| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windowa XP: firefox Startseite http://search.snapdo.com/?st=nt&q=Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.04.2014, 10:51
| #1 |
 |  Windowa XP: firefox Startseite http://search.snapdo.com/?st=nt&q= Mein Vater hat sich beim surfen etwas eingefangen. Avira schlägt von sich aus beim Start des Computers an und Malwarebytes findet ebenfalls infizierte Objekte. Ich habe die 4 empfohlenen Schritte abgearbeitet. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Baumann (administrator) on BAUMANNS-PC on 01-04-2014 10:33:33
Running from D:\Baumann\Eigene Dateien\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(ScanSoft, Inc.) C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
() C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Programme\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Programme\Messenger\Msmsgs.exe
(Secunia) C:\Programme\Secunia\PSI\psi_tray.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Secunia) C:\Programme\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
() C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Lrcnta.exe
(Secunia) C:\Programme\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Smartbar) C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\SnapDo.exe
() C:\Programme\LPT\srpts.exe
() C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\LPT\srptm.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Farbar) D:\Baumann\Eigene Dateien\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [WrtMon.exe] - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16269312 2006-10-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - "C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-436374069-1682526488-839522115-1005\...\Run: [MSMSGS] - C:\Programme\Messenger\Msmsgs.exe [1660952 2008-06-02] (Microsoft Corporation)
HKU\S-1-5-21-436374069-1682526488-839522115-1005\...\Run: [Browser Infrastructure Helper] - C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\SnapDo.exe [27680 2014-03-04] (Smartbar)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQuDfhaT8VWIaApoTOG07IwdX4H4Sv86sIjQoEOzzKYGLY9sj9SFOnWUpI1oHOW1&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQfUyTkntCpo4_C_E_uponJGARUJfI2cz41VW5dB2sF5xddgetUa0fauQ7_RZ0Uw
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQuDfhaT8VWIaApoTOG07IwdX4H4Sv86sIjQoEOzzKYGLY9sj9SFOnWUpI1oHOW1&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQuDfhaT8VWIaApoTOG07IwdX4H4Sv86sIjQoEOzzKYGLY9sj9SFOnWUpI1oHOW1&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQuDfhaT8VWIaApoTOG07IwdX4H4Sv86sIjQoEOzzKYGLY9sj9SFOnWUpI1oHOW1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQuDfhaT8VWIaApoTOG07IwdX4H4Sv86sIjQoEOzzKYGLY9sj9SFOnWUpI1oHOW1&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQuDfhaT8VWIaApoTOG07IwdX4H4Sv86sIjQoEOzzKYGLY9sj9SFOnWUpI1oHOW1&q={searchTerms}
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Baumann\Anwendungsdaten\Mozilla\Firefox\Profiles\i5fhw84p.default-1378822868640
FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQEQkYgbAaXDRaqjTwxhh27hkkXuxrVd4YDAbAKdNWjy722QP6AzDjykC1r6dUX3
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQfUyTkntCpo4_C_E_uponJGARUJfI2cz41VW5dB2sF5xddgetUa0fauQ7_RZ0Uw
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFZnVh_SyaiR-1GS8p620742bwT1UuS7CNworx44Ba5Pajsg_zU-npHcRJ0ctKP4iQuDfhaT8VWIaApoTOG07IwdX4H4Sv86sIjQoEOzzKYGLY9sj9SFOnWUpI1oHOW1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\Baumann\Anwendungsdaten\Mozilla\Firefox\Profiles\i5fhw84p.default-1378822868640\searchplugins\Web Search.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Snap.Do - C:\Dokumente und Einstellungen\Baumann\Anwendungsdaten\Mozilla\Firefox\Profiles\i5fhw84p.default-1378822868640\Extensions\{1c8aeb52-cd77-fac4-bc60-8c54fcc955c7} [2014-04-01]
FF Extension: CookieCuller - C:\Dokumente und Einstellungen\Baumann\Anwendungsdaten\Mozilla\Firefox\Profiles\i5fhw84p.default-1378822868640\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-02-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2013-08-19]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx []
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336 2014-02-12] (Apple Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-08-25] ()
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-09] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-09] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-10] (Google)
S2 IJPLMSVC; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2014-02-21] (Apple Inc.)
