|
Log-Analyse und Auswertung: ein weiterer GVU Trojaner! :( plz helpWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.12.2012, 00:50 | #1 |
| ein weiterer GVU Trojaner! :( plz help Servus! Wie es scheint habe ich mir wohl auch den GVU Trojaner irgendwie eingefangen... ich hoffe ihr könnt mir helfen, denn meine Bachelorthesis schreibt sich so schlecht mit gesperrtem rechner ^^ nutze vista und avast hier mal die OTL und Malwarebytes Anti-Malware logs hoffe ich hab das alles so richtig gemacht: OTL Code:
ATTFilter OTL logfile created on: 20.12.2012 00:33:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 76,25% Memory free 4,89 Gb Paging File | 4,40 Gb Available in Paging File | 90,09% Paging File free Paging file location(s): c:\pagefile.sys 1000 1000d:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 8,59 Gb Free Space | 19,54% Space Free | Partition Type: NTFS Drive D: | 181,13 Gb Total Space | 46,36 Gb Free Space | 25,60% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.20 00:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2009.04.11 04:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.12.12 13:32:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 18:53:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.06.26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012.02.29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.16 06:32:46 | 003,874,816 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.12.16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.09.06 18:37:35 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.03.17 14:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.02.26 17:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.08.26 21:52:14 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.07.20 22:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.19 04:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 04:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 19:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva399.sys -- (XDva399) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Basti\AppData\Local\Temp\krdpdre.sys -- (krdpdre) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.09.22 19:29:18 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.07.20 08:45:52 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.07.20 08:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.07.20 08:45:52 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.07.20 08:45:52 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.04.27 13:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.10.16 19:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.12.09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.11.04 13:08:18 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.10.06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.08.20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2009.07.12 14:28:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.12 14:28:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http:\\www.alienware.comhttp:\\su [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http:\\www.alienware.comhttp:\\su [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 05 D2 D4 33 DE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{90A7DEF4-39CD-4DC7-9907-FF66D55171FA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "YouTube" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.08 12:44:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.15 08:38:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 18:53:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 18:53:31 | 000,000,000 | ---D | M] [2010.04.24 14:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2012.12.11 19:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\byx7kj4l.default\extensions [2010.06.27 06:54:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\byx7kj4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.26 08:24:13 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\byx7kj4l.default\extensions\youtube2mp3@mondayx.de.xpi [2012.12.11 19:23:05 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\byx7kj4l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011.12.09 07:12:40 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\byx7kj4l.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.11.21 09:32:12 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\byx7kj4l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2010.08.23 13:13:59 | 000,004,140 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\byx7kj4l.default\searchplugins\youtube.xml [2012.12.05 18:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.05 18:53:46 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 09:40:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 12:48:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 09:40:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 09:40:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 09:40:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 09:40:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF01EF5-ADD4-49E0-BF3A-1764D7A20099}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F28A1F-86FC-430A-BD46-B52647B862C7}: DhcpNameServer = 172.17.71.