| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr geringWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
31.05.2014, 19:42
| #1 | |
| /// TB-Ausbilder   |  Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr geringZitat:
Scan mit Combofix
|
|
31.05.2014, 20:19
| #2 |
 | Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr gering Liebes Trojaner-Team!
__________________Danke für den schnellen Support!!! Hier auch sofort die Combofix-Log!!! Code:
ATTFilter ComboFix 14-05-29.01 - Timmy 31.05.2014 21:07:03.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.729 [GMT 2:00]
ausgeführt von:: c:\users\Timmy\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Outdated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Outdated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfejgccfbbopiioofdnhogojdcpcfid
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfejgccfbbopiioofdnhogojdcpcfid\6.3\background.html
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfejgccfbbopiioofdnhogojdcpcfid\6.3\content.js
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfejgccfbbopiioofdnhogojdcpcfid\6.3\I8TMy.js
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfejgccfbbopiioofdnhogojdcpcfid\6.3\lsdb.js
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfejgccfbbopiioofdnhogojdcpcfid\6.3\manifest.json
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klofelfbengbfpnpodomloebpalbgjno
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klofelfbengbfpnpodomloebpalbgjno\1.4\AnVC_3CD9C.js
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klofelfbengbfpnpodomloebpalbgjno\1.4\background.html
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klofelfbengbfpnpodomloebpalbgjno\1.4\content.js
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klofelfbengbfpnpodomloebpalbgjno\1.4\lsdb.js
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klofelfbengbfpnpodomloebpalbgjno\1.4\manifest.json
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbfejgccfbbopiioofdnhogojdcpcfid_0.localstorage
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klofelfbengbfpnpodomloebpalbgjno_0.localstorage
c:\users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Timmy\AppData\Roaming\dclogs
c:\users\Timmy\AppData\Roaming\dclogs\2014-05-14-4.dc
c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\TGHV.001
c:\windows\system32\28463\TGHV.006
c:\windows\system32\28463\TGHV.007
c:\windows\system32\28463\TGHV.009.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-28 bis 2014-05-31 ))))))))))))))))))))))))))))))
.
.
2014-05-31 19:14 . 2014-05-31 19:14 -------- d-----w- c:\users\Timmy\AppData\Local\temp
2014-05-31 19:14 . 2014-05-31 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-31 18:33 . 2014-05-31 18:36 -------- d-----w- C:\FRST
2014-05-31 17:36 . 2014-05-31 17:36 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85214CD5-A231-4EE8-95BF-BCEFBB04F1B8}\MpKsled1f3119.sys
2014-05-31 17:36 . 2014-05-31 17:36 -------- d-----w- c:\program files\GPU-Z
2014-05-31 16:57 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-31 16:57 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-31 16:57 . 2014-05-31 16:57 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-05-31 16:57 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-31 16:27 . 2014-05-31 16:27 -------- d-----w- c:\windows\system32\wbem\en-US
2014-05-31 15:47 . 2014-05-31 15:47 -------- d-----w- c:\programdata\Malwarebytes
2014-05-31 14:47 . 2014-05-31 14:47 -------- d-----w- c:\program files\CCleaner
2014-05-31 14:27 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85214CD5-A231-4EE8-95BF-BCEFBB04F1B8}\mpengine.dll
2014-05-25 06:44 . 2014-05-25 06:44 -------- d-----w- c:\program files\Common Files\Skype
2014-05-21 15:42 . 2014-05-31 19:07 -------- d-----w- c:\users\Timmy\AppData\Roaming\TS3Client
2014-05-21 15:42 . 2014-05-21 15:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-05-21 15:35 . 2014-05-21 15:35 -------- d-----w- c:\programdata\HAippy2Savea
