Internet Explorer macht sich selbstständig ... Werbungsbombe

cofe2212 · 28.12.2010, 23:02

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-12-26.01 - CoFe2212 28.12.2010  22:39:44.1.2 - x86
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.1014.177 [GMT 1:00]
ausgeführt von:: c:\users\CoFe2212\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\Language.xml
c:\program files\OfferBox\res\loader.gif
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\OfferBox Browser.lnk
c:\users\CoFe2212\AppData\Roaming\OfferBox
c:\users\CoFe2212\AppData\Roaming\OfferBox\config.dat
c:\users\CoFe2212\AppData\Roaming\OfferBox\config.xml
c:\users\CoFe2212\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\users\CoFe2212\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\users\CoFe2212\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\users\CoFe2212\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\users\CoFe2212\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\users\CoFe2212\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((   Dateien erstellt von 2010-11-28 bis 2010-12-28  ))))))))))))))))))))))))))))))
.

2010-12-28 21:58 . 2010-12-28 21:59	--------	d-----w-	c:\users\CoFe2212\AppData\Local\temp
2010-12-28 21:58 . 2010-12-28 21:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-28 16:48 . 2010-12-28 16:48	--------	d-----w-	c:\users\CoFe2212\AppData\Roaming\Malwarebytes
2010-12-28 16:48 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-28 16:48 . 2010-12-28 16:48	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-28 16:48 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-28 16:48 . 2010-12-28 16:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-12-28 01:32 . 2010-12-28 01:42	--------	d-----w-	C:\_OTL
2010-12-27 14:00 . 2010-12-27 14:00	388096	----a-r-	c:\users\CoFe2212\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-25 13:46 . 2010-12-25 13:46	--------	d-----w-	c:\windows\Sun
2010-12-25 13:35 . 2010-12-25 13:35	108032	--sha-r-	c:\windows\system32\snmptrap3.dll
2010-12-25 10:41 . 2008-11-08 09:55	621056	----a-r-	c:\windows\system32\drivers\mod7700.sys
2010-12-25 10:41 . 2008-11-08 09:55	113152	----a-r-	c:\windows\system32\drivers\ewusbnet.sys
2010-12-25 10:41 . 2008-11-08 09:55	101760	----a-r-	c:\windows\system32\drivers\ewusbmdm.sys
2010-12-25 10:41 . 2008-11-08 09:55	23424	----a-r-	c:\windows\system32\drivers\ewdcsc.sys
2010-12-25 10:40 . 2010-12-25 14:55	--------	d-----w-	c:\program files\Surf & E-Mail-Stick
2010-12-24 09:46 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2B5B41C-28E0-46A8-800C-41BF4ED237E3}\mpengine.dll
2010-12-14 23:37 . 2010-11-02 04:39	749056	----a-w-	c:\windows\system32\schedsvc.dll
2010-12-14 23:37 . 2010-11-02 04:41	351232	----a-w-	c:\windows\system32\wmicmiplugin.dll
2010-12-14 23:37 . 2010-11-02 04:40	496128	----a-w-	c:\windows\system32\taskschd.dll
2010-12-14 23:37 . 2010-11-02 04:40	305152	----a-w-	c:\windows\system32\taskcomp.dll
2010-12-14 23:37 . 2010-11-02 04:34	192000	----a-w-	c:\windows\system32\taskeng.exe
2010-12-14 23:37 . 2010-11-02 04:34	179712	----a-w-	c:\windows\system32\schtasks.exe
2010-12-14 23:36 . 2010-10-12 04:25	516096	----a-w-	c:\program files\Windows Mail\wab.exe
2010-12-14 23:36 . 2010-10-27 04:32	2048	----a-w-	c:\windows\system32\tzres.dll
2010-12-14 23:31 . 2010-10-20 04:54	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-12-14 23:31 . 2010-10-20 02:58	294400	----a-w-	c:\windows\system32\atmfd.dll
2010-12-14 23:31 . 2010-10-16 04:36	314368	----a-w-	c:\windows\system32\webio.dll
2010-12-14 23:31 . 2010-10-16 04:41	101760	----a-w-	c:\windows\system32\consent.exe
2010-12-14 23:30 . 2010-10-20 03:00	2327552	----a-w-	c:\windows\system32\win32k.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 12:25 . 2010-04-17 13:15	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-11-26 13:16 . 2010-04-17 13:15	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2010-04-19 16:12	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-07 11:23 . 2010-10-07 11:23	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23	107808	----a-w-	c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 10:47	297808	----a-w-	c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 10:47	297808	----a-w-	c:\windows\System32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-11-30 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-09-30 338096]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-04-17 2429]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\CoFe2212\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2009-03-11 572416]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2009-03-11 15616]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-10 135336]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-06-15 188736]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-07-09 65856]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-12-24 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 18:08]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 08:26]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 08:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.fissa.com/de/?s=h&c=1006224782&suid=EiZnfXcbW&d=4
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-12-28  23:03:24
ComboFix-quarantined-files.txt  2010-12-28 22:03

Vor Suchlauf: 8 Verzeichnis(se), 22.159.773.696 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 22.083.137.536 Bytes frei

- - End Of File - - 871805E0DA5F85E6A1373E5B52CD2E61

--- --- ---

Internet Explorer macht sich selbstständig ... Werbungsbombe

Log-Analyse und Auswertung: Internet Explorer macht sich selbstständig ... Werbungsbombe

Internet Explorer macht sich selbstständig ... Werbungsbombe

Ähnliche Themen: Internet Explorer macht sich selbstständig ... Werbungsbombe