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5daed7f5-69a1-11de-8402-002185e7ccc7}\Shell - "" = AutoRun O33 - MountPoints2\{5daed7f5-69a1-11de-8402-002185e7ccc7}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{65228860-84a7-11e1-b29a-002185e7ccc7}\Shell - "" = AutoRun O33 - MountPoints2\{65228860-84a7-11e1-b29a-002185e7ccc7}\Shell\AutoRun\command - "" = H:\MI.exe O33 - MountPoints2\{db4c5dd8-4e2c-11de-ae04-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{db4c5dd8-4e2c-11de-ae04-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 22:57:08 | 000,258,048 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Basti\wgsdgsdgdsgsd.dll [2012.12.19 21:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios [2012.12.19 21:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios [2012.12.19 21:46:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2012.12.19 21:45:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2012.12.19 21:45:59 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2012.12.19 21:45:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2012.12.19 21:45:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2012.12.19 21:45:56 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2012.12.19 21:45:55 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2012.12.19 21:45:54 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2012.12.19 21:45:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2012.12.19 21:45:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2012.12.19 21:45:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2012.12.19 21:45:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2012.12.05 18:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.19 23:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.19 23:22:57 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.19 23:21:27 | 000,004,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 23:21:27 | 000,004,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 23:19:48 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job [2012.12.19 23:19:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.19 22:57:17 | 000,000,884 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.19 22:57:08 | 000,258,048 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Basti\wgsdgsdgdsgsd.dll [2012.12.19 22:32:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.19 20:40:27 | 000,000,182 | ---- | M] () -- C:\Users\Basti\Desktop\Moon Breakers.url [2012.12.19 20:26:12 | 000,000,208 | ---- | M] () -- C:\Users\Basti\Desktop\Tribes Ascend.url [2012.12.19 19:36:29 | 000,000,209 | ---- | M] () -- C:\Users\Basti\Desktop\APB Reloaded.url [2012.12.18 12:50:38 | 000,001,634 | ---- | M] () -- C:\Users\Public\Desktop\JabRef 2.9.lnk [2012.12.18 10:26:58 | 000,024,143 | ---- | M] () -- C:\Users\Basti\Desktop\Naturix24 - Produkte der Natur.pdf [2012.12.16 12:50:13 | 000,642,364 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.16 12:50:13 | 000,607,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.16 12:50:13 | 000,132,118 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.16 12:50:13 | 000,109,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.12 13:32:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.12 13:32:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.03 20:55:12 | 000,091,602 | ---- | M] () -- C:\Users\Basti\Desktop\255263_462506090440215_806896828_n.jpg [2012.12.02 23:01:20 | 000,145,878 | ---- | M] () -- C:\Users\Basti\Desktop\197655_432908926733265_1636376401_n.jpg [2012.11.26 12:11:55 | 000,001,356 | ---- | M] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat [2012.11.22 11:57:59 | 000,071,254 | ---- | M] () -- C:\Users\Basti\Desktop\181128_444136875605001_381212117_n.jpg [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.19 23:19:48 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job [2012.12.19 22:57:17 | 000,000,884 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.19 22:57:12 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.19 20:40:27 | 000,000,182 | ---- | C] () -- C:\Users\Basti\Desktop\Moon Breakers.url [2012.12.19 20:26:12 | 000,000,208 | ---- | C] () -- C:\Users\Basti\Desktop\Tribes Ascend.url [2012.12.19 19:36:29 | 000,000,209 | ---- | C] () -- C:\Users\Basti\Desktop\APB Reloaded.url [2012.12.18 12:50:38 | 000,001,634 | ---- | C] () -- C:\Users\Public\Desktop\JabRef 2.9.lnk [2012.12.18 10:26:53 | 000,024,143 | ---- | C] () -- C:\Users\Basti\Desktop\Naturix24 - Produkte der Natur.pdf [2012.12.03 20:55:12 | 000,091,602 | ---- | C] () -- C:\Users\Basti\Desktop\255263_462506090440215_806896828_n.jpg [2012.12.02 23:01:20 | 000,145,878 | ---- | C] () -- C:\Users\Basti\Desktop\197655_432908926733265_1636376401_n.jpg [2012.11.22 11:57:59 | 000,071,254 | ---- | C] () -- C:\Users\Basti\Desktop\181128_444136875605001_381212117_n.jpg [2012.07.21 08:30:47 | 000,907,776 | ---- | C] () -- C:\Windows\System32\OWL52F.DLL [2012.04.17 17:25:41 | 000,000,093 | ---- | C] () -- C:\Users\Basti\AppData\Local\fusioncache.dat [2012.03.29 08:31:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.03.29 08:31:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.07.09 16:05:45 | 000,000,132 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.11.13 13:11:17 | 000,735,229 | ---- | C] () -- C:\Users\Basti\ace_uninstaller.exe [2010.08.18 18:17:18 | 000,000,094 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini [2009.07.21 14:59:17 | 000,139,152 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys [2009.06.01 07:07:24 | 000,079,360 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.01 05:06:51 | 000,001,356 | ---- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat [2002.08.08 05:11:30 | 000,319,488 | R--- | C] () -- C:\Users\Basti\AppData\Roaming\MafiaSetup.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 04:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 04:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:587EB586 < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.13 Windows Vista Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Basti :: BASTI-PC [Administrator] 20.12.2012 00:41:05 mbam-log-2012-12-20 (00-44-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202252 Laufzeit: 2 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Basti\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt. (Ende) eagle |
20.12.2012, 09:51 | #2 | |||
/// TB-Ausbilder | ein weiterer GVU Trojaner! :( plz helpIch werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Scan mit Combofix
__________________ |
20.12.2012, 10:43 | #3 |
| ein weiterer GVU Trojaner! :( plz help combofix hat gemeckert trotz ausschalten von avast!
