| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google leitet auf ungewünschte Seiten weiter (redirect, jumper)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
10.02.2011, 16:30
| #1 |
| Account geschlossen |  Google leitet auf ungewünschte Seiten weiter (redirect, jumper) Hallo, seit einiger Zeit leitet wird wenn ich etwas mit Google suche sehr häufig auf unerwünschte Seiten weitergeleitet wenn ich ein Suchergebnis anklicke. MBAM hab ich etliche Male durchlaufen lassen, keine Funde. Hab jetzt ComboFix so wie in einem anderen Thread empfohlen angewendet wo jemand dasselbe Problem hat. Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-02-09.05 - Fabian 10.02.2011 16:04:21.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3999.2703 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
C:\readme.txt
c:\windows\isRS-000.tmp
c:\windows\system32\spool\DRIVERS\x64\3\E_IATIFJU.exe
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-10 bis 2011-02-10 ))))))))))))))))))))))))))))))
.
2011-02-10 13:06 . 2011-02-10 13:06 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-10 12:22 . 2011-02-10 12:22 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-02-10 12:22 . 2011-02-10 12:22 -------- d-----w- c:\windows\system32\wbem\en-US
2011-02-10 12:09 . 2011-02-10 12:09 -------- d-----w- c:\program files (x86)\Feedback Tool
2011-02-10 09:22 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 09:22 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-10 09:22 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 09:22 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-02-10 09:18 . 2011-01-13 01:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1B9938F-5592-4703-9F7A-2416F8D3C8E2}\mpengine.dll
2011-02-10 09:18 . 2011-01-26 06:53 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-10 09:18 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 09:18 . 2011-01-26 06:31 144384 ----a-w- c:\windows\system32\cdd.dll
2011-02-10 09:17 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 09:17 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 09:17 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-02-10 09:17 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-02-10 09:17 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-02-10 09:16 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-10 09:16 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-10 09:16 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 09:16 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-03 15:41 . 2011-02-03 15:48 -------- d-----w- c:\users\Fabian\AppData\Roaming\FileZilla
2011-02-03 15:41 . 2011-02-05 09:45 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-02-02 16:20 . 2011-02-10 15:01 -------- d-----w- c:\users\Fabian\AppData\Roaming\ICQ
2011-02-02 16:20 . 2011-02-02 18:13 -------- d-----w- c:\program files (x86)\ICQ7.4
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-29 13:23 . 2011-01-29 13:23 -------- d-----w- c:\users\Fabian\AppData\Roaming\Octoshape
2011-01-27 00:08 . 2011-01-27 00:39 -------- d-----w- c:\users\Fabian\AppData\Roaming\DMCache
2011-01-26 09:31 . 2011-01-26 09:31 -------- d-----w- c:\programdata\McAfee
2011-01-26 08:46 . 2011-01-26 08:46 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A964EABD-4B31-4AC2-9F7E-7F0885858CF4}\gapaengine.dll
2011-01-26 08:30 . 2011-01-26 08:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-01-26 08:30 . 2011-01-26 08:30 -------- d-----w- c:\windows\Temp4498F543-8251-F5BC-439F-C59EA90FD3D4-Signatures
2011-01-26 08:29 . 2011-01-26 08:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-26 08:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-12 08:33 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 12:19 . 2010-10-26 07:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-13 01:20 . 2010-04-04 20:53 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-20 17:08 . 2010-04-21 13:16 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 13:30 . 2010-12-17 13:30 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-12-17 13:29 . 2010-12-17 13:29 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-12-17 13:29 . 2010-12-17 13:29 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-12-04 10:19 . 2010-11-16 09:29 88274 ----a-w- c:\programdata\bdinstall.bin
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-02-02 119608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2010-10-05 549384]