2014-05-19 04:41 . 2014-05-19 04:41 -------- d-----w- c:\program files\Common Files\BattlEye
2014-05-15 17:44 . 2014-05-15 17:44 -------- d-----w- c:\users\Timmy\AppData\Local\Razer
2014-05-15 17:44 . 2014-05-15 17:44 -------- d-----w- c:\programdata\Razer
2014-05-15 17:44 . 2014-05-15 17:44 -------- d-----w- c:\program files\Razer
2014-05-15 14:02 . 2014-05-15 14:02 -------- d-----w- c:\programdata\AllaboutApp
2014-05-15 13:50 . 2014-05-15 13:50 -------- d-----w- c:\users\Timmy\AppData\Local\23690
2014-05-14 11:22 . 2014-05-14 11:22 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-05-13 16:28 . 2014-05-31 17:31 -------- d-----w- c:\users\Timmy\AppData\Local\DayZ
2014-05-13 11:57 . 2014-05-01 19:38 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CD6A5D3-A9A9-472A-839C-DD5941BD8EF1}\gapaengine.dll
2014-05-13 11:57 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-12 12:54 . 2014-05-12 12:54 -------- d-----w- c:\users\Timmy\AppData\Roaming\.firefox
2014-05-10 20:56 . 2014-05-10 20:56 -------- d-----w- c:\users\Timmy\AppData\Local\Skype
2014-05-10 20:56 . 2014-05-25 06:44 -------- d-----r- c:\program files\Skype
2014-05-09 18:09 . 2014-05-09 18:09 -------- d-----w- c:\programdata\Oracle
2014-05-09 18:09 . 2014-05-09 18:09 -------- d-----w- c:\program files\Common Files\Java
2014-05-09 18:09 . 2014-05-09 18:09 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-09 17:38 . 2014-05-18 18:51 -------- d-----w- c:\users\Timmy\AppData\Roaming\.minecraft
2014-05-07 19:44 . 2014-05-07 19:44 -------- d-s---w- c:\users\Timmy\AppData\Roaming\Frutas
2014-05-07 19:38 . 2014-05-07 19:38 -------- d-----w- c:\program files\Cheat Engine 6.3
2014-05-07 14:26 . 2014-05-07 14:26 -------- d-----w- c:\program files\Elcomsoft
2014-05-07 14:26 . 2014-05-07 14:26 -------- d-----w- c:\program files\Elcomsoft Password Recovery
2014-05-07 14:26 . 2014-05-07 14:26 -------- d-----w- c:\programdata\Elcomsoft Password Recovery
2014-05-06 15:04 . 2014-05-06 15:13 -------- d-----w- c:\programdata\AppReady Software
2014-05-06 15:03 . 2014-05-06 15:03 4296192 ----a-w- c:\program files\SN.Booster
2014-05-06 15:03 . 2014-05-06 15:03 174928 ----a-w- c:\program files\SNSvc.dll
2014-05-06 15:00 . 2014-05-14 15:21 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-05 13:41 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-05 13:36 . 2014-05-15 13:53 -------- d-----w- C:\Temp
2014-05-05 11:54 . 2014-05-05 11:54 -------- d-----w- c:\users\Timmy\AppData\Local\Gameforge4d
2014-05-05 11:54 . 2014-05-30 09:55 -------- d-----w- c:\program files\GameforgeLive
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 04:43 . 2012-08-12 12:43 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 04:43 . 2011-09-12 15:02 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-01 19:38 . 2011-10-11 14:54 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-13 08:26 . 2014-04-13 08:26 1199079 ----a-w- c:\windows\unins000.exe
2014-03-11 07:52 . 2011-04-27 13:25 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-05 08:15 . 2012-09-08 08:42 720896 ----a-w- c:\windows\iun6002ev.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{396E5F17-26E2-2AEC-C244-7C5E0A47D098}]
2014-05-21 15:35 372224 ----a-w- c:\programdata\HAippy2Savea\OMvNsr8Q.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-03-02 689744]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-05-05 182352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Timmy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Timmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Timmy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SleepTimer.lnk]
path=c:\users\Timmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SleepTimer.lnk
backup=c:\windows\pss\SleepTimer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-09-15 13:34 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-04-15 06:26 138096 ----atw- c:\users\Timmy\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall]
