Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


Plagegeister aller Art und deren Bekämpfung: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 03.07.2012, 11:26   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\users\Bloodhound5\AppData\Roaming\Qaonp
c:\users\Bloodhound5\AppData\Roaming\Unekgy
c:\users\Bloodhound5\AppData\Roaming\Utop

File::
c:\windows\system32\drivers\3002e.sys

Driver::
3002e
69p20cfih3.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
"EnableUIADesktopToggle"=-

Firefox::
FF - ProfilePath - c:\users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube-Videosuche
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2012, 19:26   #17
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


Bitteschön:
Code:
ATTFilter
ComboFix 12-07-02.01 - Bloodhound5 03.07.2012  20:05:31.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3767.1925 [GMT 2:00]
ausgeführt von:: c:\users\Bloodhound5\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bloodhound5\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\3002e.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\auth.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\burnlib.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\dsp_sps.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_fhgaac.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_flac.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_lame.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_vorbis.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_wav.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\enc_wma.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_classicart.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_crasher.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_ff.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_find_on_disk.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_hotkeys.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_jumpex.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_ml.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_nopro.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_orgler.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_skinmanager.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_timerestore.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_tray.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\gen_undo.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_avi.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_cdda.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_dshow.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_flac.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_flv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_linein.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_midi.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mkv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mod.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mp3.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_mp4.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_nsv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_swf.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_vorbis.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wav.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wave.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wm.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\in_wv.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_addons.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_autotag.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_bookmarks.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_devices.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_disc.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_downloads.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_enqplay.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_history.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_impex.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_local.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_nowplaying.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_online.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_orb.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_playlists.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_plg.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_pmp.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_rg.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_transcode.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ml_wire.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\ombrowser.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\out_disk.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\out_ds.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\out_wave.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\playlist.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_activesync.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_android.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_ipod.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_njb.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_p4s.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_usb.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\pmp_wifi.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\tagz.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\vis_avs.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\vis_milk2.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\vis_nsfs.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\winamp.lng
c:\users\BLOODH~1\AppData\Local\Temp\WLZ471E.tmp\winampa.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\auth.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\burnlib.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\dsp_sps.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_fhgaac.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_flac.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_lame.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_vorbis.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_wav.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\enc_wma.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_classicart.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_crasher.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_ff.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_find_on_disk.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_hotkeys.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_jumpex.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_ml.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_nopro.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_orgler.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_skinmanager.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_timerestore.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_tray.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\gen_undo.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_avi.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_cdda.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_dshow.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_flac.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_flv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_linein.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_midi.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mkv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mod.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mp3.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_mp4.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_nsv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_swf.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_vorbis.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wav.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wave.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wm.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\in_wv.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_addons.