| |
| |||||||
Log-Analyse und Auswertung: Elster E-Mail geöffnet - PDF exploiteingefangen ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.09.2012, 14:31
| #1 |
| |  Elster E-Mail geöffnet - PDF exploiteingefangen ? Hallo liebe Community, jetzt hat es mich auch erwischt.  Mir kam es zwar komisch vor, aber da ich keine Rechtschreibfehler erkennen konnte und der Inhalt plausibel war, habe ich den Anhang dieser E-Mail geöffnet: Code:
ATTFilter Sehr geehrte Damen und Herren,
fur Sie wurde von Ihrem Finanzamt bzw. Ihrer Steuerverwaltung uber das Verfahren ELSTER eine verschlusselte Datei
(Einkommensteuerbescheid) zur Abholung bereitgestellt.
-- Ihre Datei finden Sie als PDF-Datei im Anhang dieser E-Mail. --
Sollten Sie die Daten nicht abholen, so werden diese nach 6 Monaten automatisch geloscht.
Dies ist eine automatisch generierte E-Mail - bitte antworten Sie nicht an diese Mailadresse.
Mit freundlichen Grussen
Ihr Finanzamt / Ihre Steuerverwaltung
www.elster.de
HINWEIS:
Sie erhalten diese E-Mail, weil Sie bei der Datenubermittlung z.B. Ihrer Steuererklarung die
Mailbenachrichtigung auf diese E-Mailadresse gewunscht haben.
Bei Steuerbescheiden ist allein die Papierausfertigung rechtlich relevant.
hxxp://virusscan.jotti.org/de/scanresult/5881f2c24b6b9885f8ffb8bb659a7e77fd650276/597a7018d3f2b49430a016fd6fec35b00f58d773 Nun stelle ich mir die Frage, ob es nochmal gut gegangen ist und mein Acrobat nicht anfällig war. Mein OTL.TXT: Code:
ATTFilter OTL logfile created on: 26.09.2012 14:49:26 - Run 1 OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\brauns\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,27% Memory free 7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,04 Gb Total Space | 77,62 Gb Free Space | 31,81% Space Free | Partition Type: NTFS Drive F: | 1397,26 Gb Total Space | 858,27 Gb Free Space | 61,43% Space Free | Partition Type: NTFS Computer Name: PHENOM | User Name: brauns | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.09.26 14:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\brauns\Downloads\OTL.exe PRC - [2012.09.10 13:34:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe PRC - [2011.01.12 17:24:06 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe PRC - [2010.09.15 05:14:06 | 007,130,112 | ---- | M] (AGFEO ) -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.09.10 13:34:42 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll MOD - [2010.04.19 20:02:30 | 000,930,304 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtNetwork4.dll MOD - [2010.03.26 20:48:12 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll MOD - [2010.03.26 20:47:20 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll MOD - [2010.03.26 20:47:14 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll MOD - [2010.03.26 20:43:04 | 001,110,016 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtScript4.dll MOD - [2010.03.26 20:26:44 | 009,823,232 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtWebKit4.dll MOD - [2010.03.26 18:48:34 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\phonon4.dll MOD - [2010.03.26 18:43:22 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtSql4.dll MOD - [2010.03.26 18:43:08 | 007,829,504 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtGui4.dll MOD - [2010.03.26 18:28:56 | 002,101,248 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtCore4.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.12.02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV - [2012.09.10 13:34:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.07.30 15:28:08 | 000,194,224 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.06.23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery) SRV - [2010.06.22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:38:22 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.09.05 08:22:38 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.09.05 08:22:38 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.04.12 18:44:40 | 000,032,984 | ---- | M] (SEGGER Microcontroller Systeme GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jlinkx64.sys -- (jlink) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.11.24 09:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2011.11.24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.10.07 11:24:12 | 000,152,064 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2011.10.07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2011.08.09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.02.09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2010.12.28 