Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: CoinMiner in C:\windows\ufa\ufa.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.11.2011, 18:40   #1
Midei
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



Guten Tag.

Ich habe mir leider einen Schädling über Facebook eingefangen.

Der Schädling befindet sich in C:\windows\ufa\ufa.exe und wurde mit CoinMiner benannt.
Habe die ufa.exe zwar versucht zu löschen aber die exe kommt immer wieder.
Da mir die Abläufe hier schon bekannt sind habe ich sonst noch nichts unternommen und hoffe nun hier auf eure Kompetente Hilfe.

Habe ein 64bit Sytem und GMER deshalb nicht angewendet.

Hier ist der OTL-Log:

Zitat:
OTL logfile created on: 01.11.2011 18:22:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\frederic\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 66,80% Memory free
7,60 Gb Paging File | 6,04 Gb Available in Paging File | 79,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,34 Gb Total Space | 198,83 Gb Free Space | 71,69% Space Free | Partition Type: NTFS
Drive D: | 20,46 Gb Total Space | 2,98 Gb Free Space | 14,55% Space Free | Partition Type: NTFS
Drive F: | 479,72 Mb Total Space | 459,39 Mb Free Space | 95,76% Space Free | Partition Type: FAT

Computer Name: FREDERICPC | User Name: frederic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.01 18:04:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\frederic\Desktop\OTL.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.31 13:50:31 | 001,942,528 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.10.29 18:38:05 | 000,344,576 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011.10.29 18:38:05 | 000,344,576 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011.10.29 18:35:12 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32_.exe
PRC - [2011.10.29 18:35:12 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32.exe
PRC - [2011.10.29 18:23:49 | 001,109,504 | -H-- | M] (Cronosoft) -- C:\Windows\update.tray-8-0-lnk\svchost.exe
PRC - [2011.10.29 18:23:49 | 001,109,504 | -H-- | M] (Cronosoft) -- C:\Windows\update.tray-8-0\svchost.exe
PRC - [2011.10.29 18:23:49 | 001,109,504 | -H-- | M] (Cronosoft) -- C:\Windows\update.1\svchost.exe
PRC - [2011.10.29 18:23:49 | 001,109,504 | -H-- | M] (Cronosoft) -- C:\Windows\update.1\svchost.exe
PRC - [2011.10.29 18:23:49 | 001,109,504 | -H-- | M] (Cronosoft) -- C:\Windows\update.1\svchost.exe
PRC - [2011.09.06 00:33:00 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.07.27 21:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.06.29 21:12:38 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\SysWOW64\mmrtkrnl.exe
PRC - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.06.29 17:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.06.24 21:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010.05.01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2011.10.29 18:35:12 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32_.exe
MOD - [2011.10.29 18:35:12 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32.exe
MOD - [2011.09.06 00:33:00 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010.06.16 11:48:34 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.06.16 11:48:32 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.06.16 11:48:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.06.22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009.07.08 11:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011.10.29 18:35:12 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\Windows\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.10.26 21:09:27 | 003,552,856 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_807ba95.dll -- (Akamai)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.06.18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.05.01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.05.01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.06.24 21:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.06.22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.05.28 00:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.05.01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010.04.13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.05 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.11 23:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.10.26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.08 11:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009.07.08 11:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=3e66092000000000000018f46ab48de3&tlver=1.4.31.2&instlRef=sst&affID=100378&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\frederic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\frederic\AppData\Roaming\Flatcast\NpFv522.dll (1 mal 1 Software GmbH)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.14 14:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 15:32:38 | 000,000,000 | ---D | M]