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_autotag.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_bookmarks.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_devices.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_disc.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_downloads.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_enqplay.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_history.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_impex.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_local.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_nowplaying.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_online.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_orb.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_playlists.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_plg.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_pmp.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_rg.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_transcode.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ml_wire.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\ombrowser.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\out_disk.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\out_ds.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\out_wave.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\playlist.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_activesync.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_android.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_ipod.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_njb.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_p4s.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_usb.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\pmp_wifi.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\tagz.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\vis_avs.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\vis_milk2.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\vis_nsfs.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\winamp.lng
c:\users\Bloodhound5\AppData\Local\Temp\WLZ471E.tmp\winampa.lng
c:\users\Bloodhound5\AppData\Roaming\Qaonp
c:\users\Bloodhound5\AppData\Roaming\Unekgy
c:\users\Bloodhound5\AppData\Roaming\Unekgy\ucoxo.byi
c:\users\Bloodhound5\AppData\Roaming\Utop
c:\users\Bloodhound5\AppData\Roaming\Utop\ipiz.odq
c:\windows\TEMP\jna4379024768154559662.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_3002e
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-06-28 09:11 . 2012-06-28 09:11	--------	d-----w-	C:\_OTL
2012-06-23 22:59 . 2012-06-23 22:59	--------	d-----w-	c:\users\Bloodhound5\AppData\Local\Macromedia
2012-06-21 07:39 . 2012-06-21 07:39	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 07:39 . 2012-06-21 07:39	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 07:59 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 07:59 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 07:59 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 07:59 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 07:59 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 07:59 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 07:59 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 07:59 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 07:59 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 22:19 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 16:48 . 2012-06-13 16:48	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-06-12 15:14 . 2012-06-12 15:38	--------	d-----w-	C:\mukke tob geb
2012-06-05 11:03 . 2012-06-05 11:07	--------	d-----w-	c:\users\Bloodhound5\AppData\Local\Microsoft Games
2012-06-05 11:03 . 2012-06-05 11:03	--------	d-----w-	c:\program files\Microsoft Games
2012-06-05 01:00 . 2012-06-05 01:00	--------	d-----w-	c:\windows\SysWow64\Wat
2012-06-05 01:00 . 2012-06-05 01:00	--------	d-----w-	c:\windows\system32\Wat
2012-06-03 21:33 . 2012-06-03 21:33	--------	d-----w-	c:\program files (x86)\Spirent Communications
2012-06-03 21:32 . 2012-06-03 21:33	--------	d-----w-	c:\program files (x86)\HTC
2012-06-03 21:32 . 2012-06-03 21:32	--------	d-----w-	c:\program files (x86)\MSXML 4.0
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 21:28 . 2012-04-04 20:19	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 21:28 . 2011-12-26 12:51	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 02:50 . 2012-04-19 02:50	28480	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-02_16.28.51   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-07-02 16:30	35544              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-28 02:11 . 2012-07-02 16:27	7512              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-28 02:11 . 2012-07-03 18:10	7512              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-12-26 09:18 . 2012-07-01 22:31	7984              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069408673-4186737391-3019578021-1000_UserData.bin
+ 2011-12-26 09:18 . 2012-07-02 16:30	7984              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069408673-4186737391-3019578021-1000_UserData.bin
+ 2012-07-03 18:11 . 2012-07-03 18:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 16:28 . 2012-07-02 16:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 16:28 . 2012-07-02 16:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-03 18:11 . 2012-07-03 18:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-03 18:11 . 2012-07-03 18:11	196608              c:\windows\Temp\jna3571595913067016161.dll
+ 2011-12-26 16:26 . 2012-07-03 16:37	399208              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-07-02 15:37	616242              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-03 18:15	616242              c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-07-03 18:15	654400              c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-07-02 15:37	654400              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-07-03 18:15	106622              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-02 15:37	106622              c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-07-03 18:15	130240              c:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-07-02 15:37	130240              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-07-02 16:27	439932              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-03 18:10	439932              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-03 16:42 . 2012-07-03 16:42	8451584              c:\windows\Installer\533cc89.msi
+ 2011-12-26 09:50 . 2012-07-03 18:10	43182064              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069408673-4186737391-3019578021-1000-12288.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-01-06 147456]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19549320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
.
c:\users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-13 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-14 9319424]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-13 303616]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-01-06 116096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 10:38	153232	---ha-w-	c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:28]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-23 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-23 2040352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF18141.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-03  20:21:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-03 18:21
ComboFix2.txt  2012-07-02 16:31
.
Vor Suchlauf: 17 Verzeichnis(se), 39.464.570.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 39.249.907.712 Bytes frei
.
- - End Of File - - 68106D272BFCAC2AF1E281C314F55633
__________________
Alt 04.07.2012, 16:19   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
__________________
Alt 10.07.2012, 00:37   #19
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