17:46:56 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.12.22 23:22:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.29 10:14:46 | 000,063,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb2ser64.sys -- (usb2ser64) DRV:64bit: - [2010.08.30 10:29:30 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl) DRV:64bit: - [2010.08.30 10:26:30 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl) DRV:64bit: - [2010.08.30 10:07:40 | 000,895,640 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK) DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.07.28 13:41:24 | 000,022,528 | ---- | M] (IVI Foundation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ausbtmc.sys -- (Usbtmc) DRV:64bit: - [2010.07.09 14:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.23 10:05:30 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV:64bit: - [2010.06.23 10:04:04 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK) DRV:64bit: - [2010.06.11 14:32:32 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk) DRV:64bit: - [2010.05.26 11:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\8CD4.tmp -- (MEMSWEEP2) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.03.24 12:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk) DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.14 15:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2012.09.26 14:45:41 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.07.09 18:47:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2012.07.03 12:15:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2010.03.12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 CB 42 98 17 A2 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://127.0.0.1:3128/proxy.ins ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?tab=wc&pli=1" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.23.0.5 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 13:34:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.01 16:53:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 22:28:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.23 11:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\Extensions [2010.12.23 11:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.25 11:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\Firefox\Profiles\equwkc4z.default\extensions [2011.12.04 13:36:34 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\brauns\AppData\Roaming\mozilla\Firefox\Profiles\equwkc4z.default\extensions\DeviceDetection@logitech.com [2012.05.14 23:02:48 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\brauns\AppData\Roaming\mozilla\Firefox\Profiles\equwkc4z.default\extensions\fb_add_on@avm.de [2012.07.25 11:06:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\firefox\profiles\equwkc4z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.11 11:26:32 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\firefox\profiles\equwkc4z.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.04.27 08:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.10 13:34:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.27 08:50:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 13:34:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.27 08:50:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.27 08:50:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.27 08:50:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.27 08:50:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F4C5E51-2D31-405C-9E87-8B216E534772}: DhcpNameServer = 192.168.17.76 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6c15384d-1025-11e1-9a04-e0764533cc7b}\Shell - "" = AutoRun O33 - MountPoints2\{6c15384d-1025-11e1-9a04-e0764533cc7b}\Shell\AutoRun\command - "" = L:\Startme.exe O33 - MountPoints2\{adfeabe2-48ff-11e1-9d7a-1c6f658452f7}\Shell - "" = AutoRun O33 - MountPoints2\{adfeabe2-48ff-11e1-9d7a-1c6f658452f7}\Shell\AutoRun\command - "" = M:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.26 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\brauns\Desktop\Virus [2012.09.24 08:11:19 | 000,000,000 | ---D | C] -- C:\Users\brauns\Desktop\LAPTOPFRAESE [2012.09.23 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\brauns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2012.09.23 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2012.09.23 18:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast [2012.09.20 18:44:30 | 000,000,000 | ---D | C] -- C:\Users\brauns\Desktop\CNCPROFI [2012.09.13 08:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.09.05 19:14:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.05 19:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.05 19:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.05 08:22:38 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2012.09.05 08:22:38 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2012.09.03 08:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.09.01 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.01 16:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.09.01 15:48:33 | 000,000,000 | ---D | C] -- C:\Users\brauns\AppData\Roaming\Wings3D [2012.08.29 16:58:27 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5 [2012.08.29 16:58:22 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew [2012.08.27 16:13:41 | 000,000,000 | ---D | C] -- C:\Users\brauns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB [2012.08.27 16:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RMPrepUSB [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.26 14:52:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.26 14:52:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.26 14:45:41 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr [2012.09.26 14:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.26 14:45:37 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys [2012.09.26 14:44:28 | 000,000,020 | ---- | M] () -- C:\Users\brauns\defogger_reenable [2012.09.26 10:01:40 | 000,000,600 | ---- | M] () -- C:\Users\brauns\AppData\Local\PUTTY.RND [2012.09.24 08:12:27 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.24 08:12:27 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.24 08:12:27 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.24 08:12:27 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.24 08:12:27 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.24 08:05:55 | 000,000,218 | ---- | M] () -- C:\Users\brauns\.recently-used.xbel [2012.09.23 18:54:01 | 000,000,991 | ---- | M] () -- C:\Users\brauns\Desktop\SopCast.lnk [2012.09.23 18:52:18 | 009,625,551 | ---- | M] () -- C:\Users\brauns\Desktop\Setup-SopCast-3.5.0-2012-3-2.exe [2012.09.21 11:08:03 | 001,448,424 | ---- | M] () -- C:\Users\brauns\Desktop\PENNY MOBIL erklärung.pdf [2012.09.21 11:04:29 | 000,059,673 | ---- | M] () -- C:\Users\brauns\Desktop\PENNY MOBIL.pdf [2012.09.18 17:19:40 | 000,721,816 | ---- | M] () -- C:\Users\brauns\Desktop\dungs.pdf [2012.09.17 18:40:20 | 000,087,059 | ---- | M] () -- C:\Users\brauns\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf [2012.09.16 18:20:34 | 000,315,265 | ---- | M] () -- C:\Users\brauns\Desktop\Chefkoch.de Rezept Quiche.pdf [2012.09.13 08:57:33 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2012.09.06 19:28:38 | 000,029,696 | ---- | M] () -- C:\Users\brauns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.05 08:24:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf [2012.09.05 08:24:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf [2012.09.05 08:22:38 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2012.09.05 08:22:38 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2012.09.04 18:46:35 | 000,003,840 | ---- | M] () -- C:\Windows\scad3.INI [2012.09.03 11:43:22 | 000,183,326 | ---- | M] () -- C:\Users\brauns\Desktop\eberle geh.pdf [2012.09.03 08:54:25 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.30 08:12:15 | 000,321,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.29 16:58:27 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk [2012.08.29 14:23:56 | 057,801,775 | ---- | M] () -- C:\Users\brauns\Documents\handbuchderfarbe00zerruoft.pdf [2012.08.29 13:40:07 | 000,072,166 | ---- | M] () -- C:\Users\brauns\Documents\Anweisung_Aetznatron.pdf [2012.08.29 13:39:49 | 000,112,560 | ---- | M] () -- C:\Users\brauns\Documents\Sicherheitsdatenblatt_Aetznatron.pdf [2012.08.27 16:13:41 | 000,001,035 | ---- | M] () -- C:\Users\brauns\Desktop\RMPrepUSB.lnk [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.26 14:45:41 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr [2012.09.26 14:44:28 | 000,000,020 | ---- | C] () -- C:\Users\brauns\defogger_reenable [2012.09.24 08:05:55 | 000,000,218 | ---- | C] () -- C:\Users\brauns\.recently-used.xbel [2012.09.23 18:54:01 | 000,000,991 | ---- | C] () -- C:\Users\brauns\Desktop\SopCast.lnk [2012.09.21 11:08:02 | 001,448,424 | ---- | C] () -- C:\Users\brauns\Desktop\PENNY MOBIL erklärung.pdf [2012.09.21 11:04:28 | 000,059,673 | ---- | C] () -- C:\Users\brauns\Desktop\PENNY