[2010.12.23 17:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\frederic\AppData\Roaming\mozilla\Extensions
[2011.10.29 22:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\frederic\AppData\Roaming\mozilla\Firefox\Profiles\1xh4fl4n.default\extensions
[2011.09.29 18:56:57 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\frederic\AppData\Roaming\mozilla\Firefox\Profiles\1xh4fl4n.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.02.13 12:29:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\frederic\AppData\Roaming\mozilla\Firefox\Profiles\1xh4fl4n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.26 20:12:54 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\frederic\AppData\Roaming\mozilla\Firefox\Profiles\1xh4fl4n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.05.21 09:43:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\frederic\AppData\Roaming\mozilla\Firefox\Profiles\1xh4fl4n.default\extensions\engine@conduit.com
[2011.08.02 02:24:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\frederic\AppData\Roaming\mozilla\Firefox\Profiles\1xh4fl4n.default\extensions\ffxtlbr@babylon.com
[2011.10.29 22:05:02 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\frederic\AppData\Roaming\mozilla\Firefox\Profiles\1xh4fl4n.default\extensions\toolbar@ask.com
[2011.07.27 21:37:48 | 000,002,333 | ---- | M] () -- C:\Users\frederic\AppData\Roaming\Mozilla\Firefox\Profiles\1xh4fl4n.default\searchplugins\askcom.xml
[2011.02.13 12:30:10 | 000,000,873 | ---- | M] () -- C:\Users\frederic\AppData\Roaming\Mozilla\Firefox\Profiles\1xh4fl4n.default\searchplugins\conduit.xml
[2011.10.24 23:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.24 20:25:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 01:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.04 11:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.24 23:49:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.14 14:55:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 10:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll
[2011.10.14 14:55:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.14 14:55:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.14 14:55:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.14 14:55:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.14 14:55:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.14 14:55:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.11.01 18:17:28 | 000,202,984 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 127.0.0.1 tl-ph.facebook.com
O1 - Hosts: 127.0.0.1 fo-fo.facebook.com
O1 - Hosts: 127.0.0.1 fr-fr.facebook.com
O1 - Hosts: 127.0.0.1 fy-nl.facebook.com
O1 - Hosts: 127.0.0.1 ga-ie.facebook.com
O1 - Hosts: 127.0.0.1 gl-es.facebook.com
O1 - Hosts: 127.0.0.1 ko-kr.facebook.com
O1 - Hosts: 50053 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [1143316.exe] C:\Windows\Temp\1143316.exe ()
O4 - HKLM..\Run: [3109913.exe] C:\Windows\Temp\3109913.exe ()
O4 - HKLM..\Run: [4127657.exe] C:\Users\frederic\AppData\Local\Temp\4127657.exe ()
O4 - HKLM..\Run: [5588705.exe] C:\Windows\Temp\5588705.exe ()
O4 - HKLM..\Run: [9927735.exe] C:\Windows\Temp\9927735.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-8-0\svchost.exe (Cronosoft)
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe (Cronosoft)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\frederic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\frederic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{116CD85F-DF96-40E7-A5A9-68E075C4F756}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.01 18:15:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\frederic\Desktop\OTL.exe
[2011.11.01 17:35:34 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011.11.01 17:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.10.29 22:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.29 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011.10.29 21:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.29 18:42:45 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011.10.29 18:42:09 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011.10.29 18:42:09 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011.10.29 18:38:06 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011.10.29 18:34:53 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011.10.29 18:33:40 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011.10.29 18:33:39 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011.10.29 18:33:39 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011.10.29 18:23:55 | 001,109,504 | ---- | C] (Cronosoft) -- C:\Windows\services32.exe
[2011.10.26 21:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2011.10.26 21:58:41 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011.10.26 21:56:58 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Roaming\InstallShield
[2011.10.26 21:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011.10.26 17:16:19 | 000,000,000 | ---D | C] -- C:\Users\frederic\Documents\Webcam
[2011.10.26 16:50:51 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Roaming\com.socialbox.socialbox
[2011.10.24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.20 00:23:07 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Roaming\TeamViewer
[2011.10.14 15:32:17 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Roaming\Avira
[2011.10.14 15:31:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.14 15:31:53 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.14 15:31:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.13 19:17:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.13 19:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.10.12 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.10.03 13:01:41 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Roaming\CyberLink
[2011.10.03 12:59:18 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Local\CyberLink
[2011.10.03 12:59:17 | 000,000,000 | ---D | C] -- C:\Users\frederic\AppData\Local\PowerCinema

