))))))))))))))))))
.
.
2012-09-11 19:43 . 2012-09-11 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 03:29 . 2012-09-07 03:29 -------- d-----w- C:\totalcmd
2012-09-07 03:24 . 2012-09-07 03:24 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-09-04 22:05 . 2012-09-04 22:05 -------- d-----w- c:\program files (x86)\UseNeXT
2012-09-04 21:51 . 2012-09-04 21:51 -------- d-----w- c:\program files\WinRAR
2012-09-04 21:14 . 2012-09-04 21:14 -------- d-----w- c:\program files (x86)\Foxit Software
2012-09-03 20:09 . 2012-09-03 20:09 -------- d-----w- c:\program files (x86)\EAGLE-6.2.0
2012-09-03 17:03 . 2012-09-03 17:03 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 01:53 . 2012-08-28 01:53 -------- d-----w- c:\program files (x86)\Resource Hacker
2012-08-24 20:52 . 2012-08-24 20:52 -------- d-----w- c:\programdata\VOWSoft
2012-08-24 20:52 . 2012-08-24 20:52 -------- d-----w- c:\program files (x86)\iPodRobot
2012-08-22 18:21 . 2012-08-22 18:21 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-08-21 17:54 . 2012-08-21 17:54 -------- d-----w- c:\program files (x86)\coolspot AG
2012-08-21 17:46 . 2012-08-21 17:46 -------- d-----w- c:\program files (x86)\SecretCity 3DChat
2012-08-21 17:46 . 2012-08-21 17:46 -------- d-----w- c:\program files (x86)\Utherverse Digital Inc
2012-08-21 08:17 . 2012-08-20 22:21 -------- d-----w- c:\windows\Panther
2012-08-21 08:17 . 2012-08-21 08:17 -------- d-----w- C:\Hotfix
2012-08-21 08:17 . 2012-08-21 08:17 -------- d-----w- C:\Drivers
2012-08-21 08:17 . 2012-08-20 22:20 -------- d-----w- c:\windows\system32\OEM
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\de-DE
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\SysWow64\drivers\de-DE
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\SysWow64\de
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\SysWow64\0407
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\de-DE
2012-08-21 08:16 . 2012-08-20 23:38 -------- d-----w- c:\windows\SysWow64\wbem\de-DE
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\system32\drivers\de-DE
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\system32\de
2012-08-21 08:16 . 2012-08-21 08:16 -------- d-----w- c:\windows\system32\0407
2012-08-21 08:16 . 2012-08-20 23:38 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-08-21 08:14 . 2009-07-14 03:05 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
2012-08-21 05:46 . 2012-08-21 05:47 -------- d-----w- c:\programdata\Battle.net
2012-08-21 05:42 . 2012-09-03 19:29 -------- d-----w- c:\users\Sebastian
2012-08-21 05:38 . 2012-08-21 05:38 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-08-21 05:37 . 2012-08-21 05:37 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-08-21 05:33 . 2012-08-21 05:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-21 05:32 . 2012-07-18 16:04 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-21 05:32 . 2012-07-18 16:04 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-21 05:32 . 2012-07-18 16:04 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-21 05:32 . 2012-08-21 05:32 -------- d-----w- c:\programdata\Avira
2012-08-21 05:32 . 2012-08-21 05:32 -------- d-----w- c:\program files (x86)\Avira
2012-08-21 05:21 . 2012-08-21 05:21 -------- d-----w- c:\program files (x86)\Innovative Solutions
2012-08-21 05:19 . 2012-08-21 05:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-21 05:16 . 2012-08-21 06:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 05:16 . 2012-08-21 06:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 05:16 . 2012-08-21 05:16 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-21 05:16 . 2012-08-21 05:16 -------- d-----w- c:\windows\system32\Macromed
2012-08-21 04:51 . 2011-12-06 13:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-08-21 02:43 . 2012-08-21 02:43 -------- d-----w- c:\programdata\PCDr
2012-08-21 02:43 . 2012-08-21 02:43 -------- d-----w- c:\program files\AlienAutopsy
2012-08-21 02:39 . 2012-09-11 19:56 -------- d-----w- c:\programdata\NVIDIA
2012-08-21 02:35 . 2012-08-21 05:35 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-21 02:35 . 2010-08-20 09:05 21616 ----a-w- c:\windows\system32\drivers\stdcfltn.sys
2012-08-21 02:34 . 2012-08-21 02:34 -------- d-----w- c:\program files\STMicroelectronics
2012-08-21 02:31 . 2012-08-21 02:31 -------- d-----w- c:\program files\Synaptics
2012-08-21 02:31 . 2011-03-30 13:12 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-21 02:31 . 2011-03-30 13:12 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-08-21 02:31 . 2011-03-30 13:12 148264 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-08-21 02:31 . 2011-03-30 13:12 1395760 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-21 02:31 . 2011-03-30 13:12 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-08-21 02:31 . 2011-03-30 13:12 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-08-21 02:31 . 2011-03-30 13:12 273704 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-21 02:31 . 2011-03-30 13:12 218408 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-08-21 02:31 . 2011-03-30 13:12 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-08-21 02:30 . 2011-03-03 15:23 81008 ----a-w- c:\windows\system32\accelernco01.dll
2012-08-21 02:30 . 2011-03-03 15:23 27760 ----a-w- c:\windows\system32\drivers\Accelern.sys
2012-08-21 02:28 . 2011-03-03 14:48 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-08-21 02:28 . 2012-08-21 02:28 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-08-21 02:28 . 2012-08-21 04:51 -------- d-----w- c:\program files (x86)\Intel
