|
Log-Analyse und Auswertung: Groupon Virus/TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.03.2013, 20:26 | #46 |
/// Helfer-Team | Groupon Virus/Trojaner Entferne die Netzwerkkarte aus dem Geratemanager und starte Windows neu, damit die Karte neu eingerichtet wird. |
25.03.2013, 20:49 | #47 |
| Groupon Virus/Trojaner ok, hab ich gemacht, aber wieder nix. Es wird die Internet verbindung angezeigt ohne fehler,
__________________aber ich kann keine Seite öffnen und Mozilla thunderbird kann mit den Mail server auch keine Verbindung aufbauen. Auch die Malware Programme kann ich nicht updaten... |
26.03.2013, 02:46 | #48 |
/// Helfer-Team | Groupon Virus/Trojaner Combofix-Skript
__________________
__________________ |
26.03.2013, 13:28 | #49 |
| Groupon Virus/Trojaner Hier das Logfile: Code:
ATTFilter ComboFix 13-03-25.01 - **** 26.03.2013 11:57:46.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4023.2709 [GMT 1:00] ausgeführt von:: c:\users\****\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\****\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-26 bis 2013-03-26 )))))))))))))))))))))))))))))) . . 2013-03-26 11:23 . 2013-03-26 11:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-26 11:23 . 2013-03-26 11:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-26 11:23 . 2013-03-26 11:23 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp 2013-03-26 11:06 . 2013-03-26 11:06 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7161A159-8729-4513-92AB-E6624CFB07DC}\offreg.dll 2013-03-25 19:53 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7161A159-8729-4513-92AB-E6624CFB07DC}\mpengine.dll 2013-03-25 08:15 . 2013-03-25 08:37 -------- d-----w- c:\windows\system32\catroot2 2013-03-19 20:53 . 2013-03-19 20:53 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-19 20:53 . 2013-03-19 20:52 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-19 20:41 . 2013-03-19 20:41 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2013-03-19 20:41 . 2013-03-19 20:41 -------- d-----w- c:\windows\system32\wbem\en-US 2013-03-19 20:09 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-03-19 19:58 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-18 20:59 . 2013-03-18 20:59 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-18 20:59 . 2013-03-18 20:59 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-16 10:16 . 2013-03-23 14:40 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2013-03-16 10:09 . 2013-03-16 10:09 -------- d-----w- C:\RegBackup 2013-03-13 16:44 . 2013-03-13 16:44 -------- d-----w- C:\_OTL 2013-03-12 18:09 . 2013-03-12 18:09 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes 2013-03-12 18:09 . 2013-03-12 18:09 -------- d-----w- c:\programdata\Malwarebytes 2013-03-12 18:09 . 2013-03-12 18:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-12 18:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-12 18:08 . 2013-03-12 18:08 -------- d-----w- c:\users\****\AppData\Local\Programs 2013-03-10 20:08 . 2013-03-23 14:25 -------- d-----w- c:\programdata\Avira 2013-03-02 16:07 . 2013-03-02 16:07 -------- d-----w- c:\users\****\AppData\Local\Macromedia 2013-03-02 16:07 . 2013-03-02 16:07 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-19 20:52 . 2012-06-26 16:07 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-19 20:52 . 2011-02-27 11:37 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 20:38 . 2010-03-13 21:38 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-02 16:07 . 2011-11-03 16:09 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 13:22 . 2009-11-29 17:20 2824504 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-27 13:22 . 2009-11-29 17:20 15052728 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-27 13:22 . 2012-01-24 11:27 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-18 08:22 . 2013-02-18 08:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 08:22 . 2013-02-18 08:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 08:22 . 2013-02-18 08:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-18 20:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-18 20:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-18 20:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-18 20:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-18 20:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-18 20:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-17 00:28 . 2010-03-08 19:49 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 21:37 . 2009-11-28 20:55 3460896 ----a-w- c:\windows\system32\nvsvc64.dll 2013-01-10 21:37 . 2009-11-28 20:55 6382880 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-10 21:36 . 2009-11-28 20:56 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-10 21:36 . 