========== Files - Modified Within 30 Days ==========

[2011.11.01 18:24:32 | 001,498,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.01 18:24:32 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.01 18:24:32 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.01 18:24:32 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.01 18:24:32 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.01 18:24:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 18:24:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 18:17:54 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011.11.01 18:17:54 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011.11.01 18:17:54 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.11.01 18:17:54 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011.11.01 18:17:28 | 000,202,984 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.01 18:17:28 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011.11.01 18:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.01 18:16:57 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.01 18:16:15 | 000,000,000 | ---- | M] () -- C:\Users\frederic\defogger_reenable
[2011.11.01 18:13:14 | 000,302,592 | ---- | M] () -- C:\Users\frederic\Desktop\gmer juivburf.exe
[2011.11.01 18:04:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\frederic\Desktop\OTL.exe
[2011.11.01 17:48:12 | 000,050,477 | ---- | M] () -- C:\Users\frederic\Desktop\Defogger.exe
[2011.10.31 13:50:32 | 000,000,112 | ---- | M] () -- C:\Windows\info1
[2011.10.29 21:06:33 | 000,000,949 | ---- | M] () -- C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
[2011.10.29 18:38:05 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.10.29 18:35:43 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011.10.29 18:35:12 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32_.exe
[2011.10.29 18:35:12 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32.exe
[2011.10.29 18:23:49 | 001,109,504 | ---- | M] (Cronosoft) -- C:\Windows\services32.exe
[2011.10.29 11:58:48 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForfrederic.job
[2011.10.26 21:58:41 | 000,001,429 | ---- | M] () -- C:\Users\Public\Desktop\Shaiya.lnk
[2011.10.13 09:59:22 | 000,285,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2011.11.01 18:16:15 | 000,000,000 | ---- | C] () -- C:\Users\frederic\defogger_reenable
[2011.11.01 18:15:44 | 000,302,592 | ---- | C] () -- C:\Users\frederic\Desktop\gmer juivburf.exe
[2011.11.01 17:54:24 | 000,050,477 | ---- | C] () -- C:\Users\frederic\Desktop\Defogger.exe
[2011.11.01 17:35:33 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011.10.29 18:42:08 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011.10.29 18:42:08 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011.10.29 18:38:06 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011.10.29 18:38:06 | 000,000,112 | ---- | C] () -- C:\Windows\info1
[2011.10.29 18:38:05 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011.10.29 18:38:05 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011.10.29 18:35:39 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011.10.29 18:35:36 | 000,258,048 | ---- | C] () -- C:\Windows\sysdriver32_.exe
[2011.10.29 18:35:22 | 000,258,048 | ---- | C] () -- C:\Windows\sysdriver32.exe
[2011.10.26 21:58:41 | 000,001,429 | ---- | C] () -- C:\Users\Public\Desktop\Shaiya.lnk
[2011.10.26 16:50:51 | 000,000,949 | ---- | C] () -- C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
[2011.06.14 19:12:55 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.06.14 19:12:53 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.04.10 22:36:58 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2011.04.10 22:36:58 | 000,000,864 | ---- | C] () -- C:\Windows\unins000.dat
[2010.09.16 00:52:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.16 00:46:34 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.09.16 00:45:11 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.09.16 00:45:11 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.09.16 00:45:11 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.09.16 00:45:11 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.09.16 00:45:10 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.09.16 00:45:09 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.16 00:44:53 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.09.16 00:44:53 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.09.16 00:42:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.24 02:16:50 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.07.24 01:25:10 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011.03.05 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\AlcaTech
[2011.10.29 01:49:40 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\Azureus
[2011.08.02 02:24:03 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\Babylon
[2011.10.26 16:50:51 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\com.socialbox.socialbox
[2011.10.12 12:01:29 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.09.26 08:10:20 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\DVDVideoSoft
[2011.02.13 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.10 22:36:58 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\Flatcast
[2011.04.15 18:44:31 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\Raptr
[2011.10.20 00:23:07 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\TeamViewer
[2011.01.27 19:02:58 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\TS3Client
[2011.08.02 01:25:37 | 000,000,000 | ---D | M] -- C:\Users\frederic\AppData\Roaming\Unity
[2011.11.01 17:11:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.12.23 16:56:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.01.11 02:30:19 | 000,000,000 | ---D | M] -- C:\7e8730c77035466a98d48c9d0a197b
[2011.10.26 21:58:41 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2010.07.24 12:34:34 | 000,000,000 | -HSD | M] -- C:\boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.23 16:50:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.02 02:51:16 | 000,000,000 | ---D | M] -- C:\Download
[2010.09.16 01:13:18 | 000,000,000 | -H-D | M] -- C:\HP
[2011.09.17 01:35:47 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.01 17:01:10 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.29 22:04:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.10.29 22:04:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.23 16:50:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.23 16:51:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.09.16 17:16:44 | 000,000,000 | ---D | M] -- C:\SwSetup
[2011.11.01 18:23:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.23 16:51:22 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011.02.13 12:29:42 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.01 17:35:34 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.24 08:45:35 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.07.24 08:38:29 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.24 08:45:35 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.07.24 08:38:29 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.07.24 08:45:35 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.07.24 08:38:29 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.24 08:45:35 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.07.24 08:38:29 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.24 08:45:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.24 08:45:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.24 08:45:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
lg Midei
Angehängte Dateien
Dateityp: txt Extras.Txt (79,9 KB, 163x aufgerufen)

Alt 01.11.2011, 18:42   #2
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



hi,
1. kannst du den absender des links informieren, der ist mit malware infiziert.
er muss alle seine kontakte informieren, denn er versendet den link.
jeder der das teil geöffnet hat muss wiederum seine kontakte informieren, usw.
du musst also auch deine kontakte informieren.
sie können sich hier melden.
ich hätte gern den link, den du bei facebook bekommen hast, als private nachicht bitte.
falls du begonnen hast, links zu versenden, dann möchte ich auch diese.
__________________

__________________

Alt 01.11.2011, 19:18   #3
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
__________________

Alt 01.11.2011, 20:38   #4
Midei
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



Sodala

Habe jetzt sehr lange versucht den Avira Antivir zu beenden/enfternen.

Der ist in irgend einem Modus wo ich nicht mehr auf ihn zugreifen kann.