__________________aber hier die log: Code:
ATTFilter ComboFix 12-12-20.01 - Basti 20.12.2012 10:18:32.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.3.1252.49.1031.18.3070.2494 [GMT 1:00] ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\dsgsdgdsgdsgw.pad c:\programdata\Tages c:\programdata\Tages\100663909\Vca.bin c:\programdata\Tages\Priv.xey c:\users\Basti\ace_uninstaller.exe c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk c:\users\Basti\wgsdgsdgdsgsd.dll c:\windows\IsUn0407.exe c:\windows\system32\muzapp.exe c:\windows\system32\System32\MASetupCleaner.exe c:\windows\system32\System32\muzapp.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-20 bis 2012-12-20 )))))))))))))))))))))))))))))) . . 2012-12-20 09:24 . 2012-12-20 09:24 -------- d-----w- c:\users\Basti\AppData\Local\temp 2012-12-20 09:24 . 2012-12-20 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-19 23:40 . 2012-12-19 23:40 -------- d-----w- c:\users\Basti\AppData\Roaming\Malwarebytes 2012-12-19 23:40 . 2012-12-19 23:40 -------- d-----w- c:\programdata\Malwarebytes 2012-12-19 23:40 . 2012-12-19 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-19 23:40 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-19 20:51 . 2012-12-19 20:51 -------- d-----w- c:\programdata\Hi-Rez Studios 2012-12-19 20:46 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-12-19 20:45 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-12-19 20:45 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2012-12-19 20:45 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-12-19 20:45 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-12-19 20:45 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-12-19 20:45 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2012-12-19 20:45 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2012-12-19 20:45 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2012-12-19 20:45 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2012-12-19 20:45 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2012-12-19 20:45 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2012-12-19 11:04 . 2012-12-19 11:04 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5631B8BC-1B6D-4B3B-BFDC-9958AC8F3358}\offreg.dll 2012-12-19 10:57 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5631B8BC-1B6D-4B3B-BFDC-9958AC8F3358}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 12:32 . 2012-03-30 16:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 12:32 . 2011-05-17 23:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2011-04-05 16:16 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-04-05 16:16 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-04-05 16:16 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-04-05 16:16 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2011-04-05 16:16 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2011-04-05 16:16 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-04-05 16:16 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-04-05 16:16 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-26 11:57 . 2011-04-27 12:19 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-09-26 11:57 . 2011-04-27 12:19 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-09-24 21:16 . 2012-10-23 05:27 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-05 17:53 . 2012-12-05 17:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2008-04-29 22:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-12 843208] "KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-29 49928] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-09-22 708608] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] " Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536] . c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-04-29 22:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2012-11-12 09:30 843208 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2012-10-11 00:33 309688 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhalt des "geplante Tasks" Ordners . 2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:32] . 2012-12-19 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-30 22:50] . . ------- Zusätzlicher Suchlauf ------- . IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\byx7kj4l.default\ FF - ExtSQL: !HIDDEN! 2011-04-08 11:52; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-AdobeCS5 - c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe MSConfigStartUp-Google Update - c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe AddRemove-LucasArts' Curse of Monkey Island - c:\windows\unin0407.exe AddRemove-{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1 - d:\spiele\Die Gilde 2 - Gold Edition\unins000.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-Inquisit 3 Web Edition - c:\windows\system32\javaws.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-12-20 10:24 Windows 6.0.6002 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(560) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infql2.dll . Zeit der Fertigstellung: 2012-12-20 10:26:12 ComboFix-quarantined-files.txt 2012-12-20 09:26 . Vor Suchlauf: 8.952.786.944 Bytes frei Nach Suchlauf: 8.885.440.512 Bytes frei . - - End Of File - - 6AFAF5817DAF7993441CAFB390EDFA28 |
20.12.2012, 11:35 | #4 | |
/// TB-Ausbilder | ein weiterer GVU Trojaner! :( plz help Gut! Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 15:39 | #5 |
| ein weiterer GVU Trojaner! :( plz help oooookay also hier die logs: mbam Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.20.03 Windows Vista Service Pack 3 x86 NTFS Internet Explorer 9.0.8112.16421 Basti :: BASTI-PC [Administrator] 20.12.2012 12:37:00 mbam-log-2012-12-20 (12-37-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208570 Laufzeit: 6 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\Basti\wgsdgsdgdsgsd.dll.vir Win32/Reveton.H trojan C:\Qoobox\Quarantine\C\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk.vir Win32/Reveton.M trojan C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2cab240a-7fadd13c multiple threats C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-257e206f Win32/Reveton.H trojan C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6bddc41e-58c19643 multiple threats C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\78bf8d65-72b8e6dd Java/Exploit.CVE-2011-3544.W trojan Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 3 x86 (UAC is disabled!) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 CCleaner JavaFX 2.1.1 Java(TM) 6 Update 29 Java 7 Update 9 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
20.12.2012, 15:56 | #6 |
/// TB-Ausbilder | ein weiterer GVU Trojaner! :( plz help Und genau dazu gehört das auch Magst du mir erklären wie du ein Service Pack 3 hast? So etwas gibt es für Vista nicht ...