2014-05-09 18:09 175528 ----a-w- c:\program files\Java\jre7\bin\javaw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_EEB5F8AA0ED462375287D8C91BC9B185]
2014-04-24 00:33 841032 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-09-14 02:38 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-01 23:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-05-13 12:29 3814736 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RazerGameBooster]
2014-02-25 17:38 61152 ----a-w- c:\program files\Razer\Razer Game Booster\RazerGameBooster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-05-08 07:51 21444224 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-05-29 17:36 1754816 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 auvzfanh;auvzfanh;c:\windows\system32\drivers\auvzfanh.sys [x]
R1 avqsyljw;avqsyljw;c:\windows\system32\drivers\avqsyljw.sys [x]
R1 bcmezbwb;bcmezbwb;c:\windows\system32\drivers\bcmezbwb.sys [x]
R1 grdueolg;grdueolg;c:\windows\system32\drivers\grdueolg.sys [x]
R1 iyefgqnd;iyefgqnd;c:\windows\system32\drivers\iyefgqnd.sys [x]
R1 mmtotfij;mmtotfij;c:\windows\system32\drivers\mmtotfij.sys [x]
R1 ohfaloyf;ohfaloyf;c:\windows\system32\drivers\ohfaloyf.sys [x]
R1 osedppzt;osedppzt;c:\windows\system32\drivers\osedppzt.sys [x]
R1 srmiacxn;srmiacxn;c:\windows\system32\drivers\srmiacxn.sys [x]
R1 vjugzali;vjugzali;c:\windows\system32\drivers\vjugzali.sys [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-03-02 440400]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-03-02 1017424]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [2014-05-19 49152]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2012-06-23 464384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-05-23 4598456]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2012-05-14 801896]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S1 MpKsled1f3119;MpKsled1f3119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85214CD5-A231-4EE8-95BF-BCEFBB04F1B8}\MpKsled1f3119.sys [2014-05-31 39464]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-02-13 47488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-05 124496]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-03-02 69240]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-05-13 1682768]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-15 375056]
S2 RzKLService;RzKLService;c:\program files\Razer\Razer Game Booster\RzKLService.exe [2014-02-25 105448]
S3 netr28u;TP-LINK Wireless Dual Band USB Adapter Driver;c:\windows\system32\DRIVERS\netr28u.sys [2012-12-27 1277504]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - GPU-Z
*NewlyCreated* - MPKSLED1F3119
*Deregistered* - GPU-Z
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 13:36 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 04:44]
.
2014-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-24558719-2126205106-1827937244-1004Core.job
- c:\users\Timmy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-15 06:26]
.
2014-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-24558719-2126205106-1827937244-1004UA.job
- c:\users\Timmy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-15 06:26]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 16:28]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 16:28]
.
2014-05-31 c:\windows\Tasks\SN.Booster-S-014941198.job
- c:\programdata\appready software\sn.booster\SN.Booster.exe [2013-05-06 15:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
TCP: Interfaces\{62754FEB-049A-4289-9BDF-793AC7A69E05}: NameServer = 192.168.2.1
TCP: Interfaces\{7F2CA31C-D9AF-40B4-897D-1A4932D9B888}\1323034716765667F6E637F646F6D6: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-31 21:16:40
ComboFix-quarantined-files.txt 2014-05-31 19:16
.
Vor Suchlauf: 10 Verzeichnis(se), 601.861.222.400 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 601.766.821.888 Bytes frei
.