Hoffe das man trozdem etwas tun kann =/

Hier der Combofix log:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-01.04 - frederic 01.11.2011  20:23:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.43.1031.18.3894.2453 [GMT 1:00]
ausgeführt von:: c:\users\frederic\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0407.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\Temp\1143316.exe
c:\windows\Temp\5588705.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0-lnk\svchost.exe
c:\windows\update.tray-8-0
c:\windows\update.tray-8-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-01 bis 2011-11-01  ))))))))))))))))))))))))))))))
.
.
2011-11-01 19:31 . 2011-11-01 19:31	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA16D665-EC75-4873-8AFE-F2336734BB25}\offreg.dll
2011-11-01 19:28 . 2011-11-01 19:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-01 16:35 . 2011-11-01 17:17	--------	d-----w-	c:\windows\ufa
2011-11-01 16:01 . 2011-11-01 16:01	--------	d-----w-	c:\program files\CCleaner
2011-10-29 20:23 . 2011-10-29 20:23	--------	d-----w-	c:\program files (x86)\Avira
2011-10-29 17:38 . 2011-11-01 17:17	246272	----a-w-	c:\windows\unrar.exe
2011-10-28 23:20 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA16D665-EC75-4873-8AFE-F2336734BB25}\mpengine.dll
2011-10-26 20:58 . 2011-10-26 20:58	--------	d-----w-	C:\AeriaGames
2011-10-26 20:56 . 2011-10-26 20:56	--------	d-----w-	c:\users\frederic\AppData\Roaming\InstallShield
2011-10-26 20:09 . 2011-11-01 19:29	--------	d-----w-	c:\program files (x86)\Common Files\Akamai
2011-10-26 15:50 . 2011-10-26 15:50	--------	d-----w-	c:\users\frederic\AppData\Roaming\com.socialbox.socialbox
2011-10-26 14:53 . 2011-08-15 05:08	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-26 14:53 . 2011-08-15 04:25	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-24 22:49 . 2011-10-24 22:49	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-10-19 23:23 . 2011-10-19 23:23	--------	d-----w-	c:\users\frederic\AppData\Roaming\TeamViewer
2011-10-14 14:32 . 2011-10-14 14:32	--------	d-----w-	c:\users\frederic\AppData\Roaming\Avira
2011-10-14 14:31 . 2011-10-11 13:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-14 14:31 . 2011-10-11 13:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-14 14:31 . 2011-10-11 13:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-13 18:17 . 2011-10-13 18:17	--------	d-----w-	c:\windows\system32\Macromed
2011-10-13 18:17 . 2011-10-13 18:17	--------	d-----w-	c:\programdata\McAfee
2011-10-12 11:01 . 2011-10-12 11:01	--------	d-----w-	c:\users\frederic\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2011-10-03 12:01 . 2011-10-26 16:16	--------	d-----w-	c:\users\frederic\AppData\Roaming\CyberLink
2011-10-03 11:59 . 2011-10-03 11:59	--------	d-----w-	c:\users\frederic\AppData\Local\CyberLink
2011-10-03 11:59 . 2011-10-03 11:59	--------	d-----w-	c:\users\frederic\AppData\Local\PowerCinema
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 18:21 . 2011-05-14 17:07	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-05 18:23 . 2011-04-11 22:54	771888	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-03 11:56 . 2011-02-23 22:02	845632	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 03:06 . 2010-07-24 00:36	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-16 20:36 . 2011-09-17 00:34	258352	----a-w-	c:\windows\SysWow64\unicows.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08	2393184	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-05 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-29 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Realtime Audio Engine"="mmrtkrnl.exe" [2010-06-29 70144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-3-5 0]
Socialbox.lnk - c:\program files (x86)\Socialbox\Socialbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 11:38	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-29 c:\windows\Tasks\HPCeeScheduleForfrederic.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"combofix"="c:\combofix\CF15335.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\frederic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\frederic\AppData\Roaming\Mozilla\Firefox\Profiles\1xh4fl4n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=3e66092000000000000018f46ab48de3&tlver=1.4.31.2&instlRef=sst&affID=100378&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico0 - c:\windows\update.tray-8-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_807ba95.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_807ba95.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\SysWOW64\mmrtkrnl.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-01  20:35:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-01 19:35
.
Vor Suchlauf: 11 Verzeichnis(se), 213.442.322.432 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 213.118.246.912 Bytes frei
.
- - End Of File - - CA633C708950077C650276FCEE29CF3E[/QUOTE]
         
--- --- ---

mfg

Alt 01.11.2011, 20:49   #5
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



ok, jetzt muss ich mir was ansehen.
öffne computer, öffne c:
öffne qoobox, rechtsklick quarantain, mit winrar, zip oder nem andern pack programm packen, archiv nach link hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.11.2011, 21:03   #6
Midei
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



ok habs gezipt und dort hochgeladen

hab aber keine bestätigung oder so bekommen, weiss daher nicht ob alles geklappt hat

Alt 01.11.2011, 21:07   #7
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



ist warscheinlich zu groß
lad das zip mal bei
File-Upload.net - Ihr kostenloser File Hoster!
hoch und send mir den link als private nachicht.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2011, 11:53   #8
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2011, 15:58   #9
Midei
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



Alles wie beschrieben ausgeführt


Hier die Log Datei.