MOBIL.pdf [2012.09.18 17:19:40 | 000,721,816 | ---- | C] () -- C:\Users\brauns\Desktop\dungs.pdf [2012.09.17 18:40:19 | 000,087,059 | ---- | C] () -- C:\Users\brauns\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf [2012.09.16 18:20:33 | 000,315,265 | ---- | C] () -- C:\Users\brauns\Desktop\Chefkoch.de Rezept Quiche.pdf [2012.09.13 08:57:33 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2012.09.05 08:24:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf [2012.09.05 08:24:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf [2012.09.03 11:43:21 | 000,183,326 | ---- | C] () -- C:\Users\brauns\Desktop\eberle geh.pdf [2012.09.03 08:54:25 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.29 16:58:27 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk [2012.08.29 14:22:56 | 057,801,775 | ---- | C] () -- C:\Users\brauns\Documents\handbuchderfarbe00zerruoft.pdf [2012.08.29 13:40:06 | 000,072,166 | ---- | C] () -- C:\Users\brauns\Documents\Anweisung_Aetznatron.pdf [2012.08.29 13:39:46 | 000,112,560 | ---- | C] () -- C:\Users\brauns\Documents\Sicherheitsdatenblatt_Aetznatron.pdf [2012.08.27 16:13:41 | 000,001,035 | ---- | C] () -- C:\Users\brauns\Desktop\RMPrepUSB.lnk [2012.07.14 12:40:05 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.06.14 08:01:24 | 000,000,412 | ---- | C] () -- C:\Users\brauns\AppData\Roaming\All CPU Meter_Settings.ini [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.22 09:04:08 | 000,000,036 | ---- | C] () -- C:\Users\brauns\.org.eclipse.epp.usagedata.recording.userId [2012.03.20 17:18:44 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.06 10:08:50 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\vbarchiv.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.15 22:24:19 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.10 23:31:14 | 000,000,736 | ---- | C] () -- C:\Users\brauns\id_dsa [2011.09.10 22:07:05 | 000,000,604 | ---- | C] () -- C:\Users\brauns\braunskey.pub [2011.08.26 17:18:12 | 000,000,094 | ---- | C] () -- C:\Users\brauns\AppData\Local\fusioncache.dat [2011.08.26 16:53:37 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.08 10:51:08 | 000,001,719 | ---- | C] () -- C:\Users\brauns\pgp_ingo_brauns.asc [2011.08.07 20:35:50 | 000,077,110 | ---- | C] () -- C:\Users\brauns\pubring.pkr [2011.08.07 20:35:44 | 000,001,806 | ---- | C] () -- C:\Users\brauns\ingobrauns2.sec [2011.08.07 20:35:44 | 000,001,806 | ---- | C] () -- C:\Users\brauns\ingobrauns1.sec [2011.07.16 15:29:59 | 000,001,050 | ---- | C] () -- C:\Windows\wiso.ini [2011.06.08 10:32:37 | 000,000,600 | ---- | C] () -- C:\Users\brauns\AppData\Roaming\PUTTY.RND [2011.06.01 19:20:48 | 000,000,133 | ---- | C] () -- C:\Users\brauns\backup.bat [2011.05.16 09:33:08 | 001,386,056 | ---- | C] () -- C:\Users\brauns\.b2log [2011.03.31 11:35:55 | 000,000,600 | ---- | C] () -- C:\Users\brauns\AppData\Local\PUTTY.RND [2011.03.28 14:56:29 | 000,007,606 | ---- | C] () -- C:\Users\brauns\AppData\Local\resmon.resmoncfg [2011.03.27 00:57:34 | 000,029,696 | ---- | C] () -- C:\Users\brauns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.23 12:52:52 | 000,003,840 | ---- | C] () -- C:\Windows\scad3.INI [2011.01.16 14:07:35 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.01.16 14:07:35 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.01.16 14:07:35 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.01.16 14:07:35 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.01.16 14:07:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.01.12 11:59:35 | 000,409,363 | ---- | C] () -- C:\Users\brauns\Anwenderdoku.pdf [2011.01.04 20:53:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.01.02 14:29:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.27 16:39:19 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini [2010.12.23 21:52:56 | 000,000,824 | ---- | C] () -- C:\Users\brauns\braunskey.ppk [2010.12.22 22:44:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.22 22:31:54 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.22 22:25:55 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2010.12.22 22:21:52 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.11.04 22:40:38 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\.purple [2010.12.30 12:22:44 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\AGFEO [2011.06.09 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Aquamarin Haushaltsbuch [2010.12.24 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Ashampoo [2011.07.16 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Buhl Data