2009-11-28 20:55 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-01-10 21:36 . 2009-11-28 20:55 2558240 ----a-w- c:\windows\system32\nvsvcr.dll 2013-01-10 21:36 . 2009-11-28 20:55 118560 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-05 05:53 . 2013-02-18 17:20 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-18 17:20 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-18 17:20 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-18 17:18 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-18 17:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-18 17:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-18 17:19 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-18 17:18 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-18 17:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-18 17:18 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-18 17:18 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-18 17:18 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-18 17:18 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-19 1597864] "ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-25 15544] "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "SetPoint"="c:\program files (x86)\Logitech\Tastatur\SetPoint\KEM.EXE" [2004-07-15 581632] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Maus\Desktop Messenger\8876480\Program\LDMConf.exe [2010-3-4 169472] Logitech SetPoint.lnk - c:\program files (x86)\Logitech\Tastatur\SetPoint\KEM.exe [2010-3-4 581632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-03 258560] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 16:07] . 2013-03-07 c:\windows\Tasks\HPCeeScheduleFor****.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22] . 2013-03-25 c:\windows\Tasks\MT66 Software Update.job - c:\program files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2010-07-09 16:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - c:\users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{7184C973-F99B-47CA-A4D2-DD374DAE4457}: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sngfqydl.default-1362944486578\ FF - ExtSQL: 2013-02-19 21:07; {10743931-94DF-476f-A987-4391233C17A2}; c:\program files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-03-26 12:32:39 ComboFix-quarantined-files.txt 2013-03-26 11:32 ComboFix2.txt 2013-03-17 20:38 . Vor Suchlauf: 19 Verzeichnis(se), 322.641.195.008 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 322.170.101.760 Bytes frei . - - End Of File - - BF714B6380288F6C8C282E31C7669247 Es wurden auch keine Uploads gestartet. sry, für den doppelpost, aber hatte noch was vergessen. Und zwar hab ich natürlich nach "ComboFix" auch einen neustart gemacht und es hat sich nichts getan. Außerdem habe ich die Lanverbindung in der Fritzbox zu meinem Laptop rausgeschmissen und danach beide (Fritzbox und pc) neu gestartet. Allerdings ohne erfolg. Falls diese informationen dir weiterhelfen. |
26.03.2013, 16:03 | #50 |
/// Helfer-Team | Groupon Virus/Trojaner Hast du die Sternchen auch gegen deinen Benutzernamen getauscht? |
26.03.2013, 16:25 | #51 |
| Groupon Virus/Trojaner Verdammt Ja, sry übersehen... läuft aber gerade nochmal durch... diesmal hat mich "Combofix" gefragt/gesagt dass es eine neuere Version gibt und ob ich updaten möchte. Ich habe bestätigt und es hat auch funktioniert. Wenn er nun fertig ist kommt sofort die log so hier die Log: Code:
ATTFilter ComboFix 13-03-26.01 - **** 26.03.2013 16:22:28.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4023.2619 [GMT 1:00] ausgeführt von:: c:\users\****\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\****\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-26 bis 2013-03-26 )))))))))))))))))))))))))))))) . . 2013-03-26 15:30 . 2013-03-26 15:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-26 15:30 . 2013-03-26 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-26 15:30 . 2013-03-26 15:30 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp 2013-03-25 19:53 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7161A159-8729-4513-92AB-E6624CFB07DC}\mpengine.dll 2013-03-25 08:15 . 2013-03-25 08:37 -------- d-----w- c:\windows\system32\catroot2 2013-03-19 20:53 . 2013-03-19 20:53 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-19 20:53 . 2013-03-19 20:52 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-19 20:41 . 2013-03-19 20:41 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2013-03-19 20:41 . 2013-03-19 20:41 -------- d-----w- c:\windows\system32\wbem\en-US 2013-03-19 20:09 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-03-19 19:58 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-18 20:59 . 2013-03-18 20:59 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-18 20:59 . 