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8068

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.11.2011 15:52:05
mbam-log-2011-11-02 (15-52-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 321030
Laufzeit: 26 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\Windows\services32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.1\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.2\svchost.exe.vir (Trojan.Dropper.H) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.5.0\svchost.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.tray-8-0\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.tray-8-0-lnk\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\frederic\downloads\flash-player(1).exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\frederic\downloads\flash-player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
lg

Alt 02.11.2011, 16:01   #10
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



tdss killer nutzen, log posten bitte
http://www.trojaner-board.de/82358-t...entfernen.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2011, 16:09   #11
Midei
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



Auch soeben durchgeführt.

Das Programm schrieb mir nur das er nichts gefunden hat.
Habe keine Log Datei gefunden^^

Alt 02.11.2011, 16:12   #12
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



start suchen, tippe:
editor
drücke enter
kopiere rein:

Killall::
Rootkit::
Folder::
c:\Windows\ufa


datei speichern unter, typ, alle dateien, name
cfscript.txt
speicherort, dort wo sich combofix.exe befindet.
schalte wieder alles an laufenden programmen aus, auch das im system tray. meist über rechtsklick, und beenden, bzw bei avira deaktivieren
ziehe cfscript auf combofix, programm startet log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2011, 16:30   #13
Midei
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



Hallo

ComboFix in Verbindung mit dem Script ausgeführt.

Hier die Log Datei dazu.

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-02.01 - frederic 02.11.2011  16:20:06.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.43.1031.18.3894.2648 [GMT 1:00]
ausgeführt von:: c:\users\frederic\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\frederic\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ufa
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-02 bis 2011-11-02  ))))))))))))))))))))))))))))))
.
.
2011-11-02 15:23 . 2011-11-02 15:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-02 14:21 . 2011-11-02 14:21	--------	d-----w-	c:\users\frederic\AppData\Roaming\Malwarebytes
2011-11-02 14:21 . 2011-11-02 14:21	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-02 14:21 . 2011-11-02 14:21	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-02 14:21 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-01 16:01 . 2011-11-01 16:01	--------	d-----w-	c:\program files\CCleaner
2011-10-29 20:23 . 2011-10-29 20:23	--------	d-----w-	c:\program files (x86)\Avira
2011-10-29 17:38 . 2011-11-01 17:17	246272	----a-w-	c:\windows\unrar.exe
2011-10-28 23:20 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA16D665-EC75-4873-8AFE-F2336734BB25}\mpengine.dll
2011-10-26 20:58 . 2011-10-26 20:58	--------	d-----w-	C:\AeriaGames
2011-10-26 20:56 . 2011-10-26 20:56	--------	d-----w-	c:\users\frederic\AppData\Roaming\InstallShield
2011-10-26 20:09 . 2011-11-02 15:24	--------	d-----w-	c:\program files (x86)\Common Files\Akamai
2011-10-26 15:50 . 2011-10-26 15:50	--------	d-----w-	c:\users\frederic\AppData\Roaming\com.socialbox.socialbox
2011-10-26 14:53 . 2011-08-15 05:08	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-26 14:53 . 2011-08-15 04:25	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-24 22:49 . 2011-10-24 22:49	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-10-19 23:23 . 2011-10-19 23:23	--------	d-----w-	c:\users\frederic\AppData\Roaming\TeamViewer
2011-10-14 14:32 . 2011-10-14 14:32	--------	d-----w-	c:\users\frederic\AppData\Roaming\Avira
2011-10-14 14:31 . 2011-10-11 13:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-14 14:31 . 2011-10-11 13:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-14 14:31 . 2011-10-11 13:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-13 18:17 . 2011-10-13 18:17	--------	d-----w-	c:\windows\system32\Macromed
2011-10-13 18:17 . 2011-10-13 18:17	--------	d-----w-	c:\programdata\McAfee
2011-10-12 11:01 . 2011-10-12 11:01	--------	d-----w-	c:\users\frederic\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 18:21 . 2011-05-14 17:07	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-05 18:23 . 2011-04-11 22:54	771888	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-03 11:56 . 2011-02-23 22:02	845632	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 03:06 . 2010-07-24 00:36	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-16 20:36 . 2011-09-17 00:34	258352	----a-w-	c:\windows\SysWow64\unicows.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-01_19.32.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 22:16 . 2011-11-02 14:55	53086              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-02 14:55	39618              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-01 18:33	39618              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-23 15:52 . 2011-11-02 14:55	12920              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1715339252-1460594986-40455344-1000_UserData.bin
- 2010-12-23 13:47 . 2011-10-28 23:25	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 13:47 . 2011-11-01 20:41	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 13:47 . 2011-10-28 23:25	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-23 13:47 . 2011-11-01 20:41	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-01 20:41	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-28 23:25	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 16:00 . 2011-11-02 14:56	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 16:00 . 2011-11-01 19:31	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 16:00 . 2011-11-01 19:31	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-23 16:00 . 2011-11-02 14:56	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-23 16:00 . 2011-11-01 19:31	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 16:00 . 2011-11-02 14:56	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 15:50 . 2011-11-02 15:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 15:50 . 2011-11-01 19:31	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 15:50 . 2011-11-02 15:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-23 15:50 . 2011-11-01 19:31	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-14 14:29 . 2011-11-01 17:16	1964              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-10-14 14:29 . 2011-11-02 14:53	1964              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-11-01 19:29 . 2011-11-01 19:29	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-02 15:23 . 2011-11-02 15:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-01 19:29 . 2011-11-01 19:29	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-02 15:23 . 2011-11-02 15:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-23 17:23 . 2011-11-01 20:56	242280              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-11-02 15:07	616008              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-01 18:36	616008              c:\windows\system32\perfh009.dat
+ 2010-07-24 07:32 . 2011-11-02 15:07	654166              c:\windows\system32\perfh007.dat
- 2010-07-24 07:32 . 2011-11-01 18:36	654166              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2011-11-01 18:36	106388              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-02 15:07	106388              c:\windows\system32\perfc009.dat
- 2010-07-24 07:32 . 2011-11-01 18:36	130006              c:\windows\system32\perfc007.dat
+ 2010-07-24 07:32 . 2011-11-02 15:07	130006              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2011-11-01 19:28	234640              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-02 15:23	234640              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-14 23:30 . 2011-11-02 15:23	3936564              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1715339252-1460594986-40455344-1000-12288.dat
- 2011-07-14 23:30 . 2011-11-01 19:28	3936564              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1715339252-1460594986-40455344-1000-12288.dat
- 2009-07-14 02:34 . 2011-10-29 17:55	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-02 14:34	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08	2393184	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-05 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-29 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Realtime Audio Engine"="mmrtkrnl.exe" [2010-06-29 70144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-3-5 0]
Socialbox.lnk - c:\program files (x86)\Socialbox\Socialbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 11:38	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-29 c:\windows\Tasks\HPCeeScheduleForfrederic.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\frederic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\frederic\AppData\Roaming\Mozilla\Firefox\Profiles\1xh4fl4n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=3e66092000000000000018f46ab48de3&tlver=1.4.31.2&instlRef=sst&affID=100378&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_807ba95.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_807ba95.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\mmrtkrnl.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-02  16:27:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-02 15:27
ComboFix2.txt  2011-11-01 19:35
.
Vor Suchlauf: 16 Verzeichnis(se), 211.304.087.552 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 211.226.480.640 Bytes frei
.
- - End Of File - - 3330F7BB1D06B3FEC0CF71706E392B67[/QUOTE]
         