Service [2011.10.07 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\calibre [2011.03.27 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\CamTrack [2010.12.24 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Canneverbe Limited [2012.07.13 17:29:20 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Canon [2010.12.22 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\DAEMON Tools Lite [2012.07.28 10:22:27 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Dropbox [2011.03.10 10:48:00 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\DVDVideoSoft [2011.03.02 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Familienbande [2012.07.20 09:57:19 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\FRITZ! [2012.07.20 09:52:27 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.03.10 10:48:17 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\GetRightToGo [2011.08.08 11:07:55 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\gnupg [2012.09.18 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\gtk-2.0 [2011.07.15 15:58:23 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\inkscape [2012.03.31 13:03:43 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\IrfanView [2012.07.02 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\KillProcess [2010.12.25 11:18:18 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Leadertech [2012.03.28 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\LibreOffice [2011.03.18 20:53:51 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\LolClient [2011.04.13 13:56:10 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Notepad++ [2010.12.23 11:43:17 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\OpenOffice.org [2010.12.27 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\ScanSoft [2011.11.17 20:00:39 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Sony [2010.12.23 23:12:51 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Subversion [2010.12.23 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Thunderbird [2011.12.12 13:25:06 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\TrueCrypt [2011.01.10 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Ubisoft [2012.09.01 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Wings3D [2012.03.19 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report >   LG Ingo |
|
26.09.2012, 14:42
| #2 |
| /// Malware-holic   | Elster E-Mail geöffnet - PDF exploiteingefangen ? geloscht
__________________würden die sicher nicht schreiben. leite mir mal die mail weiter, danke wer solche mails bekommt, kann einfache sicherheitsmaßnamen beachten. 1. der absender, meist ist das keiner den man kennt. 2. rechtschreibung bzw ausdruck 3. erwarte ich überhaupt solch eine mail. 4. adresse, und sonstige angaben in der mail prüfen. und, ruhig anrufen bei dem amt ob sie was geschickt haben, wenn nicht, löschen bzw vorher an uns weiterleiten
__________________ |
|
26.09.2012, 14:57
| #3 |
| /// Malware-holic | Elster E-Mail geöffnet - PDF exploiteingefangen ? ok angekommen
__________________malwarebytes: Downloade Dir bitte Malwarebytes
__________________ |
|
26.09.2012, 16:29
| #4 |
| | Elster E-Mail geöffnet - PDF exploiteingefangen ? hmm, scheint gut gelaufen zu sein ... Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.26.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 brauns :: PHENOM [Administrator] Schutz: Aktiviert 26.09.2012 16:20:22 mbam-log-2012-09-26 (16-20-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 478994 Laufzeit: 1 Stunde(n), 3 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)  |
|
27.09.2012, 14:30
| #5 | |
| /// Malware-holic | Elster E-Mail geöffnet - PDF exploiteingefangen ? hi ja weil ich die mail schon vorher bekommen hatte, und die autoren der seiten, wo die malware gehostet wurde, die von der pdf geladen wurde, angeschrieben hab und die ihren webauftritt bereinigt haben außerdem scheint dein adobe reader aktuell zu sein. wir machen aber noch einen check, und danach, wenn alles gut läuft, sichern wir den pc ab. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.09.2012, 15:00
| #6 |
| | Elster E-Mail geöffnet - PDF exploiteingefangen ? Vielen Dank! Hier das Logfile von Combofix: Code:
ATTFilter ComboFix 12-09-26.06 - brauns 27.09.2012 15:40:41.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4093.2680 [GMT 2:00]
ausgeführt von:: c:\users\brauns\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
F:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-27 bis 2012-09-27 ))))))))))))))))))))))))))))))
.
.
