Adware.MyWebSearch in Registrierungsschlüssel

Toppy · 18.10.2010, 09:24

Ok, hier die Cofi-Log-Datei:

Code:

ATTFilter

ComboFix 10-10-17.03 - *** 18.10.2010  10:13:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3581.2578 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe9349.dll
c:\programdata\hpeA708.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-18 bis 2010-10-18  ))))))))))))))))))))))))))))))
.

2010-10-16 14:48 . 2010-10-16 14:48	--------	d-----w-	C:\_OTL
2010-10-15 08:40 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 08:40 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-10-15 08:40 . 2010-09-06 16:20	125952	----a-w-	c:\windows\system32\srvsvc.dll
2010-10-15 08:40 . 2010-09-06 13:45	304128	----a-w-	c:\windows\system32\drivers\srv.sys
2010-10-15 08:40 . 2010-09-06 13:45	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-10-15 08:40 . 2010-09-06 13:45	145408	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-10-15 08:40 . 2010-09-06 16:19	17920	----a-w-	c:\windows\system32\netevent.dll
2010-10-15 08:38 . 2010-09-09 22:52	6084944	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{42D78BD6-540C-47C6-BB8F-A0E1FF647F81}\mpengine.dll
2010-10-15 08:30 . 2010-08-31 15:46	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-10-15 08:30 . 2010-08-31 15:46	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-10-15 08:30 . 2010-08-31 13:27	2038272	----a-w-	c:\windows\system32\win32k.sys
2010-10-15 08:30 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-10-15 08:28 . 2010-08-20 16:05	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-10-15 08:28 . 2010-08-31 15:44	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-10-11 15:30 . 2010-10-11 15:30	--------	d-----w-	c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-10-11 15:30 . 2010-10-11 15:30	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-10-11 15:27 . 2010-10-11 15:30	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-10-11 12:39 . 2010-10-11 12:39	--------	d-----w-	c:\programdata\TOSHIBA Tempro
2010-10-11 12:05 . 2010-10-11 12:05	--------	d-----w-	c:\users\***\AppData\Local\Apps
2010-10-11 12:03 . 2010-10-11 12:03	--------	d-----w-	c:\users\***\AppData\Roaming\PeerNetworking
2010-10-11 10:47 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 10:47 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-09 13:30 . 2010-10-09 13:30	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-10-09 13:30 . 2010-10-11 10:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-09 13:30 . 2010-10-09 13:30	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-09 13:21 . 2010-10-09 13:25	--------	d-----w-	c:\program files\RegCleaner
2010-10-09 13:14 . 2010-10-09 13:14	--------	d-----w-	c:\program files\CCleaner
2010-10-09 13:06 . 2010-10-09 13:06	--------	d-----w-	c:\program files\Windows Portable Devices
2010-10-09 13:03 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-10-09 13:02 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-10-09 13:02 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-10-09 13:02 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-10-09 11:48 . 2010-01-06 15:39	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-10-09 11:48 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-09 11:48 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-09 11:47 . 2009-10-23 17:10	714240	----a-w-	c:\windows\system32\timedate.cpl
2010-10-09 11:47 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc_isv.dll
2010-10-09 11:47 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc.dll
2010-10-09 11:47 . 2010-01-25 08:21	526336	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-10-09 11:47 . 2010-01-25 08:21	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-10-09 11:47 . 2010-01-25 08:21	518144	----a-w-	c:\windows\system32\RMActivate.exe
2010-10-09 11:47 . 2010-01-25 08:21	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-10-09 11:47 . 2010-01-25 12:00	152576	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-10-09 11:47 . 2010-01-25 12:00	152064	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-10-09 11:47 . 2010-01-25 11:58	332288	----a-w-	c:\windows\system32\msdrm.dll
2010-10-09 11:45 . 2010-08-17 10:52	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2010-10-09 11:45 . 2010-08-26 04:23	13312	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-10-09 11:45 . 2009-09-10 14:58	1418752	----a-w-	c:\program files\Windows Media Player\setup_wm.exe
2010-10-09 11:45 . 2009-09-10 14:58	310784	----a-w-	c:\windows\system32\unregmp2.exe
2010-10-09 11:31 . 2010-10-09 11:31	--------	d-----w-	c:\users\***\AppData\Roaming\Thunderbird
2010-10-09 11:31 . 2010-10-09 11:31	--------	d-----w-	c:\users\***\AppData\Local\Thunderbird
2010-10-09 11:30 . 2010-10-09 11:30	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-09-30 19:16 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-26 16:58 . 2010-09-26 16:58	--------	d-----w-	c:\users\***\AppData\Local\Nero_AG
2010-09-26 16:57 . 2010-10-02 13:06	--------	d-----w-	c:\users\***\AppData\Roaming\Nero
2010-09-26 16:11 . 2010-09-26 16:54	--------	d-----w-	c:\program files\Nero
2010-09-26 16:11 . 2010-09-26 17:07	--------	d-----w-	c:\programdata\Nero
2010-09-19 11:03 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-19 11:03 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-19 11:03 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-19 11:03 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06	1848648	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20	689488	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24	581632	----a-w-	c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{E77ABA55-7385-455F-B3FB-5455AAF873DA}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\69o36yfy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - 
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-18  10:19:26
ComboFix-quarantined-files.txt  2010-10-18 08:19

Vor Suchlauf: 7 Verzeichnis(se), 132.441.395.200 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 132.376.584.192 Bytes frei

- - End Of File - - 5A2765005758D33CC696455C731764EC

Adware.MyWebSearch in Registrierungsschlüssel

Plagegeister aller Art und deren Bekämpfung: Adware.MyWebSearch in Registrierungsschlüssel

Adware.MyWebSearch in Registrierungsschlüssel

Ähnliche Themen: Adware.MyWebSearch in Registrierungsschlüssel