--- --- ---

lg

Alt 02.11.2011, 16:53   #14
markusg
/// Malware-holic
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



wie läuft das system im moment?
lade den CCleaner standard:
CCleaner Download - CCleaner 3.12.1572
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2011, 17:20   #15
Midei
 
CoinMiner in C:\windows\ufa\ufa.exe - Standard

CoinMiner in C:\windows\ufa\ufa.exe



Erledigt.

Weiss bei einigen Sachen nicht ob sie unnötig sind hab da noch ein paar "???" angehängt.

Zitat:
Acrobat.com Adobe Systems Incorporated 23.07.2010 1,61MB 1.6.65 NOTWENDIG
Adobe AIR Adobe Systems Incorporated 11.10.2011 3.0.0.4080 NOTWENDIG
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 15.09.2010 6,00MB 10.1.53.64 NOTWENDIG
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 12.10.2011 6,00MB 11.0.1.152 NOTWENDIG
Adobe Reader 9.4.6 MUI Adobe Systems Incorporated 13.09.2011 657MB 9.4.6 NOTWENDIG
Adobe Shockwave Player 11.5 Adobe Systems, Inc 23.07.2010 29,5MB 11.5.7.609 NOTWENDIG
Akamai NetSession Interface 25.10.2011 UNBEKANNT - vermutung World of Warcraft - UNNÖTIG
Atheros Driver Installation Program Atheros 15.09.2010 9.0 NOTWENDIG
ATI Catalyst Install Manager ATI Technologies, Inc. 15.09.2010 22,3MB 3.0.778.0 NOTWENDIG
BPM-Studio 4 Demo AlcaTech 04.03.2011 18,5MB 4.9.93 UNBEKANNT
CCleaner Piriform 31.10.2011 3.12 NOTWENDIG
Cisco EAP-FAST Module Cisco Systems, Inc. 15.09.2010 1,55MB 2.2.14 UNBEKANNT
Cisco LEAP Module Cisco Systems, Inc. 15.09.2010 0,63MB 1.0.19 UNBEKANNT
Cisco PEAP Module Cisco Systems, Inc. 15.09.2010 1,24MB 1.1.6 UNBEKANNT
Conduit Engine Conduit Ltd. 25.03.2011 UNBEKANNT
Curse Client Curse 04.07.2011 4.0.1.112 UNNÖTIG
CyberLink DVD Suite CyberLink Corp. 23.07.2010 37,6MB 7.0.3003 UNNÖTIG
DVD Menu Pack for HP MediaSmart Video Hewlett-Packard 15.09.2010 102,0MB 4.1.4121 UNNÖTIG
DVDVideoSoftTB Toolbar 12.02.2011 UNNÖTIG
eLicenser Control Steinberg Media Technologies GmbH 13.06.2011 UNBEKANNT
Flatcast Viewer Plugin 5.2.2.454 1 mal 1 Software GmbH 09.04.2011 UNBEKANNT
Free Audio CD Burner version 1.4.8 DVDVideoSoft Limited. 06.05.2011 10,8MB UNNÖTIG ???
Free YouTube to MP3 Converter version 3.10.11.923 DVDVideoSoft Ltd. 25.09.2011 42,4MB UNNÖTIG
HP 3D DriveGuard Hewlett-Packard Company 15.09.2010 3,18MB 4.0.5.1 UNNÖTIG ???
HP DVB-T TV Tuner 8.0.64.43 15.09.2010 8.0.64.43 UNNÖTIG ???
HP MediaSmart DVD Hewlett-Packard 15.09.2010 98,9MB 4.1.4229 UNNÖTIG ???
HP MediaSmart Movies and TV Hewlett-Packard 15.09.2010 1,32MB 1.0.0.10 UNNÖTIG ???
HP MediaSmart Music Hewlett-Packard 15.09.2010 73,1MB 4.1.4215 UNNÖTIG ???
HP MediaSmart Photo Hewlett-Packard 15.09.2010 262MB 4.1.4211 UNNÖTIG ???
HP MediaSmart SmartMenu Hewlett-Packard 15.09.2010 1,93MB 3.1.1.12 UNNÖTIG ???
HP MediaSmart Video Hewlett-Packard 15.09.2010 303MB 4.1.4214 UNNÖTIG ???
HP MediaSmart Webcam Hewlett-Packard 15.09.2010 178,8MB 4.1.3024 UNNÖTIG ???
HP Power Manager Hewlett-Packard Company 15.09.2010 2,00MB 1.0.3 UNNÖTIG ???
HP Quick Launch Hewlett-Packard Company 23.07.2010 3,72MB 2.1.5 UNNÖTIG ???
HP Setup Hewlett-Packard 23.07.2010 8.1.4186.3400 UNNÖTIG ???
HP Software Framework Hewlett-Packard Company 23.07.2010 2,34MB 4.0.39.1 UNNÖTIG ???
HP Support Assistant Hewlett-Packard Company 15.09.2011 77,8MB 6.0.5.4 UNNÖTIG ???
HP Wireless Assistant Hewlett-Packard 23.07.2010 5,60MB 4.0.9.0 UNNÖTIG ???
IDT Audio IDT 15.09.2010 1.0.6289.0 NOTWENDIG ???
