|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingesammeltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.02.2013, 18:54 | #16 |
/// Helfer-Team | GVU Trojaner eingesammelt Zum Schluss: ESET Online Scanner
|
01.02.2013, 19:28 | #17 |
| GVU Trojaner eingesammelt Hatte gerade während des Suchlaufs von eset (6 Funde nach 50%) (b gen virus)
__________________einen bluescreen mit bad pool header. Hab's jetzt nochmal gestartet. So, hab's geschafft ohne weitere bluescreens ...: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=934d3dd5c814a2449c43c575d0de3ce4 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-01 08:09:28 # local_time=2013-02-01 09:09:28 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=3588 16777214 85 83 39497 99329398 0 0 # compatibility_mode=5893 16776574 100 94 908880 111379218 0 0 # scanned=186815 # found=8 # cleaned=0 # scan_time=6166 C:\found.002\dir0000.chk\A9WSYH98\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus 6809C20CDD844357CE28D67E2E9037D39A3282B2 I C:\found.002\dir0000.chk\AW7ERREI\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus A8AC482AEAF2DDF008BCB2B9E5B9435BD904AE0D I C:\found.002\dir0000.chk\GEEALKDJ\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus 587FF7C7FCF6B9B8F1A086F9B2B0AF0FAA28621F I C:\found.002\dir0000.chk\QSXSOPJ3\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus 8C002F206A4C76085749BD56A186C2689023511E I C:\found.002\dir0000.chk\X2LM7KDL\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus 2D82B839F63BCC65D4CD5949721DB2ED94750451 I C:\found.002\dir0000.chk\X2LM7KDL\3a52f3c22ed6fcde5bf696a6c02c9e73[2].htm HTML/Iframe.B.Gen virus 47B90EC3191F3388CC0EDCB68E98C4B0007F83FA I C:\_OTL\MovedFiles\01312013_124704\C_ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ATHS trojan 5B48C43582FF6B78C45EAF90BA6694BCB5188E33 I C:\_OTL\MovedFiles\01312013_124704\C_Users\StefanSchmoock\AppData\Roaming\csrsss.exe a variant of Win32/Kryptik.ATHS trojan E9A771C25B8963A709F654B1E454E587DCB42E12 I |
02.02.2013, 10:16 | #18 |
/// Helfer-Team | GVU Trojaner eingesammeltFixen mit OTL
Code:
ATTFilter :Files C:\found.002\
Gibt es noch Probleme mit dem Rechner?
__________________ |
02.02.2013, 10:30 | #19 |
| GVU Trojaner eingesammelt Guten Morgen! Bis jetzt hatte ich keine weiteren Probleme mit dem Rechner. Ausser, daß er sehr langsam bootet. Hier das LogFile von OTL: Code:
ATTFilter ========== FILES ========== C:\found.002\dir0001.chk folder moved successfully. C:\found.002\dir0000.chk\X2LM7KDL folder moved successfully. C:\found.002\dir0000.chk\U1V5OQ2T folder moved successfully. C:\found.002\dir0000.chk\QSXSOPJ3 folder moved successfully. C:\found.002\dir0000.chk\GEEALKDJ folder moved successfully. C:\found.002\dir0000.chk\AW7ERREI folder moved successfully. C:\found.002\dir0000.chk\A9WSYH98 folder moved successfully. C:\found.002\dir0000.chk\9L1TCK87 folder moved successfully. C:\found.002\dir0000.chk\5N5ZLKMC folder moved successfully. C:\found.002\dir0000.chk\25PCERMO folder moved successfully. C:\found.002\dir0000.chk\0WS6PUTW folder moved successfully. C:\found.002\dir0000.chk folder moved successfully. C:\found.002 folder moved successfully. OTL by OldTimer - Version 3.2.69.0 log created on 02022013_102349 |
02.02.2013, 12:13 | #20 |
/// Helfer-Team | GVU Trojaner eingesammelt Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
02.02.2013, 13:11 | #21 |
| GVU Trojaner eingesammelt Hier das Logfile Code:
ATTFilter ComboFix 13-02-02.05 - StefanSchmoock 02.02.2013 12:58:58.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3886.2119 [GMT 1:00] ausgeführt von:: c:\users\StefanSchmoock\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-02 bis 2013-02-02 )))))))))))))))))))))))))))))) . . 2013-02-02 12:04 . 2013-02-02 12:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-02-02 12:04 . 2013-02-02 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-02 10:36 . 2013-02-02 10:36 -------- d-----w- c:\windows\system32\%LOCALAPPDATA% 2013-02-01 18:02 . 2013-02-01 18:02 -------- d-----w- c:\program files (x86)\ESET 2013-02-01 17:35 . 2013-02-01 17:35 -------- d-----w- c:\users\StefanSchmoock\AppData\Local\Macromedia 2013-02-01 17:34 . 2013-02-01 17:34 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-01 17:34 . 2013-02-01 17:34 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-01 17:18 . 2013-02-01 17:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-01 17:18 . 2013-02-01 17:18 -------- d-----w- c:\program files (x86)\Java 2013-02-01 17:12 . 2013-02-01 17:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-02-01 16:54 . 2013-02-01 16:54 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-01 16:54 . 2013-02-01 17:18 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-01 16:54 . 2013-02-01 17:18 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-01 08:47 . 2013-02-01 09:08 -------- d-----w- c:\windows\system32\drivers\NISx64\1109000.00C 2013-01-31 18:08 . 2013-01-31 18:08 -------- d-----w- c:\users\StefanSchmoock\AppData\Local\Mozilla 2013-01-31 18:08 . 