2013-03-18 20:59 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-16 10:16 . 2013-03-23 14:40 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2013-03-16 10:09 . 2013-03-16 10:09 -------- d-----w- C:\RegBackup 2013-03-13 16:44 . 2013-03-13 16:44 -------- d-----w- C:\_OTL 2013-03-12 18:09 . 2013-03-12 18:09 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes 2013-03-12 18:09 . 2013-03-12 18:09 -------- d-----w- c:\programdata\Malwarebytes 2013-03-12 18:09 . 2013-03-12 18:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-12 18:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-12 18:08 . 2013-03-12 18:08 -------- d-----w- c:\users\****\AppData\Local\Programs 2013-03-10 20:08 . 2013-03-23 14:25 -------- d-----w- c:\programdata\Avira 2013-03-02 16:07 . 2013-03-02 16:07 -------- d-----w- c:\users\****\AppData\Local\Macromedia 2013-03-02 16:07 . 2013-03-02 16:07 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-19 20:52 . 2012-06-26 16:07 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-19 20:52 . 2011-02-27 11:37 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 20:38 . 2010-03-13 21:38 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-02 16:07 . 2011-11-03 16:09 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 13:22 . 2009-11-29 17:20 2824504 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-27 13:22 . 2009-11-29 17:20 15052728 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-27 13:22 . 2012-01-24 11:27 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-18 08:22 . 2013-02-18 08:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 08:22 . 2013-02-18 08:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 08:22 . 2013-02-18 08:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-18 20:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-18 20:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-18 20:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-18 20:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-18 20:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-18 20:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-17 00:28 . 2010-03-08 19:49 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 21:37 . 2009-11-28 20:55 3460896 ----a-w- c:\windows\system32\nvsvc64.dll 2013-01-10 21:37 . 2009-11-28 20:55 6382880 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-10 21:36 . 2009-11-28 20:56 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-10 21:36 . 2009-11-28 20:55 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-01-10 21:36 . 2009-11-28 20:55 2558240 ----a-w- c:\windows\system32\nvsvcr.dll 2013-01-10 21:36 . 2009-11-28 20:55 118560 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-05 05:53 . 2013-02-18 17:20 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-18 17:20 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-18 17:20 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-18 17:18 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-18 17:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-18 17:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-18 17:19 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-18 17:18 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-18 17:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-18 17:18 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-18 17:18 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-18 17:18 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-18 17:18 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-19 1597864] "ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-25 15544] "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "SetPoint"="c:\program files (x86)\Logitech\Tastatur\SetPoint\KEM.EXE" [2004-07-15 581632] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\****\Desktop\ mbar neu\mbar\mbar.exe" [2013-02-16 1363016] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Maus\Desktop Messenger\8876480\Program\LDMConf.exe [2010-3-4 169472] Logitech SetPoint.lnk - c:\program files (x86)\Logitech\Tastatur\SetPoint\KEM.exe [2010-3-4 581632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-03 258560] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 16:07] . 2013-03-07 c:\windows\Tasks\HPCeeScheduleFor****.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22] . 2013-03-26 c:\windows\Tasks\MT66 Software Update.job - c:\program files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2010-07-09 16:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - c:\users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{7184C973-F99B-47CA-A4D2-DD374DAE4457}: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sngfqydl.default-1362944486578\ FF - ExtSQL: 2013-02-19 21:07; {10743931-94DF-476f-A987-4391233C17A2}; c:\program files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-03-26 16:39:12 ComboFix-quarantined-files.txt 2013-03-26 15:39 ComboFix2.txt 2013-03-17 20:38 . Vor Suchlauf: 19 Verzeichnis(se), 322.023.940.096 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 321.942.122.496 Bytes frei . - - End Of File - - FF1A3D794A93680121C76B11B95D7470 Geändert von Geister_Hugo (26.03.2013 um 16:49 Uhr) |