Install(GE) AeriaGames 25.10.2011 1.0 UNBEKANNT
Intel(R) Management Engine Components Intel Corporation 16.09.2010 6.0.0.1179 NOTWENDIG
Intel(R) Rapid Storage Technology Intel Corporation 01.11.2011 9.6.2.1001 NOTWENDIG
Intel(R) Turbo Boost Technology Driver Intel Corporation 16.09.2010 01.00.01.1002 NOTWENDIG
Java(TM) 6 Update 20 (64-bit) Sun Microsystems, Inc. 23.07.2010 90,6MB 6.0.200 NOTWENDIG
Java(TM) 6 Update 29 Sun Microsystems, Inc. 23.07.2010 97,2MB 6.0.290 NOTWENDIG
LabelPrint CyberLink Corp. 23.07.2010 281MB 2.5.2907 UNNÖTIG
LightScribe System Software LightScribe 15.09.2010 24,6MB 1.18.16.1 UNBEKANNT
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 01.11.2011 13,8MB 1.51.2.1300 NOTWENDIG
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.01.2011 38,8MB 4.0.30319 UNNÖTIG ???
Microsoft Office 2010 Microsoft Corporation 23.07.2010 6,31MB 14.0.4763.1000 UNNÖTIG ???
Microsoft Silverlight Microsoft Corporation 23.07.2010 20,4MB 4.0.50401.0 UNNÖTIG ???
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 23.07.2010 1,72MB 3.1.0000 UNNÖTIG ???
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.07.2010 0,42MB 8.0.56336 UNNÖTIG ???
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15.09.2010 0,69MB 8.0.56336 UNNÖTIG ???
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 23.07.2010 0,77MB 9.0.30729 UNNÖTIG ???
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.09.2010 0,77MB 9.0.30729.4148 UNNÖTIG ???
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.07.2010 0,58MB 9.0.30729 UNNÖTIG ???
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.09.2010 0,58MB 9.0.30729.4148 UNNÖTIG ???
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.10.2011 11,1MB 10.0.40219 UNNÖTIG ???
Movie Theme Pack for HP MediaSmart Video Hewlett-Packard 15.09.2010 430MB 4.1.4030 UNNÖTIG
Mozilla Firefox 7.0.1 (x86 de) Mozilla 13.10.2011 34,6MB 7.0.1 NOTWENDIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 22.12.2010 1,28MB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 22.12.2010 1,33MB 4.20.9876.0 UNBEKANNT
Pando Media Booster Pando Networks Inc. 05.09.2011 5,47MB 2.3.6.0 NOTWENDIG ???
PhotoNow! CyberLink Corp. 15.09.2010 39,4MB 1.1.6904 UNNÖTIG
Power2Go CyberLink Corp. 23.07.2010 198,6MB 6.1.4204 UNNÖTIG
PowerDirector CyberLink Corp. 23.07.2010 829MB 8.0.3003 UNNÖTIG
Realtek Ethernet Controller Driver For Windows 7 Realtek 15.09.2010 7.17.304.2010 NOTWENDIG
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 15.09.2010 6.1.7600.30111 NOTWENDIG
Synaptics Pointing Device Driver Synaptics Incorporated 15.09.2010 46,4MB 15.0.17.4 NOTWENDIG
TeamSpeak 3 Client TeamSpeak Systems GmbH 22.12.2010 NOTWENDIG
Uninstall 1.0.0.1 06.05.2011 11,2MB UNNÖTIG ???
Unity Web Player Unity Technologies ApS 01.08.2011 12,0MB 2.6.1f3_31223 UNNÖTIG ???
Vuze Vuze Inc. 25.03.2011 4.6 UNBEKANNT
Vuze Remote Toolbar Vuze Remote 25.03.2011 6.2.7.3 UNBEKANNT
Windows Live Essentials Microsoft Corporation 22.07.2010 14.0.8117.0416 UNNÖTIG ???
Windows Live ID Sign-in Assistant Microsoft Corporation 15.09.2010 10,0MB 6.500.3165.0 UNNÖTIG ???
Windows Live Sync Microsoft Corporation 23.07.2010 2,79MB 14.0.8117.416 UNNÖTIG ???
Windows Live-Uploadtool Microsoft Corporation 23.07.2010 0,22MB 14.0.8014.1029 UNNÖTIG ???
WinRAR 22.12.2010 NOTWENDIG
World of Warcraft Blizzard Entertainment 29.06.2011 4.2.0.14333 NOTWENDIG
lg