2013-01-31 18:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-01-31 11:47 . 2013-01-31 11:47 -------- d-----w- C:\_OTL 2013-01-31 11:32 . 2013-01-31 11:32 -------- d-----w- C:\found.004 2013-01-31 01:00 . 2013-01-31 01:00 -------- d-----w- c:\users\StefanSchmoock\AppData\Roaming\Malwarebytes 2013-01-31 00:59 . 2013-01-31 00:59 -------- d-----w- c:\programdata\Malwarebytes 2013-01-31 00:59 . 2013-01-31 01:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-31 00:59 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-27 12:27 . 2013-02-02 12:04 -------- d-----w- c:\users\StefanSchmoock\AppData\Local\CrashDumps 2013-01-26 11:51 . 2010-05-06 04:01 53808 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2013-01-25 11:07 . 2013-01-25 11:07 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-01-24 16:28 . 2013-01-24 16:27 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-01-24 16:27 . 2013-01-24 16:28 -------- d-----w- c:\program files\Symantec 2013-01-24 16:27 . 2013-01-24 16:28 -------- d-----w- c:\program files\Common Files\Symantec Shared . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-08 17:24 . 2012-11-27 18:38 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{965D5565-6E63-410D-B299-BF75E051E3D0}\mpengine.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-03-01 2408448] "NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ utilman.lnk - c:\users\StefanSchmoock\AppData\Local\utilman.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-07-20 117888] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-04 87888] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\DRIVERS\fspad_xp64.sys [2009-12-17 53248] R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x] R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-10-15 433200] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20130201.001\IDSvia64.sys [2013-01-24 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x] S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe [2010-01-27 44432] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-15 2533400] S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168] S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-25 138912] S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [2009-12-17 53248] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 17:34] . 2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 06:12] . 2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 06:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.metager.de/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\StefanSchmoock\AppData\Roaming\Mozilla\Firefox\Profiles\9b8z7zol.default\ FF - prefs.js: browser.startup.homepage - google.de FF - ExtSQL: 2013-01-31 14:23; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 FF - ExtSQL: 2013-01-31 17:25; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-02 13:06:42 ComboFix-quarantined-files.txt 2013-02-02 12:06 . Vor Suchlauf: 22 Verzeichnis(se), 137.053.536.256 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 136.836.288.512 Bytes frei . - - End Of File - - DD626992C2D2EEE8D7CE860E69076049 Code:
ATTFilter ComboFix 13-02-02.05 - StefanSchmoock 02.02.2013 12:58:58.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3886.2119 [GMT 1:00] ausgeführt von:: c:\users\StefanSchmoock\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-02 bis 2013-02-02 )))))))))))))))))))))))))))))) . . 2013-02-02 12:04 . 2013-02-02 12:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-02-02 12:04 . 2013-02-02 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-02 10:36 . 2013-02-02 10:36 -------- d-----w- c:\windows\system32\%LOCALAPPDATA% 2013-02-01 18:02 . 2013-02-01 18:02 -------- d-----w- c:\program files (x86)\ESET 2013-02-01 17:35 . 2013-02-01 17:35 -------- d-----w- c:\users\StefanSchmoock\AppData\Local\Macromedia 2013-02-01 17:34 . 2013-02-01 17:34 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-01 17:34 . 2013-02-01 17:34 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-01 17:18 . 2013-02-01 17:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-01 17:18 . 2013-02-01 17:18 -------- d-----w- c:\program files (x86)\Java 2013-02-01 17:12 . 2013-02-01 17:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-02-01 16:54 . 2013-02-01 16:54 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-01 16:54 . 2013-02-01 17:18 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-01 16:54 . 2013-02-01 17:18 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-01 08:47 . 2013-02-01 09:08 -------- d-----w- c:\windows\system32\drivers\NISx64\1109000.00C 2013-01-31 18:08 . 2013-01-31 18:08 -------- d-----w- c:\users\StefanSchmoock\AppData\Local\Mozilla 2013-01-31 18:08 . 2013-01-31 18:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-01-31 11:47 . 2013-01-31 11:47 -------- d-----w- C:\_OTL 2013-01-31 11:32 . 2013-01-31 11:32 -------- d-----w- C:\found.004 2013-01-31 01:00 . 2013-01-31 01:00 -------- d-----w- c:\users\StefanSchmoock\AppData\Roaming\Malwarebytes 2013-01-31 00:59 . 2013-01-31 00:59 -------- d-----w- c:\programdata\Malwarebytes 2013-01-31 00:59 . 