Windows 7 EsetScan meldet "Win32/Toolbar.Montiera" und weitere Funde

Fl!tsche · 20.05.2014, 13:42

hier das Log von ComboFix

Code:

ATTFilter

ComboFix 14-05-19.01 - Andrea 2 20.05.2014  14:13:43.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16308.14464 [GMT 2:00]
ausgeführt von:: c:\users\Andrea\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-20 bis 2014-05-20  ))))))))))))))))))))))))))))))
.
.
2014-05-20 12:16 . 2014-05-20 12:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-20 12:16 . 2014-05-20 12:16	--------	d-----w-	c:\users\Andrea 2\AppData\Local\temp
2014-05-20 11:54 . 2014-04-16 01:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBE92FFB-431A-4D90-A68C-4036ED2D10C5}\mpengine.dll
2014-05-19 22:18 . 2014-05-19 22:18	--------	d-----w-	c:\users\Andrea\AppData\Local\Apps
2014-05-19 15:33 . 2014-05-19 15:33	--------	d-----w-	c:\users\Andrea 2\AppData\Local\Microsoft Help
2014-05-19 11:11 . 2014-04-23 09:50	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B514E2F9-9A3B-4391-8A2F-F99AB36CC946}\gapaengine.dll
2014-05-19 11:11 . 2014-04-16 01:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-19 10:35 . 2014-05-19 10:35	--------	d-----w-	c:\users\Andrea\AppData\Roaming\Apple Computer
2014-05-18 21:30 . 2010-02-01 21:21	73728	----a-w-	c:\windows\system32\wltrynt.dll
2014-05-18 21:30 . 2013-10-10 15:04	134656	----a-w-	c:\windows\system32\WinToolkitRunOnce.exe
2014-05-18 21:30 . 2012-09-11 12:39	1721576	----a-w-	c:\windows\system32\wdfcoinstaller01009.dll
2014-05-18 21:30 . 2009-11-03 16:40	1919968	----a-w-	c:\windows\system32\WdfCoInstaller01005.dll
2014-05-18 21:30 . 2010-02-01 21:21	457	----a-w-	c:\windows\system32\vcredist_x64.bat
2014-05-18 21:30 . 2010-02-01 21:21	3161088	----a-w-	c:\windows\system32\vcredist_x64.exe
2014-05-18 21:30 . 2013-03-18 15:51	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2014-05-18 21:30 . 2008-01-17 17:25	2520064	----a-w-	c:\windows\system32\tfmessbsp.dll
2014-05-18 21:30 . 2010-07-22 02:19	431616	----a-w-	c:\windows\system32\stcplx64.dll
2014-05-18 21:30 . 2010-07-22 02:19	209920	----a-w-	c:\windows\system32\st646292.dll
2014-05-18 21:30 . 2010-07-22 02:19	1952256	----a-w-	c:\windows\system32\stlang64.dll
2014-05-18 21:30 . 2009-07-14 01:45	24144	----a-w-	c:\windows\system32\streamci.dll
2014-05-18 21:30 . 2013-10-02 00:15	1057280	----a-w-	c:\windows\system32\rdvidcrl.dll
2014-05-18 21:28 . 2010-07-24 23:27	120320	----a-w-	c:\windows\system32\atitmm64.dll
2014-05-18 21:27 . 2014-05-19 19:40	--------	d-----w-	c:\windows\PCHEALTH
2014-05-18 21:21 . 2014-02-01 16:05	0	----a-w-	c:\windows\ativpsrm.bin
2014-05-18 21:12 . 2014-05-19 19:16	--------	d-----w-	C:\IDE
2014-05-18 21:12 . 2014-05-19 19:16	--------	d-----w-	C:\FRST
2014-05-18 15:38 . 2014-05-18 15:38	--------	d-----w-	C:\Intel
2014-05-18 15:35 . 2014-05-18 15:35	--------	d-----w-	c:\users\Andrea 2\AppData\Local\Diagnostics
2014-05-18 12:09 . 2014-05-18 19:17	--------	d-----w-	c:\users\Andrea 2\AppData\Local\Deployment
2014-05-18 12:09 . 2014-05-18 12:09	--------	d-----w-	c:\users\Andrea 2\AppData\Local\Apps
2014-05-18 11:58 . 2014-05-18 11:58	--------	d-----w-	c:\programdata\Dell
2014-05-18 11:58 . 2014-05-18 11:58	--------	d-----w-	c:\users\Andrea 2\AppData\Local\Dell
2014-05-18 11:43 . 2014-05-18 11:43	--------	d-----w-	c:\users\Andrea 2\AppData\Local\Broadcom
2014-05-18 11:40 . 2014-05-18 11:40	--------	d-----w-	c:\program files\WIDCOMM
2014-05-18 10:55 . 2014-05-18 10:55	--------	d-----w-	c:\program files (x86)\Cisco
2014-05-18 10:53 . 2014-05-18 11:59	--------	d-----w-	c:\program files\Dell
2014-05-18 09:03 . 2014-05-18 09:03	--------	d-----w-	c:\users\Andrea 2\AppData\Local\ESET
2014-05-18 04:34 . 2014-05-18 05:07	--------	d-----w-	c:\users\Andrea 2\AppData\Local\ElevatedDiagnostics
2014-05-18 04:01 . 2014-05-18 04:01	--------	d-sh--w-	c:\users\Andrea 2\AppData\Local\EmieUserList
2014-05-18 04:01 . 2014-05-18 04:01	--------	d-sh--w-	c:\users\Andrea 2\AppData\Local\EmieSiteList
2014-05-18 03:12 . 2014-05-18 03:14	--------	d-----w-	C:\Dell
2014-05-17 20:24 . 2014-05-19 11:24	--------	d-----w-	c:\program files\7-Zip
2014-05-17 19:53 . 2014-05-17 19:53	--------	d-----w-	c:\program files (x86)\NirSoft
2014-05-17 06:51 . 2014-05-17 06:51	--------	d-----w-	c:\users\Andrea 2\AppData\Local\Programs
2014-05-17 01:36 . 2014-05-17 01:36	--------	d-----w-	c:\program files\ESET
2014-05-17 01:27 . 2014-05-17 01:27	--------	d-----w-	c:\users\Andrea\AppData\Local\ESET
