Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Reste von Toolbars o.ä. gefunden

Reste von Toolbars o.ä. gefunden


Log-Analyse und Auswertung: Reste von Toolbars o.ä. gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.08.2014, 16:56   #1
maskkulin
 
Reste von Toolbars o.ä. gefunden - Standard

Reste von Toolbars o.ä. gefunden


Hab mir vor ein paar Tagen "RadioRage" eingefangen, ich hab es entfernt, aber da scheint noch anderes drauf zu sein. Malwarebytes und Adwcleaner hab ich schon benutzt und die entprechenden files in die Quarantäne verschoben.


SystemLook:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 21:25 on 31/07/2014 by Jesse
Administrator - Elevation successful

========== filefind ==========

Searching for "*bprotector*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*LyricsContainer*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*BrowserDefender*"
No files found.

Searching for "*BabSolution*"
No files found.

Searching for "*RadioRage*"
No files found.

Searching for "*Conduit*"
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634067677527028750.png	--a---- 1346 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 7C78444B802879E92DCE86DAF35C3824
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084057716610000.png	--a---- 793 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 9D873E96E36B03DBD52AB98853407AF6
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059408641250.png	--a---- 1059 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] A227374511D48950EC48A6A15F4541BB
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059786610000.png	--a---- 789 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 86D3043D6F316587C3720F2FBBCC6549
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084060404266250.png	--a---- 728 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] A276D6E6345751686804933685E86F6E
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634262976368243750.png	--a---- 969 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] B033FEB6EADD5D827AD96FA0F0215B73
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634265435748037500.png	--a---- 1177 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 658B7FC9B84B15E731DDDD0E0AF2ABBD
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634382054836300000.png	--a---- 679 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] EB1B088EDD86F1B754A90947556A9115
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_ct2269050_Images_634775124572492500.png	--a---- 1392 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 2FE53D7A2CC73DEB8A0753B136AF88DC
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif	--a---- 419 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif	--a---- 322 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\9yxqable.default\CT2269050\toolbarImages\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321.png	--a---- 1666 bytes	[10:38 26/08/2013]	[15:22 26/07/2012] 672D1DFF2B0796954BCFA8C6A395C163
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634067677527028750.png	--a---- 1346 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 7C78444B802879E92DCE86DAF35C3824
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084057716610000.png	--a---- 793 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 9D873E96E36B03DBD52AB98853407AF6
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059408641250.png	--a---- 1059 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] A227374511D48950EC48A6A15F4541BB
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059786610000.png	--a---- 789 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 86D3043D6F316587C3720F2FBBCC6549
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084060404266250.png	--a---- 728 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] A276D6E6345751686804933685E86F6E
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634262976368243750.png	--a---- 969 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] B033FEB6EADD5D827AD96FA0F0215B73
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634265435748037500.png	--a---- 1177 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 658B7FC9B84B15E731DDDD0E0AF2ABBD
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634382054836300000.png	--a---- 679 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] EB1B088EDD86F1B754A90947556A9115
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_ct2269050_Images_634775124572492500.png	--a---- 1392 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 2FE53D7A2CC73DEB8A0753B136AF88DC
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif	--a---- 419 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif	--a---- 322 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 948781E4B6478290050ECA4423B89B1E
C:\Windows.old\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\e1ohexc5.default\CT2269050\toolbarImages\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321.png	--a---- 1666 bytes	[17:19 21/08/2013]	[15:22 26/07/2012] 672D1DFF2B0796954BCFA8C6A395C163

Searching for "*ilivid*"
No files found.

Searching for "*DataMngr*"
C:\Users\Jesse\AppData\Local\Temp\jrt\datamngr_del.reg	--a---- 386 bytes	[19:05 31/07/2014]	[03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

========== folderfind ==========

Searching for "*bprotector*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*LyricsContainer*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*BrowserDefender*"
No folders found.

Searching for "*BabSolution*"
No folders found.

Searching for "*RadioRage*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*ilivid*"
No folders found.

Searching for "*DataMngr*"
No folders found.

========== regfind ==========

Searching for "bprotector"
No data found.

Searching for "Iminent"
[HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
"OfferName"="Iminent"
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\BitTorrent\uTorrent]
"OfferName"="Iminent"

Searching for "LyricsContainer"
No data found.

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "BrowserDefender"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"

Searching for "BabSolution"
No data found.

Searching for "RadioRage"
No data found.