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182184 2013-09-22] (Oracle Corporation)
R2 LPTSystemUpdater; C:\Programme\LPT\srpts.exe [35872 2014-03-04] ()
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-03-31] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Programme\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Programme\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S2 APNMCP; C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe [X]
==================== Drivers (Whitelisted) ====================
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1723840 2010-03-09] (Atheros Communications, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [21248 2003-09-20] (Padus, Inc.)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-09-18] (Avira GmbH)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
2014-04-01 10:31 - 2014-04-01 10:31 - 00000000 _____ () C:\Dokumente und Einstellungen\Baumann\defogger_reenable
2014-04-01 10:11 - 2014-04-01 10:12 - 00000000 ____D () C:\Programme\LPT
2014-04-01 10:10 - 2014-04-01 10:19 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\LPT
2014-03-31 10:13 - 2014-04-01 10:10 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\Smartbar
2014-03-31 10:13 - 2014-03-31 10:13 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann\Anwendungsdaten\ SRAM S7 user guide
2014-03-31 09:16 - 2014-03-31 09:16 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-03-23 09:17 - 2014-03-23 09:17 - 00000220 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-03-22 10:42 - 2014-03-22 10:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 10:41 - 2014-03-22 10:42 - 00004040 _____ () C:\WINDOWS\KB2934207.log
2014-03-22 10:32 - 2014-02-27 01:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-22 10:32 - 2014-02-27 01:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-13 12:13 - 2014-03-13 12:13 - 00127399 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 12:13 - 2014-03-13 12:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 12:12 - 2014-03-13 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 08:40 - 2014-03-13 12:13 - 00123477 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 08:40 - 2014-03-13 12:12 - 00125761 _____ () C:\WINDOWS\KB2930275.log
2014-03-10 11:06 - 2014-03-10 11:06 - 00001528 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Programme\iTunes
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Programme\iPod
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-10 10:58 - 2014-03-10 10:58 - 00001590 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
2014-03-10 10:58 - 2014-03-10 10:58 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
2014-03-10 10:57 - 2014-03-10 10:58 - 00000000 ____D () C:\Programme\QuickTime
==================== One Month Modified Files and Folders =======
2014-04-01 10:33 - 2013-09-23 06:51 - 00000000 ____D () C:\FRST
2014-04-01 10:31 - 2014-04-01 10:31 - 00000000 _____ () C:\Dokumente und Einstellungen\Baumann\defogger_reenable
2014-04-01 10:31 - 2012-05-23 17:23 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann
2014-04-01 10:19 - 2014-04-01 10:10 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\LPT
2014-04-01 10:12 - 2014-04-01 10:11 - 00000000 ____D () C:\Programme\LPT
2014-04-01 10:11 - 2012-05-23 09:27 - 00000000 ___RD () C:\Programme
2014-04-01 10:10 - 2014-03-31 10:13 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\Smartbar
2014-04-01 10:10 - 2012-05-23 10:17 - 01636828 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 10:07 - 2012-05-24 11:28 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-01 10:07 - 2012-05-23 10:14 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-01 10:06 - 2013-05-09 18:19 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 10:06 - 2012-06-05 11:22 - 00055760 _____ () C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-04-01 10:06 - 2012-05-23 09:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-01 10:06 - 2012-05-23 09:30 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-01 10:05 - 2012-05-23 10:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-31 10:39 - 2012-05-23 17:23 - 00000190 ___SH () C:\Dokumente und Einstellungen\Baumann\ntuser.ini
2014-03-31 10:39 - 2012-05-23 10:35 - 00032508 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-31 10:19 - 2012-05-24 11:27 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-03-31 10:19 - 2012-05-23 09:26 - 00235168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-31 10:13 - 2014-03-31 10:13 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann\Anwendungsdaten\ SRAM S7 user guide
2014-03-31 09:48 - 2013-04-20 21:31 - 00000276 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-31 09:45 - 2013-05-09 18:19 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 09:16 - 2014-03-31 09:16 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-03-31 09:07 - 2012-05-23 09:27 - 01071690 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-31 09:03 - 2006-03-24 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-28 08:41 - 2013-09-05 07:41 - 00000324 _____ () C:\WINDOWS\Tasks\Freemium1ClickMaint.job
2014-03-25 12:14 - 2014-02-25 12:53 - 00000000 ____D () C:\Programme\Mozilla Thunderbird
2014-03-24 10:49 - 2013-03-21 10:41 - 00002489 _____ () C:\Dokumente und Einstellungen\Baumann\Desktop\Microsoft Word 2010.lnk