2012-09-27 13:46 . 2012-09-27 13:46 -------- d-----w- c:\users\Mcx1-PHENOM\AppData\Local\temp
2012-09-27 13:46 . 2012-09-27 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 14:19 . 2012-09-26 14:19 -------- d-----w- c:\users\brauns\AppData\Roaming\Malwarebytes
2012-09-26 14:18 . 2012-09-26 14:18 -------- d-----w- c:\programdata\Malwarebytes
2012-09-26 14:18 . 2012-09-26 14:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 14:18 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 06:40 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21943AC4-A717-4FFE-BB0C-D77308B0D82B}\mpengine.dll
2012-09-23 16:54 . 2012-09-23 16:54 -------- d-----w- c:\program files (x86)\SopCast
2012-09-13 06:57 . 2012-09-07 15:38 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-09-13 06:57 . 2012-09-07 15:38 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-09-12 06:53 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:53 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 06:53 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 11:34 . 2012-09-10 11:34 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-07 15:38 . 2012-09-07 15:38 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-09-07 15:38 . 2012-09-07 15:38 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-09-07 15:38 . 2012-09-07 15:38 117080 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-09-07 15:37 . 2012-09-07 15:37 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-09-05 17:14 . 2012-09-05 17:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-05 17:14 . 2012-09-05 17:14 -------- d-----r- c:\program files (x86)\Skype
2012-09-05 06:22 . 2012-09-05 06:22 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-09-05 06:22 . 2012-09-05 06:22 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-09-05 06:22 . 2012-09-05 06:22 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-09-01 14:54 . 2012-09-01 14:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-01 14:54 . 2012-09-01 14:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 14:53 . 2012-09-01 14:53 -------- d-----w- c:\program files (x86)\Java
2012-09-01 13:48 . 2012-09-01 13:48 -------- d-----w- c:\users\brauns\AppData\Roaming\Wings3D
2012-08-31 08:15 . 2012-08-31 08:15 2295408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-29 14:58 . 2012-08-29 14:58 -------- d-----w- c:\windows\ShellNew
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 06:58 . 2012-06-13 13:48 25640 ----a-w- c:\windows\gdrv.sys
2012-09-12 14:49 . 2010-12-23 16:25 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-03 06:52 . 2012-07-04 09:36 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-03 06:52 . 2011-05-19 13:51 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 14:54 . 2012-06-21 12:43 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 14:54 . 2010-12-23 09:36 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 08:15 . 2011-01-14 17:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-18 18:15 . 2012-08-16 06:02 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 10:36 . 2012-07-14 10:36 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2012-07-14 10:36 . 2011-01-14 18:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-14 10:36 . 2012-07-14 10:36 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-09 16:47 . 2010-12-22 20:31 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-07-04 22:16 . 2012-08-16 06:02 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 06:02 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 06:02 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 06:02 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 10:15 . 2010-12-23 16:25 25640 ----a-w- c:\windows\etdrv.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-6-3 292240]
TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2010-9-15 7130112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
R2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ALSysIO;ALSysIO;c:\users\brauns\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-07-03 25640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-05 14448]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-09 30528]
R3 jlink;J-Link driver;c:\windows\system32\DRIVERS\jlinkx64.sys [2012-04-12 32984]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.6.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\8CD4.tmp [2010-05-26 6144]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-08-30 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-08-30 12992]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11944]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 usb2ser64;usb2ser64;c:\windows\system32\DRIVERS\usb2ser64.sys [2010-10-29 63608]
R3 Usbtmc;ausbtmc;c:\windows\system32\Drivers\ausbtmc.sys [2010-07-28 22528]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-09-07 117080]
R4 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
R4 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-07-30 194224]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-22 834544]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-07 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-07 130904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [2011-12-02 4913608]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11944]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-07 166232]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.17.76
FF - ProfilePath - c:\users\brauns\AppData\Roaming\Mozilla\Firefox\Profiles\equwkc4z.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?tab=wc&pli=1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8CD4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-27 15:49:23
ComboFix-quarantined-files.txt 2012-09-27 13:49
.
Vor Suchlauf: 21 Verzeichnis(se), 97.979.502.592 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 98.348.236.800 Bytes frei
.
- - End Of File - - E8EE10B425AA8BA3F95133B8D8BADFCA
|
|
01.10.2012, 19:12
| #7 |
| /// Malware-holic | Elster E-Mail geöffnet - PDF exploiteingefangen ? lade den CCleaner standard: CCleaner Download - CCleaner 3.23.1823 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Elster E-Mail geöffnet - PDF exploiteingefangen ? |
| adobe, e-mail, error, explorer, festplatte, firefox, format, frage, helper, logfile, microsoft, mozilla, national, neustart, nicht öffnen, object, pdf, plug-in, programme, realtek, rechtlich, registry, safer networking, schreibfehler, secure, sekunden, software, sophos, usb, usb 3.0, windows, winlogon |
Linear-Darstellung