Searching for "Conduit"
No data found.

Searching for "ilivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup_C-r484-t-bf.exe]
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Jesse\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-1963634514-369274596-1414496168-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Jesse\AppData\Local\iLivid]

Searching for "DataMngr"
No data found.

-= EOF =-
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e15f42ec3840534f90f3e8b0fea09f50
# engine=19443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-31 10:26:32
# local_time=2014-08-01 12:26:32 (+0100, Mitteleurop臺sche Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 13746 171266082 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6737979 11236481 0 0
# scanned=1041736
# found=2
# cleaned=0
# scan_time=9330
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="Variante von Win32/CNETInstaller.B evtl. unerwunschte Anwendung" ac=I fn="C:\Users\Jesse\AppData\Local\Temp\KMP_3.9.0.126.exe"
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-01 17:16:30
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000040 Samsung_SSD_840_Series rev.DXT08B0Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Jesse\AppData\Local\Temp\ufdoqpoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                             000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\wininit.exe[780] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                           000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\csrss.exe[788] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                             000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[832] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\services.exe[872] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\lsass.exe[880] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                             000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                           000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\nvvsvc.exe[308] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                            000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[356] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                           000007f805e4f817 1 byte [62]
.text   C:\Windows\System32\svchost.exe[776] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                           000007f805e4f817 1 byte [62]
.text   C:\Windows\System32\svchost.exe[332] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                           000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\dwm.exe[1000] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                              000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\dwm.exe[1000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                       000007f80512177a 4 bytes [12, 05, F8, 07]
.text   C:\Windows\system32\dwm.exe[1000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                       000007f805121782 4 bytes [12, 05, F8, 07]
.text   C:\Windows\system32\svchost.exe[1056] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\igfxCUIService.exe[1236] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                   000007f805e4f817 1 byte [62]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                 000007f805e4f817 1 byte [62]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007f8000c1532 4 bytes [0C, 00, F8, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                    000007f8000c153a 4 bytes [0C, 00, F8, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007f8000c165a 4 bytes [0C, 00, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                           000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                              000007f8000c1532 4 bytes [0C, 00, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                              000007f8000c153a 4 bytes [0C, 00, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                            000007f8000c165a 4 bytes [0C, 00, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                    000007f80512177a 4 bytes [12, 05, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[1292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                    000007f805121782 4 bytes [12, 05, F8, 07]
.text   C:\Windows\system32\svchost.exe[1592] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1916] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\dashost.exe[2108] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007f805e4f817 1 byte [62]
.text   C:\Windows\System32\svchost.exe[2280] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 742                                                 000007fffb151b32 4 bytes [15, FB, FF, 07]
.text   C:\Windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 750                                                 000007fffb151b3a 4 bytes [15, FB, FF, 07]
.text   C:\Windows\system32\svchost.exe[2448] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2800] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                    000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[3188] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\svchost.exe[3256] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\taskhostex.exe[4012] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                       000007f805e4f817 1 byte [62]
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4084] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163  000007f805e4f817 1 byte [62]
.text   C:\Windows\Explorer.EXE[1516] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                  000007f805e4f817 1 byte [62]
.text   C:\Windows\Explorer.EXE[1516] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                           000007f80512177a 4 bytes [12, 05, F8, 07]
.text   C:\Windows\Explorer.EXE[1516] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                           000007f805121782 4 bytes [12, 05, F8, 07]
.text   C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163             000007f805e4f817 1 byte [62]
.text   C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                000007f8000c1532 4 bytes [0C, 00, F8, 07]
.text   C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                000007f8000c153a 4 bytes [0C, 00, F8, 07]
.text   C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4536] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246              000007f8000c165a 4 bytes [0C, 00, F8, 07]
.text   C:\Windows\system32\SearchIndexer.exe[4676] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                    000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\wbem\unsecapp.exe[5100] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                    000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[3580] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                    000007f805e4f817 1 byte [62]
.text   C:\Windows\system32\AUDIODG.EXE[4052] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163                                          000007f805e4f817 1 byte [62]