2014-03-23 09:17 - 2014-03-23 09:17 - 00000220 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-03-22 10:42 - 2014-03-22 10:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 10:42 - 2014-03-22 10:41 - 00004040 _____ () C:\WINDOWS\KB2934207.log
2014-03-22 10:42 - 2012-05-23 09:27 - 01771840 _____ () C:\WINDOWS\iis6.log
2014-03-22 10:42 - 2012-05-23 09:27 - 01580707 _____ () C:\WINDOWS\FaxSetup.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00773531 _____ () C:\WINDOWS\ocgen.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00728469 _____ () C:\WINDOWS\tsoc.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00536426 _____ () C:\WINDOWS\comsetup.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00497658 _____ () C:\WINDOWS\msmqinst.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00323529 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00291789 _____ () C:\WINDOWS\netfxocm.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00197317 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00181579 _____ () C:\WINDOWS\plusoc.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00088887 _____ () C:\WINDOWS\ehOCGen.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00087431 _____ () C:\WINDOWS\ocmsn.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00080133 _____ () C:\WINDOWS\tabletoc.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00079460 _____ () C:\WINDOWS\msgsocm.log
2014-03-22 10:42 - 2012-05-23 09:27 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-18 11:21 - 2013-08-02 17:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 11:19 - 2012-05-23 17:44 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-13 17:25 - 2013-04-20 14:08 - 00000000 ____D () C:\Programme\Microsoft Silverlight
2014-03-13 12:13 - 2014-03-13 12:13 - 00127399 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 12:13 - 2014-03-13 12:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 12:13 - 2014-03-13 08:40 - 00123477 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 12:13 - 2013-03-21 10:37 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2014-03-13 12:13 - 2012-05-23 13:25 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-13 12:13 - 2012-05-23 10:40 - 00221136 _____ () C:\WINDOWS\updspapi.log
2014-03-13 12:13 - 2012-05-23 09:27 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 12:12 - 2014-03-13 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 12:12 - 2014-03-13 08:40 - 00125761 _____ () C:\WINDOWS\KB2930275.log
2014-03-13 12:11 - 2013-04-20 14:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
2014-03-13 09:06 - 2012-05-24 11:28 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-13 09:06 - 2012-05-24 11:28 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-10 18:27 - 2014-01-21 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\Baumann\Desktop\Michael
2014-03-10 11:06 - 2014-03-10 11:06 - 00001528 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Programme\iTunes
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Programme\iPod
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2014-03-10 11:06 - 2014-03-10 11:06 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-10 11:06 - 2013-04-20 21:31 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Apple
2014-03-10 11:06 - 2012-05-23 09:26 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-03-10 10:58 - 2014-03-10 10:58 - 00001590 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
2014-03-10 10:58 - 2014-03-10 10:58 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
2014-03-10 10:58 - 2014-03-10 10:57 - 00000000 ____D () C:\Programme\QuickTime
2014-03-06 14:27 - 2014-01-21 12:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2006-03-24 14:00] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\WINDOWS\system32\winlogon.exe
[2006-03-24 14:00] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\WINDOWS\system32\svchost.exe
[2006-03-24 14:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\WINDOWS\system32\services.exe
[2006-03-24 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\WINDOWS\system32\User32.dll
[2006-03-24 14:00] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\WINDOWS\system32\userinit.exe
[2006-03-24 14:00] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\WINDOWS\system32\rpcss.dll
[2006-03-24 14:00] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2006-03-24 14:00] - [2008-04-14 07:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Die Addition.txt von heute kann ich nicht finden. Finde nur ältere. Gmer.txt vermutlich auch nicht abgespeichert.... Code:
ATTFilter In der Datei 'C:\Dokumente und Einstellungen\Baumann\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\SmartbarVersionsHelper.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.MSIL.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
Was soll ich als nächstes tun!? |
| Themen zu Windowa XP: firefox Startseite http://search.snapdo.com/?st=nt&q= |
| administrator, adobe, adware, antivir, bonjour, browser, canon, desktop, einstellungen, explorer, firefox, firefox startseite, flash player, freemium, google, homepage, infizierte, mozilla, newtab, realtek, registry, scan, software, system, temp, trojan, virus, windows, windows xp |
Baum-Darstellung