26.03.2013, 18:56 | #52 |
/// Helfer-Team | Groupon Virus/Trojaner Scan mit SystemLook Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus. Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden). User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
|
26.03.2013, 19:37 | #53 |
| Groupon Virus/Trojaner ok, hier die auswertung: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 19:30 on 26/03/2013 by **** Administrator - Elevation successful ========== regfind ========== Searching for "miqyo" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\users\****\appdata\roaming\uzalus\miqyo.exe"="Spread BTP-Bund" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\miqyo_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\miqyo_RASMANCS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{A4517033-B669-4C46-BA27-268ADB5B5611}C:\users\****\appdata\roaming\uzalus\miqyo.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\****\appdata\roaming\uzalus\miqyo.exe|Name=miqyo.exe|Desc=miqyo.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{4D4D05A3-B8C5-4B5B-A7F9-9B8D8A6B0D0E}C:\users\****\appdata\roaming\uzalus\miqyo.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\****\appdata\roaming\uzalus\miqyo.exe|Name=miqyo.exe|Desc=miqyo.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{A4517033-B669-4C46-BA27-268ADB5B5611}C:\users\****\appdata\roaming\uzalus\miqyo.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\****\appdata\roaming\uzalus\miqyo.exe|Name=miqyo.exe|Desc=miqyo.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{4D4D05A3-B8C5-4B5B-A7F9-9B8D8A6B0D0E}C:\users\****\appdata\roaming\uzalus\miqyo.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\****\appdata\roaming\uzalus\miqyo.exe|Name=miqyo.exe|Desc=miqyo.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{A4517033-B669-4C46-BA27-268ADB5B5611}C:\users\****\appdata\roaming\uzalus\miqyo.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\****\appdata\roaming\uzalus\miqyo.exe|Name=miqyo.exe|Desc=miqyo.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{4D4D05A3-B8C5-4B5B-A7F9-9B8D8A6B0D0E}C:\users\****\appdata\roaming\uzalus\miqyo.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\****\appdata\roaming\uzalus\miqyo.exe|Name=miqyo.exe|Desc=miqyo.exe|" [HKEY_USERS\S-1-5-21-2563768600-2515662473-201484731-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\users\****\appdata\roaming\uzalus\miqyo.exe"="Spread BTP-Bund" [HKEY_USERS\S-1-5-21-2563768600-2515662473-201484731-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\users\****\appdata\roaming\uzalus\miqyo.exe"="Spread BTP-Bund" ========== folderfind ========== Searching for "*uzalus* " No folders found. ========== filefind ========== Searching for "*miqyo*.exe" No files found. Searching for " " No files found. -= EOF =- |
27.03.2013, 13:22 | #54 |
/// Helfer-Team | Groupon Virus/Trojaner Lass das mal laufen: Microsoft Fix it gegen Schadsoftware - Download - Filepony |
27.03.2013, 13:43 | #55 |
| Groupon Virus/Trojaner Nach der frage, ob ich dies als admin ausführen will, bestätige ich mit ja.... Anschließend wieder mal so n blödes Fehlermeldungs Fenster das bild ist im anhag zu sehen. |
02.04.2013, 09:22 | #56 |
/// Helfer-Team | Groupon Virus/Trojaner Bitte wiefolgt vorgehen: http://windows.microsoft.com/en-in/w...ewall-settings |
02.04.2013, 18:21 | #57 |
| Groupon Virus/Trojaner ok, hab ich auch gemacht, aber auch noch keine updates... "Microsoft fix it" hab ich auch nocheinmal getestet, aber die selbe meldung wie beim letzten mal... |
03.04.2013, 08:51 | #58 |
/// Helfer-Team | Groupon Virus/Trojaner Versuche es damit alles von ZA zu entfernen: ZoneAlarm Uninstall Tool Download |
03.04.2013, 15:57 | #59 |
| Groupon Virus/Trojaner Ok hab ich gemacht, der Cleaner hat auch Daten entfernt da der Fortschrittsbalken etwas gebraucht hat um auf 100% zu kommen. Anschließender Neustart, aber auch noch keine Updates möglich, bzw. keine Internet Seiten zu öffnen. |
03.04.2013, 16:07 | #60 |
/// Helfer-Team | Groupon Virus/Trojaner Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
Themen zu Groupon Virus/Trojaner |
antivir, aufbau, dateien, e-mail, firefox, gestartet, gmer, hinweis, js/blacole.psan, keine rückmeldung, keine rückmeldung mehr, klicke, mozilla, neues, programm, quarantäne, rückmeldung, seite, starten, tr/injector.aos, tr/yakes.cnnh, version, virus, öffnet |