2014-05-17 00:08 . 2014-05-17 00:08	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2014-05-06 23:28 . 2014-05-19 11:33	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-06 15:48 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-05-06 15:48 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-05 23:59 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-05 23:59 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-05 23:59 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 20:06 . 2014-02-01 17:37	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 20:06 . 2014-02-01 17:37	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-05 16:32 . 2014-02-19 16:50	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-11 07:52 . 2013-06-18 20:50	133928	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 09:31 . 2014-04-17 03:04	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-17 03:04	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-17 03:05	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-17 03:04	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-17 03:04	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-17 03:04	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-17 03:04	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-17 03:05	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-17 03:04	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-17 03:04	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-17 03:04	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-17 03:04	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-17 03:04	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-17 03:04	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-17 03:04	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-17 03:04	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-17 03:05	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-17 03:04	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-17 03:04	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-17 03:04	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-17 03:04	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-17 03:04	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-17 03:04	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-17 03:04	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-17 03:04	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-17 03:04	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-17 03:04	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-17 03:04	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-17 03:04	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-17 03:04	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-17 03:04	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-17 03:04	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-17 03:04	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 21:57	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 21:57	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 21:57	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 21:57	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 21:57	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 21:57	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 21:57	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 21:57	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 21:57	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 21:57	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 21:57	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
R4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-01 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
"*Restore"="c:\windows\system32\rstrui.exe" [2010-11-21 296960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-1ClickDownload - c:\program files (x86)\hdvidcodec.com\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-20  14:18:37
ComboFix-quarantined-files.txt  2014-05-20 12:18
.
Vor Suchlauf: 10 Verzeichnis(se), 418.041.368.576 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 417.970.012.160 Bytes frei
.
- - End Of File - - 3BCF7A11C19DAAB606DAEDADB6759D69
A36C5E4F47E84449FF07ED3517B43A31

Windows 7 EsetScan meldet "Win32/Toolbar.Montiera" und weitere Funde

Log-Analyse und Auswertung: Windows 7 EsetScan meldet "Win32/Toolbar.Montiera" und weitere Funde

Windows 7 EsetScan meldet "Win32/Toolbar.Montiera" und weitere Funde

Ähnliche Themen: Windows 7 EsetScan meldet "Win32/Toolbar.Montiera" und weitere Funde