__________________ --> ein weiterer GVU Trojaner! :( plz help |
20.12.2012, 16:00 | #7 |
| ein weiterer GVU Trojaner! :( plz help äh ehrlich gesagt keine ahnung oO gibt es nicht? ein kumpel macht bei mir fast immer diese updates weil ich da keinen plan von hab... is des schlimm? |
20.12.2012, 16:02 | #8 |
/// TB-Ausbilder | ein weiterer GVU Trojaner! :( plz help Das kann evtl sogar ziemlich schlimm sein ... Mich würde wirklich interessieren woher das kommt, kannst du dich erkundigen?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 16:03 | #9 |
| ein weiterer GVU Trojaner! :( plz help ja kann den mal fragen wie des kommt und was des is. is aber auch glaub schon ne ganze weile her des der irgendwas gemacht hat an meinem notebook. wie soll ich denn mit dem übrigen verfahren? |
20.12.2012, 16:04 | #10 |
/// TB-Ausbilder | ein weiterer GVU Trojaner! :( plz help Eigentlich können wir erstmal nicht weiter machen ...
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 16:09 | #11 |
| ein weiterer GVU Trojaner! :( plz help oh mann neeein ich brauch den laptop dringend morgen...und ich erreich den immer so schlecht. kann dem nur schreiben *grml* kann ich da nich einfach irgendwie n anderes servicepack drüber installieren und weiter machen? das ding lief eig die ganze zeit so auch stabil oO |
20.12.2012, 16:15 | #12 |
/// TB-Ausbilder | ein weiterer GVU Trojaner! :( plz help Wir müssen jetzt Updates machen und die verändern das System. Wenn ich aber nicht weiß in welchen Zustand das System ist, dann wird das evtl. ein Risiko - möchtest du das eingehen?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 16:19 | #13 |
| ein weiterer GVU Trojaner! :( plz help ja wenn das da nicht hingehört sollte des ja weg denk ich...also viele optionen bleiben mir in der kurzen zeit ja nich. reichen nicht diese wiederherstellungspunkte um das risiko zu minimieren? dafür sind die doch da?^^ |
20.12.2012, 16:27 | #14 |
/// TB-Ausbilder | ein weiterer GVU Trojaner! :( plz help Du hast doch selbst gemeint, dass das schon lange her ist und wir würden so ja auch die Bereinigung zunichte machen ...
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 16:33 | #15 |
| ein weiterer GVU Trojaner! :( plz help achso...hmm...ich dachte halt jetzt wiederherstellungspunkt und von da aus den andern kram... ginge es nicht einfach als "vorablösung" wenn ich die noch vorhandenen schädlinge lösche bis ich herausgefunden habe was das mit dem servicepack 3 soll? selbst bei google find ich da nix...frage mich was der da gemacht hat wie gesagt: mal abgesehen von dem trojaner jetzt hatte ich auf dem laptop noch nie was |
Themen zu ein weiterer GVU Trojaner! :( plz help |
adobe, antivirus, beste grüße, bho, defender, desktop, excel, exploit.drop.gsa, explorer, firefox, flash player, format, google, help, helper, home, hängen, logfile, mozilla, mp3, plug-in, realtek, registry, scan, software, temp, trojaner, trymedia, vista |