Antwort

Themen zu CoinMiner in C:\windows\ufa\ufa.exe
antivir, autorun, avg, avira, avira searchfree toolbar, c:\windows\system32\rundll32.exe, coinminer, conduit, converter, explorer, firefox, format, helper, home, igdpmd64.sys, launch, logfile, löschen, opera, otl-log, pando media booster, programme, pup.bitminer, realtek, registry, rundll, schädling, software, studio, temp, version=1.0, webcheck, windows, winlogon.exe



Ähnliche Themen: CoinMiner in C:\windows\ufa\ufa.exe


  1. Windows 8.1: Runtime Errror c:\windows\syswow64\rundll32.exe und Update-Fehler bei Windows
    Log-Analyse und Auswertung - 24.11.2015 (14)
  2. TR/CoinMiner.J C:\Windows\temp\svhost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.06.2015 (12)
  3. TR/CoinMiner.J bei Windows 8.1 lässt sich nicht entfernen.
    Log-Analyse und Auswertung - 01.06.2015 (2)
  4. TR/Coinminer.J bei win 8.1 nicht zu entfernen
    Log-Analyse und Auswertung - 26.05.2015 (11)
  5. Windows 7: lsass.exe und TR/CoinMiner.1594368 / Trojan.Agent.Gen in temp/svhost.exe
    Plagegeister aller Art und deren Bekämpfung - 27.03.2015 (15)
  6. [TR/CoinMiner bzw. Trojan.Agent.Gen] svchost.exe und lsass.exe in Windows\Temp
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (17)
  7. Windows 8, Windows 7, Android, Windows Phone - Websiten werden auf adfoc.us umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (7)
  8. Windows 7: Windows-Sicherheitscenter und Windows Defender funktionieren nicht mehr, Services.exe verseucht?
    Log-Analyse und Auswertung - 07.01.2014 (8)
  9. Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da
    Log-Analyse und Auswertung - 11.09.2013 (32)
  10. Avast Antivirus, Windows Firewall & Defender nicht aktivierbar - u.A. CoinMiner Virus
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (3)
  11. Trojanermeldung "win32/coinminer"
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (47)
  12. Virus Win32/CoinMiner entfernt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (25)
  13. win32/CoinMiner Virus!
    Log-Analyse und Auswertung - 07.01.2012 (1)
  14. CoinMiner Virus
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (3)

Zum Thema CoinMiner in C:\windows\ufa\ufa.exe - Guten Tag. Ich habe mir leider einen Schädling über Facebook eingefangen. Der Schädling befindet sich in C:\windows\ufa\ufa.exe und wurde mit CoinMiner benannt. Habe die ufa.exe zwar versucht zu löschen aber - CoinMiner in C:\windows\ufa\ufa.exe...
Archiv
Du betrachtest: CoinMiner in C:\windows\ufa\ufa.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.