Hallo cosinus,

sorry fürs späte Antworten, war unterwegs.

Hier die Logs:

gmer.log
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-09 03:39:11
Windows 6.1.7601 Service Pack 1 
Running: 3p19qney.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x2D 0x65 0x06 0x9A ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xE0 0x8D 0x1B 0x8D ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xDC 0x7A 0xAD 0x31 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x2D 0x65 0x06 0x9A ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xE0 0x8D 0x1B 0x8D ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xDC 0x7A 0xAD 0x31 ...

---- EOF - GMER 1.0.15 ----
osam
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:10:57 on 09.07.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job" - "Google Inc." - C:\Users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job" - "Google Inc." - C:\Users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit Driver" (Avgrkx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx64.sys
"AVG AVI Loader Driver" (Avgldx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx64.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx64) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx64.sys
"AVG TDI Driver" (Avgtdia) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdia.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsdrivera.sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsfiltera.sys
"AVGIDSHA" (AVGIDSHA) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsha.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f "StubPath" - "Expert System S.p.A." - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? -   (File not found | COM-object registry key not found)
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgse.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.2.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
{CC962137-2E78-4F94-975E-FC0C07DBD78F} "IE Developer Toolbar" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
{CC7E636D-39AA-49b6-B511-65413DA137A1} "IE Developer Toolbar BHO" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - ? - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE  (Shortcut exists | File not found)
"desktop.ini" - ? - C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"CrashPlan Tray.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk  (Shortcut exists | File not found)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\Bloodhound5\AppData\Local\Apps\2.0\E13RC1TE.5Q0\JBRZPWXO.93D\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
"masce" - "DT Soft Ltd" - rundll32.exe "C:\Users\Bloodhound5\AppData\Roaming\masce.dll",HrEditPhonebookEntry  (File is exclusively opened, access blocked)
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
"CrashPlan Backup Service" (CrashPlanService) - "CrashPlan" - C:\Program Files\CrashPlan\CrashPlanService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
"KMService" (KMService) - ? - C:\Windows\system32\srvany.exe  (File not found)
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 21:15:47
-----------------------------
21:15:47.912    OS Version: Windows x64 6.1.7601 Service Pack 1
21:15:47.912    Number of processors: 4 586 0x2505
21:15:47.912    ComputerName: ALIENBABY-X  UserName: Bloodhound5
21:15:48.192    Initialize success
21:15:51.515    AVAST engine defs: 12070900
21:15:56.601    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:15:56.601    Disk 0 Vendor: INTEL_SSDSA2M160G2GC 2CV102M3 Size: 152627MB BusType: 11
21:15:56.601    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
21:15:56.601    Disk 1 Vendor: FUJITSU_MHY2200BH 0000000B Size: 190782MB BusType: 11
21:15:56.617    Disk 0 MBR read successfully
21:15:56.617    Disk 0 MBR scan
21:15:56.617    Disk 0 Windows 7 default MBR code
21:15:56.632    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
21:15:56.632    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 29362176
21:15:56.648    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       138189 MB offset 29566976
21:15:56.648    Disk 0 scanning C:\Windows\system32\drivers
21:16:01.359    Service scanning
21:16:12.123    Modules scanning
21:16:12.123    Disk 0 trace - called modules:
21:16:12.139    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:16:12.154    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043e1060]
21:16:12.154    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004194060]
21:16:12.154    Scan finished successfully
21:28:00.174    Disk 0 MBR has been saved successfully to "C:\Users\Bloodhound5\Desktop\MBR.dat"
21:28:00.189    The log file has been saved successfully to "C:\Users\Bloodhound5\Desktop\aswMBR.txt"
Seit neuestem kommt eine Fehlermeldung, wenn ich AVG temporär deaktivieren will (Beim speichern der Konfiguration ist ein Fehler aufgetreten. Die angegebene Datei konnte nicht gefunden werden) - alles etwas seltsam :/

Danke für deine Hilfe!

Alt 10.07.2012, 12:33   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 2 1 2

Themen zu Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.
adobe, bho, browser, combofix, document, explorer, fehlermeldung, firefox, firefox 13.0.1, flash player, format, google, google earth, helper, hängen, igdpmd64.sys, index, internet, logfile, mozilla, plug-in, programme, realtek, registry, scan, searchscopes, security, seiten, senden, software, spam, version=1.0, windows


« Lösung BKA Virus: GEMA, SUISA, GVU per paypal zahlen - Erpressung | GVU-Trojaner v2.04 - MBAM zeigt keinen Befund »


Ähnliche Themen: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


  1. Win7, Seiten ploppen auf, Weiterleitungen und nervige Werbung in allen Browsern
    Log-Analyse und Auswertung - 13.11.2014 (12)
  2. Ständige Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (10)
  3. Pop-Up Fenster in allen Browsern - Win 7
    Log-Analyse und Auswertung - 23.06.2014 (5)
  4. Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (12)
  5. Blaue Werbung in allen Browsern!
    Log-Analyse und Auswertung - 14.10.2013 (4)
  6. Instant Savings in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (17)
  7. Fenster links unten in allen Browsern mit lästiger Werbung, teilweise falsche link weiterleitung, UpdatusUser in C:\Dokumente und Einstellu
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (18)
  8. Werbung in allen Browsern
    Log-Analyse und Auswertung - 06.12.2012 (22)
  9. Ad Aware, Incredibar - mysearch auf allen 3 Browsern
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (45)
  10. Ad.Yieldmanager.Com - Werbefenster und Weiterleitungen in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (13)
  11. ichanti.ru als Startseite in allen Browsern
    Log-Analyse und Auswertung - 25.03.2012 (4)
  12. startsear.ch als Browserstartseite bei allen Browsern
    Log-Analyse und Auswertung - 23.01.2012 (11)
  13. Seitenladefehler bei Youtube mit allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 21.10.2011 (16)
  14. Seitenladefehler bei Youtube mit allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 03.10.2011 (52)
  15. Unerwünschte Popups in allen Browsern
    Mülltonne - 06.01.2009 (0)
  16. immer werbung bei allen browsern
    Log-Analyse und Auswertung - 19.10.2008 (48)
  17. Probleme mit allen Browsern
    Log-Analyse und Auswertung - 01.10.2006 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code: Alles - Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen....
Archiv
Du betrachtest: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58