2012-08-21 02:27 . 2011-03-03 15:07 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-08-21 02:27 . 2011-03-03 15:07 335464 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-08-20 23:51 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-08-20 23:51 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-08-20 23:51 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-08-20 23:49 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-20 23:49 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-20 23:43 . 2012-08-20 23:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-20 23:30 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47679C7B-1F12-4896-8E81-30BF787E5E37}\mpengine.dll
2012-08-20 23:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-20 23:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-20 23:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-20 23:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-20 23:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-20 23:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-20 23:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-20 23:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-20 23:17 . 2012-08-03 02:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-20 23:15 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-20 23:15 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-08-20 23:13 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-20 23:13 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-08-20 23:10 . 2012-08-20 23:10 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-08-20 23:10 . 2011-03-03 15:02 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2012-08-20 23:08 . 2012-08-20 23:08 -------- d-----w- c:\program files (x86)\AMD APP
2012-08-20 23:08 . 2012-08-20 23:08 -------- d-----w- C:\Intel
2012-08-20 23:08 . 2012-08-20 23:08 -------- d-----w- c:\program files\ATI
2012-08-20 23:08 . 2012-08-20 23:08 -------- d-----w- c:\program files\ATI Technologies
2012-08-20 22:49 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-20 22:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-20 22:49 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-20 22:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-20 22:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-20 22:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-20 22:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-20 22:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-20 22:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-20 22:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-20 22:47 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-20 22:47 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-20 22:46 . 2012-08-20 22:46 -------- d-----w- c:\users\Public\Roaming
2012-08-20 22:46 . 2012-08-20 22:46 -------- d-----w- c:\users\Default\Roaming
2012-08-20 22:45 . 2012-08-20 22:45 -------- d-----w- c:\program files\Common Files\Intel
2012-08-20 22:45 . 2012-08-20 22:45 -------- d-----w- c:\program files (x86)\Cisco
2012-08-20 22:45 . 2012-08-20 22:45 -------- d-----w- c:\programdata\Intel
2012-08-20 22:45 . 2012-08-20 22:45 -------- d-----w- c:\program files\Intel
2012-08-20 22:45 . 2012-09-07 03:32 -------- d-sh--w- c:\windows\Installer
2012-08-20 22:44 . 2012-08-20 22:44 -------- d-----w- C:\dell
2012-08-20 22:25 . 2012-08-20 22:25 -------- d-----w- c:\program files (x86)\Creative
2012-08-20 22:24 . 2012-08-20 22:24 -------- d-----w- c:\program files (x86)\Integrated Webcam
2012-08-20 22:24 . 2010-06-07 14:45 174848 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys
2012-08-20 22:24 . 2009-05-28 08:49 224768 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys
2012-08-20 22:24 . 2012-08-20 22:24 -------- d-----w- c:\program files (x86)\Creative Live! Cam
2012-08-20 22:23 . 2012-08-21 02:38 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-08-20 22:23 . 2012-08-20 22:23 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-07-31 11324352]
"Personal ID"="c:\progra~2\COOLSP~1\PERSON~1\PID.EXE" [2012-08-21 1132984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2010-08-11 487561]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-03 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 250056]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-06-07 174848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-26 378472]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-03-03 27760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-03 76912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-05 174184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-03 335464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 06:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-26 315496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlo2jvk.default\
.
Supplementary scan did not complete!
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-11 21:57:42 - PC wurde neu gestartet
.
Vor Suchlauf: 13 Verzeichnis(se), 25.722.769.408 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 27.402.240.000 Bytes frei
.
- - End Of File - - A4B70E3B952B44FC00FA2C1A41C936B1
Geändert von dalyay (11.09.2012 um 21:10 Uhr) |
|
| Themen zu tr/sirefef.16896 und tr/atraps.gen2; wie bekomme ich die weg? |
| action, anti-malware, antivir, code, detected, disabled, explorer, file, hoffe, installer, kleines, limited, log, malicious, malwarebytes, namen, quarantäne, quick, registry, service, startup, system, tr/atraps.gen, version, weiteres |
Hybrid-Darstellung