---- User IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!LoadImageW]                                                       [6c001610] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!SetWindowRgn]                                                     [6c00cc40] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!TrackPopupMenuEx]                                                 [6c00cb70] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[USER32.dll!PeekMessageW]                                                     [6c00b1d0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!DrawThemeTextEx]                                                 [6c0019d0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeBool]                                                    [6c001730] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeColor]                                                   [6c001910] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!OpenThemeData]                                                   [6c0015b0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeRect]                                                    [6c0017c0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\Explorer.EXE[dwmapi.dll!DwmEnableBlurBehindWindow]                                        [6c00cd80] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[dwmapi.dll!DwmSetWindowAttribute]                                     [6c009e00] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!ShowWindow]                                                [6c009880] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!PostMessageW]                                              [6c0098d0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!SetCursorPos]                                              [6c009db0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1516] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!TrackPopupMenu]                                            [6c009c40] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [788:812]                                                                                              fffff9600090e5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                    2127446564
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                  C:\Program Files (x86)\DAEMON Tools Pro\
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                  0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                               0x37 0xFD 0xE6 0x74 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                         0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                      0x5C 0x22 0xBB 0xFA ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                 0xFB 0x43 0xD5 0x76 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0                                         0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12                                      0x37 0x0C 0x37 0xB1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12                                 0xFB 0x43 0xD5 0x76 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq2                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq2@hdf12                                 0xFB 0x43 0xD5 0x76 ...

---- EOF - GMER 2.1 ----
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 43  
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (29.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

 

Themen zu Reste von Toolbars o.ä. gefunden
adobe, adobe flash player, antivirus, avast, dll, downloader, escan, explorer, firefox, flash player, google, harddisk, internet, internet explorer, lsass.exe, malwarebytes, microsoft, mozilla, nvidia, registry, services.exe, software, svchost.exe, temp, windows.old, winlogon.exe


« Keine Internet- trotz WLAN-Verbindung | BKA Virus auf Windows XP SP3 (Logfiles vorhanden) »


Ähnliche Themen: Reste von Toolbars o.ä. gefunden


  1. Toolbars, ADWare, usw..
    Plagegeister aller Art und deren Bekämpfung - 28.05.2015 (9)
  2. Windows7: Toolbars, Werbung Istart. Surfen unmöglich
    Log-Analyse und Auswertung - 13.09.2014 (13)
  3. Laptop - Spy-Adware - Toolbars verseucht
    Plagegeister aller Art und deren Bekämpfung - 16.08.2014 (3)
  4. Mobogenie+diverse certified-toolbars
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (37)
  5. Windows 7: diverse Toolbars und Rootkit durch Avira gefunden
    Log-Analyse und Auswertung - 15.06.2014 (18)
  6. Toolbars und weitere Plagegeister
    Plagegeister aller Art und deren Bekämpfung - 24.05.2014 (9)
  7. TRojaner eingefangen, Fishing Mails, Toolbars etc.
    Log-Analyse und Auswertung - 31.03.2014 (1)
  8. Toolbars und andere Malware durch Foxit Reader installiert
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (7)
  9. Mehrere Win32 Toolbars / vllt Trojaner
    Log-Analyse und Auswertung - 18.01.2014 (11)
  10. W7 Home Pro, Rechner extrem langsam, mind. 8 toolbars installiert, z.B. Iminent
    Log-Analyse und Auswertung - 06.11.2013 (9)
  11. Win XP: Toolbars und PUPs, z.B. ChatZum, New Tab u.a.
    Log-Analyse und Auswertung - 31.08.2013 (7)
  12. Div. Toolbars und immer wieder Blue Screens
    Log-Analyse und Auswertung - 31.07.2013 (1)
  13. Toolbars, BrowserDefender, HomeTab u.a.
    Log-Analyse und Auswertung - 06.07.2013 (16)
  14. Ein hartnäckiger Rootkit, und Toolbars nehme ich an
    Log-Analyse und Auswertung - 14.08.2012 (33)
  15. Trojaner gefunden, Reste wie entfernen?
    Log-Analyse und Auswertung - 11.04.2012 (6)
  16. Nach Neuaufsetzen Spyware/Toolbars u.a. Win32/Adware.Toolbar.Dealio ... wie schlimm?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (2)
  17. Ein paar Toolbars...?
    Log-Analyse und Auswertung - 06.10.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Reste von Toolbars o.ä. gefunden - Hab mir vor ein paar Tagen "RadioRage" eingefangen, ich hab es entfernt, aber da scheint noch anderes drauf zu sein. Malwarebytes und Adwcleaner hab ich schon benutzt und die entprechenden - Reste von Toolbars o.ä. gefunden...
Archiv
Du betrachtest: Reste von Toolbars o.ä. gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131