2013-01-31 01:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-31 00:59 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-27 12:27 . 2013-02-02 12:04 -------- d-----w- c:\users\StefanSchmoock\AppData\Local\CrashDumps 2013-01-26 11:51 . 2010-05-06 04:01 53808 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2013-01-25 11:07 . 2013-01-25 11:07 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-01-24 16:28 . 2013-01-24 16:27 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-01-24 16:27 . 2013-01-24 16:28 -------- d-----w- c:\program files\Symantec 2013-01-24 16:27 . 2013-01-24 16:28 -------- d-----w- c:\program files\Common Files\Symantec Shared . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-08 17:24 . 2012-11-27 18:38 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{965D5565-6E63-410D-B299-BF75E051E3D0}\mpengine.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-03-01 2408448] "NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ utilman.lnk - c:\users\StefanSchmoock\AppData\Local\utilman.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-07-20 117888] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-04 87888] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\DRIVERS\fspad_xp64.sys [2009-12-17 53248] R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x] R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-10-15 433200] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20130201.001\IDSvia64.sys [2013-01-24 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x] S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe [2010-01-27 44432] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-15 2533400] S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168] S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-25 138912] S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [2009-12-17 53248] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 17:34] . 2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 06:12] . 2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 06:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.metager.de/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\StefanSchmoock\AppData\Roaming\Mozilla\Firefox\Profiles\9b8z7zol.default\ FF - prefs.js: browser.startup.homepage - google.de FF - ExtSQL: 2013-01-31 14:23; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 FF - ExtSQL: 2013-01-31 17:25; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-02 13:06:42 ComboFix-quarantined-files.txt 2013-02-02 12:06 . Vor Suchlauf: 22 Verzeichnis(se), 137.053.536.256 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 136.836.288.512 Bytes frei . - - End Of File - - DD626992C2D2EEE8D7CE860E69076049 Code:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.01) - Deutsch Alice Greenfingers ArcSoft Magic-i Visual Effects 2 ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Brochures & Flyers ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Funhouse II ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar ArcSoft Print Creations - Photo Prints ArcSoft Print Creations - Poster Creator ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card ArcSoft WebCam Companion 3 BurnRecovery Chicken Invaders 2 ESET Online Scanner v3 Firebird SQL Server - MAGIX Edition Google Earth Plug-in Google Update Helper Home Sweet Home Intel(R) Graphics Media Accelerator Driver Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Java 7 Update 11 Java Auto Updater Junk Mail filter update MAGIX Foto Manager 9 MAGIX Music Maker 16 Download-Version MAGIX Online Druck Service MAGIX Screenshare MAGIX Speed burnR MAGIX Video easy SE Mahjong Escape Ancient China Malwarebytes Anti-Malware Version 1.70.0.1100 Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office Starter 2010 - Deutsch Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Moorhuhn X - XXL Mozilla Firefox 18.0.1 (x86 de) Mozilla Maintenance Service MSI Game Corner Console msi Software Install MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Internet Security Norton Online Backup NVIDIA Updatus Realtek High Definition Audio Driver SAMSUNG Intelli-studio Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) System Control Manager Text-To-Speech-Runtime Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Toolbar Windows Live Writer WinRAR archiver XSManager |
02.02.2013, 15:16 | #22 |
/// Helfer-Team | GVU Trojaner eingesammelt Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
02.02.2013, 16:52 | #23 |
| GVU Trojaner eingesammelt Hi t'john! Vielen, vielen herzlichen Dank!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Beste Grüße Sabine |
03.02.2013, 20:42 | #24 |
/// Helfer-Team | GVU Trojaner eingesammelt wuensche eine virenfreie Zeit |
Themen zu GVU Trojaner eingesammelt |
adobe, bho, cdrom, defender, explorer, explorer.exe, firefox, format, home, logfile, microsoft, norton internet security, nvidia, object, realtek, registry, scan, security, software, stick, symantec, trojaner, windows, winlogon |