R2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-27 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-27 35104]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys [2007-06-13 43320]
R3 dvblinkcap;DVBLink Capture B90A12CC6C544A961E7028D3A08A2C632551DE3F;c:\windows\system32\DRIVERS\dvblinkcap.sys [2010-04-12 18608]
R3 dvblinkcap2;DVBLink Capture 5C3B268ADE2E693A42BFBC49F3EBAF0AD3A57BFE25070C30B60F714F;c:\windows\system32\DRIVERS\dvblinkcap2.sys [2010-04-12 18608]
R3 dvblinkcap3;DVBLink Capture 1FC24AFA7DE950B5FDBDA8673412F3883AA61D96F28D057B3111D4B1FDD658C5;c:\windows\system32\DRIVERS\dvblinkcap3.sys [2010-04-12 18608]
R3 dvblinkcap4;DVBLink Capture 7A489C6F335339BF1349A65F6FF08BE465CAF3F7F02FAD0941DA1ED685D1245E228F1C238BF13D9691863A377E0231EA;c:\windows\system32\DRIVERS\dvblinkcap4.sys [2010-04-12 18608]
R3 dvblinktun;DVBLink Tuner 50700D4E15024598D94DCF7F283840B0F5F20935;c:\windows\system32\DRIVERS\dvblinktun.sys [2010-04-12 20784]
R3 dvblinktun2;DVBLink Tuner 6087B55DBA907503F9232E739AD4354E0DF9EA0EFA4808BA55BA79A1;c:\windows\system32\DRIVERS\dvblinktun2.sys [2010-04-12 20784]
R3 dvblinktun3;DVBLink Tuner 9E35F72855E3F9D9A737E369D508E65CAF3CE20DABEE2FD07E6D4D6ACD48B96C;c:\windows\system32\DRIVERS\dvblinktun3.sys [2010-04-12 20784]
R3 dvblinktun4;DVBLink Tuner 79D1057C34BF015640F64477EE6B73DDB692E0012920629BD513FAF19670B43DB91FC3DB70EE9CA15CDD3CCC9CD3D9DF;c:\windows\system32\DRIVERS\dvblinktun4.sys [2010-04-12 20784]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-17 13352]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2010-03-27 5435904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 PORTIO64;PORTIO64;c:\users\Fabian\Downloads\JungleFlasher v0.1.76 Beta (166)\JungleFlasher v0.1.76 Beta (166)\portio64.sys [2008-09-10 4096]
R3 sermux;Sierra Wireless Serial MUX;c:\windows\system32\DRIVERS\serialmux.sys [2008-04-22 39168]
R3 SwiProt;Sierra Wireless Protocol Driver;c:\windows\system32\DRIVERS\swiprot.sys [2007-05-02 30720]
R3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\DRIVERS\swnc8u55.sys [2010-01-28 283136]
R3 swvspser;MP VSP using Serial MUX;c:\windows\system32\DRIVERS\swvspser.sys [2008-03-04 24064]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2009-08-24 220696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2009-04-15 654640]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-10 20456]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 havasvc;HAVA Service;c:\program files (x86)\Monsoon Multimedia\HAVA\Common\havasvc.exe [2009-06-16 145408]
S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [2010-04-13 15008]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2010-06-02 380928]
S3 havabus;HAVA Bus Enumerator;c:\windows\system32\DRIVERS\havabus.sys [2009-06-16 45056]
S3 HAVATV;Hava Video Device;c:\windows\system32\DRIVERS\HAVATV.sys [2009-06-16 343168]
S3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\DRIVERS\HavaTV_10.sys [2009-06-16 343168]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 scrswix64;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswix64.sys [2010-01-19 27648]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-17 34032]
S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 23552]
S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\DRIVERS\swumx55.sys [2009-12-08 206848]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: {757878C0-41A3-417C-B61B-57FFE80F71D0} = 212.23.97.2 212.23.97.3
TCP: {ECED2042-1EAA-4E40-8867-77FB3BEA6477} = 62.134.11.4 195.182.110.132?
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\p85ul6zo.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://de.mg41.mail.yahoo.com/dc/launch?sysreq=ignore
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Virtual CD v10\System\VC10Tray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-10 16:20:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-10 15:20
Vor Suchlauf: 12 Verzeichnis(se), 423.091.240.960 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 422.546.018.304 Bytes frei
- - End Of File - - D842C66222831E89A222FFA0DA31FCD5
|
| Themen zu Google leitet auf ungewünschte Seiten weiter (redirect, jumper) |
| 64-bit, adobe, bonjour, combofix, defender, device driver, feedback, firefox, ftp, generic, google, leitet, libusb0.sys, log, m.exe, malware protection, microsoft security, microsoft security essentials, mozilla, object, problem, programdata, prozesse, realtek, security, seiten, sierra, software, starmoney, start menu, suche, synology, system, syswow64, temp, updates, usb, usbaapl64, vista, windows, windows 7 64-bit |
Deynet 
Baum-Darstellung