- - End Of File - - EE7C9235A315AD73D49E06DFFBBC62C5
A36C5E4F47E84449FF07ED3517B43A31
Hoffe auf Hilfe!!! mfg Hippel02! |
|
31.05.2014, 20:25
| #3 |
| /// TB-Ausbilder | Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr gering So geht es weiter:
__________________Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
31.05.2014, 20:44
| #4 |
| | Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr gering Liebes Trojaner-Board! Hier Schritt 1, die folgenden Schritte (2-5) folgen!!! Info: AdwCleaner-Log Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 31/05/2014 um 21:32:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Timmy - LUKAS-PC
# Gestartet von : C:\Users\Timmy\Downloads\adwcleaner_3.211 (1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16866
-\\ Google Chrome v34.0.1847.131
*************************
AdwCleaner[R0].txt - [29101 octets] - [18/04/2014 23:47:23]
AdwCleaner[R1].txt - [1190 octets] - [19/04/2014 10:51:28]
AdwCleaner[R2].txt - [5797 octets] - [05/05/2014 15:41:12]
AdwCleaner[R3].txt - [10442 octets] - [06/05/2014 18:25:21]
AdwCleaner[R4].txt - [1651 octets] - [07/05/2014 06:44:05]
AdwCleaner[R5].txt - [9967 octets] - [15/05/2014 15:53:12]
AdwCleaner[R6].txt - [5398 octets] - [31/05/2014 17:49:49]
AdwCleaner[R7].txt - [1787 octets] - [31/05/2014 21:31:13]
AdwCleaner[S0].txt - [23091 octets] - [18/04/2014 23:48:53]
AdwCleaner[S1].txt - [1252 octets] - [19/04/2014 10:52:24]
AdwCleaner[S2].txt - [5858 octets] - [05/05/2014 15:42:02]
AdwCleaner[S3].txt - [9165 octets] - [06/05/2014 18:27:03]
AdwCleaner[S4].txt - [1626 octets] - [07/05/2014 06:44:50]
AdwCleaner[S5].txt - [9602 octets] - [15/05/2014 15:54:07]
AdwCleaner[S6].txt - [5373 octets] - [31/05/2014 17:53:50]
AdwCleaner[S7].txt - [1622 octets] - [31/05/2014 21:32:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1682 octets] ##########
Liebes Trojaner-Board Team! Hier Schritt 2! JunkwareRemovalTool-Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Timmy on 31.05.2014 at 21:39:51,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-24558719-2126205106-1827937244-1004\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\appshat-distribution_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\appshat-distribution_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricemeterd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricemeterd_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_steam_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_steam_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{396E5F17-26E2-2AEC-C244-7C5E0A47D098}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{396E5F17-26E2-2AEC-C244-7C5E0A47D098}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{396E5F17-26E2-2AEC-C244-7C5E0A47D098}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2014 at 21:41:56,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
31.05.2014, 20:56
| #5 |
| /// TB-Ausbilder | Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr gering Gut gemacht, immer weiter.  |
|
31.05.2014, 21:05
| #6 |
| | Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr gering Liebes Trojaner-Board Team!! Hier Schritt 3 von 5 !! Malwarebytes Anti-Malware -Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 31.05.2014 Suchlauf-Zeit: 21:52:36 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.31.09 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Timmy Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 285231 Verstrichene Zeit: 7 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.MultiPlug.A, C:\ProgramData\AppReady Software\SN.Booster\SN.Booster.exe, 336, Löschen bei Neustart, [39bcc98ec3b84bebe53d81b2bf42c23e] Module: 0 (No malicious items detected) Registrierungsschlüssel: 7 PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [7d78c29599e289ad232c71be897943bd], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E957849A-94AC-6F46-4623-C31474E3C170}, In Quarantäne, [c233c6919ae137ff3f41f6559b66a65a], PUP.Optional.Tarma.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\233df3d5-0503-4a36-8aaf-f3b35ab61bdb, In Quarantäne, [43b2c196b5c61224f0f5a4a128d8768a], PUP.Optional.Tarma.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\6206b9d9-558d-49f9-b1c9-d23c0025865a, In Quarantäne, [8372de79aecd7bbb10d52c197a8617e9], PUP.Optional.Tarma.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\8ff9a27f-d16a-4f1f-b37a-01d696a65f1e, In Quarantäne, [3fb693c43447d462cc1965e034cc7b85], PUP.Optional.SNBoost.A, HKLM\SOFTWARE\SN.Booster, In Quarantäne, [668f124578033bfba165593faf538878], PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [9065045386f5e1552e218c1c2ad88a76], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-24558719-2126205106-1827937244-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385496338873&tguid=75087-8679-1385496338873-853B9854D534B2751E1E8ED31C0544AB&q=%s, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385496338873&tguid=75087-8679-1385496338873-853B9854D534B2751E1E8ED31C0544AB&q=%s),Ersetzt,[d12426315e1d8bab37685808ed1743bd] Ordner: 0 (No malicious items detected) Dateien: 37 PUP.Optional.MultiPlug.A, C:\ProgramData\AppReady Software\SN.Booster\SN.Booster.exe, Löschen bei Neustart, [39bcc98ec3b84bebe53d81b2bf42c23e], PUP.Optional.MultiPlug.A, C:\ProgramData\HAippy2Savea\OMvNsr8Q.dll, In Quarantäne, [787d23342e4dd2647f01b29969987d83], PUP.Optional.MultiPlug.A, C:\ProgramData\HAippy2Savea\OMvNsr8Q.exe, In Quarantäne, [c233c6919ae137ff3f41f6559b66a65a], PUP.Optional.Tarma.A, C:\ProgramData\InstallMate\{579E7C0C-5E48-4569-A782-166A8C7D5EFA}\Setup.exe, In Quarantäne, [43b2c196b5c61224f0f5a4a128d8768a], PUP.Optional.Tarma.A, C:\ProgramData\InstallMate\{CCE445D9-9094-4486-A66D-D8B61707672F}\Setup.exe, In Quarantäne, [8372de79aecd7bbb10d52c197a8617e9], PUP.Optional.Tarma.A, C:\ProgramData\InstallMate\{CEC1B8C2-9212-4135-A3DE-DA3015229A34}\Setup.exe, In Quarantäne, [3fb693c43447d462cc1965e034cc7b85], Trojan.SProtector, C:\Program Files\SN.Booster, In Quarantäne, [dd18bc9b95e6b58163730a514fb27987], Trojan.SProtector, C:\Program Files\SNSvc.dll, In Quarantäne, [3abbbd9a89f22b0b7d5a3b2022df867a], PUP.Optional.AdPeak.A, C:\Temp\t.msi, In Quarantäne, [797c1d3a92e9241265226ee59173fe02], PUP.Optional.Domalq, C:\Users\Timmy\Downloads\Player Setup.exe, In Quarantäne, [c92c1f385e1d8fa75a4dd1738878966a], PUP.Optional.OutBrowse, C:\Users\Timmy\Downloads\setup (1).exe, In Quarantäne, [9f568bccd2a9cd69d27f5521de232ed2], PUP.Optional.InstalleRex, C:\Users\Timmy\Downloads\IGG-DayZ.StandAlone.part1.rar.exe, In Quarantäne, [ce27015686f558deee0c6716fb069967], PUP.Optional.AppReady, C:\Users\Timmy\Downloads\iTeebeutelMultihack.rar.exe, In Quarantäne, [db1ac0972853c373ed915c1e52af48b8], Trojan.Keylogger.MSIL, C:\Users\Timmy\Downloads\V4_Mod 2014 (1).rar, In Quarantäne, [a45168ef7902b3832aadef87ff019769], PUP.Optional.4Shared, C:\Users\Timmy\Downloads\chaos a.d keybinder 2.2.exe.part, In Quarantäne, [9f564c0b9ddef14570ed63bb748cb54b], Trojan.Ardamax, C:\Users\Timmy\Downloads\fileshare.ro_Metin2Mod PL 11 04 2014.rar, In Quarantäne, [c332dc7bceade65084708ee37789956b], PUP.Optional.OutBrowse, C:\Users\Timmy\Downloads\setup (2).exe, In Quarantäne, [04f1282f7308142252ffafc7b24f9070], PUP.Optional.Somoto, C:\Users\Timmy\Downloads\Mineshafter-launcher_downloader-8UICTeWm.exe, In Quarantäne, [995c35221863ad8981f4f8f4a45fa060], PUP.Optional.Somoto, C:\Users\Timmy\Downloads\7ZipSetup-cMnDyu3.exe, In Quarantäne, [c530be99cdae989eca598201ba4a58a8], PUP.Optional.Somoto.A, C:\Users\Timmy\Downloads\ClickHeretoDownloadSetup-bmrNRBCC.exe, In Quarantäne, [8d68a7b0a7d45adc66869c50e61d0df3], PUP.Optional.OutBrowse, C:\Users\Timmy\Downloads\COD 4 Full.exe, In Quarantäne, [10e53027532881b5995eb26b3dc340c0], PUP.Optional.Softonic, C:\Users\Timmy\Downloads\SoftonicDownloader_for_killing-floor.exe, In Quarantäne, [26cf97c075061026fafa9471946da65a], PUP.Optional.Softonic.A, C:\Users\Timmy\Downloads\Softonic_downloader_steam.exe, In Quarantäne, [e510480f3c3f3afcb89b2cf51de4f010], Spyware.MSIL, C:\Users\Timmy\Downloads\Metin2ModPL[14.02.2014] (1).rar, In Quarantäne, [fafbb3a49ae1d0663fae2925ed13d42c], Spyware.MSIL, C:\Users\Timmy\Downloads\Metin2ModPL[14.02.2014] (2).rar, In Quarantäne, [e0152c2bb4c7e254915cde704db39769], Spyware.MSIL, C:\Users\Timmy\Downloads\Metin2ModPL[14.02.2014].rar, In Quarantäne, [7e77ce894932181e74791e30f30d22de], PUP.Optional.Amonetize, C:\Users\Timmy\Downloads\DayZStandalone__7934_il12176725 (1).exe, In Quarantäne, [797cd97e334867cf4f2ec0c10ef3a35d], PUP.Optional.Amonetize, C:\Users\Timmy\Downloads\DayZStandalone__7934_il12176725.exe, In Quarantäne, [85702136e09b70c65c21bdc43cc546ba], PUP.Optional.OutBrowse, C:\Users\Timmy\Downloads\setup 2014.exe, In Quarantäne, [1fd6b7a0205bc37350a7ba63b848b848], PUP.Optional.Domalq, C:\Users\Timmy\Downloads\Setup(1).exe, In Quarantäne, [ee07322592e9b0862ba6b254dd23c937], PUP.Optional.Bechiro, C:\Users\Timmy\Downloads\Setup.exe, In Quarantäne, [eb0a5205f685241201b115d739cac43c], PUP.Optional.Amonetize.A, C:\Users\Timmy\AppData\Local\23690\a1923.exe, In Quarantäne, [52a33b1cceadd066c0991033c739b14f], PUP.Optional.AdPeak.A, C:\Windows\Installer\638b64.msi, In Quarantäne, [4baa5dfae5961c1af69194bf699b12ee], PUP.Optional.SNBooster.A, C:\Program Files\SN.Booster, In Quarantäne, [1adb1d3ade9d2f07ebeed7b83bc7b749], PUP.Optional.SNBooster.A, C:\Program Files\SNSvc.dll, In Quarantäne, [c4311b3cf8831026a03a147ba959649c], PUP.Optional.Superfish.A, C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [12e3e1762d4ebf77da38f89c10f2e11f], PUP.Optional.Superfish.A, C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [8075b7a0bbc0bb7b41d16034d42e926e], Physische Sektoren: 0 (No malicious items detected) (end) |
|
31.05.2014, 21:13
| #7 |
| /// TB-Ausbilder | Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr gering Fehlen nur noch Zoek und FRST, dann kann es weitergehen.  |
|
| Themen zu Browser Startet nicht, sowie jegliche Antiviren Programme, Downloadgeschwindigkeit sehr gering |
| downloadgeschwindigkeit, pup.optional.4shared, pup.optional.adpeak.a, pup.optional.amonetize, pup.optional.amonetize.a, pup.optional.appready, pup.optional.bechiro, pup.optional.coupondownloader.a, pup.optional.domalq, pup.optional.feven.a, pup.optional.installerex, pup.optional.multiplug.a, pup.optional.outbrowse, pup.optional.searchcertifiedtb.a, pup.optional.snboost.a, pup.optional.snbooster.a, pup.optional.softonic, pup.optional.softonic.a, pup.optional.somoto, pup.optional.somoto.a, pup.optional.superfish.a, pup.optional.tarma.a, spyware.msil, trojan.ardamax, trojan.keylogger.msil, trojan.sprotector |
WARNUNG an die MITLESER: 
Hybrid-Darstellung
