Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: JS:Iframe-KQ [Trj]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.07.2012, 01:54   #1
nirvfreak
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



Hallo habe mir laut Avast, einen Trojaner namens JS:Iframe-KQ [Trj] eingefangen.
Dateipfad ist
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\1\41

und

C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\C\93

Hab die Datein bei virustotal.com scannen lassen, dort haben (nur) 4 weitere Scanner einen Virus gefunden und zwar Sophos,Ikarus,Emsisoft und GDATA.

Nun ist meine Frage wie "bedrohlich" dieser Virus ist, was er macht und wie ich ihn losbekomme

Hab auch mal HijackThis drüber laufen lassen, ich habe auf den ersten Blick nichts auffäliges gesehen bin aber sicher auch kein Experte.

Bei mir laüft auch Spybot SD, der hat aber auch nichts gefunden.

So hier mal der HT log und schon mal ein Danke im Vorraus

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:51:45, on 08.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
F:\Downloads\HiJackThis204.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

Alt 10.07.2012, 23:06   #2
markusg
/// Malware-holic
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



hjt logs wollen wir keine sehen, ist auch oben so angepinnt.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 11.07.2012, 12:13   #3
nirvfreak
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



Danke für die Antwort.
Das HT nicht mehr gefragt ist habe ich dann auch gesehen, nur leider konnte ich dann meinen Eintrag nicht mehr editieren und da in der Anleitung steht man solle sein Beitrag nicht pushen habe ich erstmal gewartet. Sorry ;-)

So hier ein aktueller OTL Scan, allerdings hat er mir keine Extra.txt erstellt.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 11.07.2012 11:32:01 - Run 5
OTL by OldTimer - Version 3.2.53.1     Folder = F:\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,59% Memory free
3,98 Gb Paging File | 2,65 Gb Available in Paging File | 66,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 26,46 Gb Total Space | 0,56 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive F: | 122,59 Gb Total Space | 32,50 Gb Free Space | 26,51% Space Free | Partition Type: NTFS
Drive G: | 488,23 Mb Total Space | 152,44 Mb Free Space | 31,22% Space Free | Partition Type: FAT
 
Computer Name: BOOOOM | User Name: SeS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.08 12:54:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.04.10 12:17:02 | 000,024,336 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SandboxieRpcSs.exe
PRC - [2012.04.10 12:17:02 | 000,018,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SandboxieDcomLaunch.exe
PRC - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.02.01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.22 20:36:00 | 000,621,320 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 10:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 12:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 12:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.04.12 18:37:19 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.04.12 18:37:19 | 000,166,400 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.07.04 12:02:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.23 08:03:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.09.13 11:10:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.04 11:57:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.04.10 12:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.11.04 21:33:18 | 000,296,592 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.04.29 06:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2008.09.25 09:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF D6 A4 D5 44 1A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {1de0de3c-0b5c-4f67-90c6-689623894991}:0.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.1
FF - prefs.js..extensions.enabledItems: csscoverage@spaghetticoder.org:0.2.4
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:4.0.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:3.5.9.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110508
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.09 20:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.05 09:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.28 01:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.10 21:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.09 20:25:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:02:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.28 01:16:28 | 000,000,000 | ---D | M]
 
[2010.09.04 14:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Extensions
[2010.09.04 14:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.09 10:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions
[2012.01.05 16:27:37 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.04.04 23:37:09 | 000,000,000 | ---D | M] ("Tab Preview") -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
[2011.06.03 08:44:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.24 16:01:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.22 14:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.05 09:41:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.03.09 16:19:34 | 000,009,650 | ---- | M] () (No name found) -- C:\USERS\SES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDNYQYFL.DEFAULT\EXTENSIONS\CSSCOVERAGE@SPAGHETTICODER.ORG.XPI
[2012.05.24 16:01:14 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\SES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDNYQYFL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.07.04 12:02:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.03.12 11:16:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 11:16:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.12 11:16:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 11:16:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 11:16:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 11:16:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\SeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F3494F8-0105-4984-ADC8-352E1E0ED309}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7268085-4667-4E4A-A163-973C5B533D2E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {01FF51E9-C771-4CD3-AD62-C9FB5AEF55A5} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2538218)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23036C23-ECDE-47F5-A908-BEC94EE0456F} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2251481)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3ADBA5AF-E4B1-45B1-AF09-C49CFC4EA898} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2465367)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} - Microsoft Visual C++ 2005 Express Edition - DEU Service Pack 1 (KB926748)
ActiveX: {AEA17EF2-EF36-485F-8105-3465692A8C7B} - Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB932234)
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB971090)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.08 12:54:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- F:\Desktop\OTL.exe
[2012.06.27 13:12:19 | 000,000,000 | ---D | C] -- F:\Desktop\*** Trikot
[2012.06.26 17:03:32 | 000,000,000 | ---D | C] -- C:\Users\SeS\AppData\Local\Macromedia
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.11 11:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.11 11:12:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 00:41:43 | 000,022,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 00:41:43 | 000,022,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 13:39:33 | 000,000,000 | ---- | M] () -- C:\Users\SeS\defogger_reenable
[2012.07.08 12:56:30 | 000,302,592 | ---- | M] () -- F:\Desktop\hrid37ww.exe
[2012.07.08 12:54:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe
[2012.07.05 09:41:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.07.04 23:03:59 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.04 23:03:59 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 23:03:59 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.04 23:03:59 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.04 18:10:55 | 000,209,439 | ---- | M] () -- F:\Desktop\grundprinzipien-20091028.pdf
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.06.27 19:16:01 | 000,562,144 | ---- | M] () -- F:\Eigene Dokumente\Einladung.pdf
[2012.06.27 19:07:52 | 000,181,479 | ---- | M] () -- F:\Eigene Dokumente\Einladung.psd
[2012.06.27 19:07:20 | 000,205,444 | ---- | M] () -- F:\Eigene Dokumente\Einladung.jpg
[2012.06.27 18:44:48 | 000,201,064 | ---- | M] () -- F:\Eigene Dokumente\Einladung1.jpg
[2012.06.14 03:38:34 | 001,654,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.08 13:39:33 | 000,000,000 | ---- | C] () -- C:\Users\SeS\defogger_reenable
[2012.07.08 12:56:29 | 000,302,592 | ---- | C] () -- F:\Desktop\hrid37ww.exe
[2012.07.04 18:10:55 | 000,209,439 | ---- | C] () -- F:\Desktop\grundprinzipien-20091028.pdf
[2012.06.27 18:44:45 | 000,201,064 | ---- | C] () -- F:\Eigene Dokumente\Einladung1.jpg
[2012.06.27 18:36:48 | 000,205,444 | ---- | C] () -- F:\Eigene Dokumente\Einladung.jpg
[2012.06.27 18:27:00 | 000,562,144 | ---- | C] () -- F:\Eigene Dokumente\Einladung.pdf
[2012.06.27 18:23:37 | 000,181,479 | ---- | C] () -- F:\Eigene Dokumente\Einladung.psd
[2012.05.14 11:13:19 | 000,002,086 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.04.12 21:49:34 | 000,007,601 | ---- | C] () -- C:\Users\SeS\AppData\Local\Resmon.ResmonCfg
[2012.01.13 14:59:58 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{D3A54969-E7EB-4D76-A5D0-5168CAA3A995}
[2011.12.08 05:03:35 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{EAC6D661-0EED-4FEC-813E-238AC50ACDB1}
[2011.10.16 01:08:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.08.31 22:43:22 | 000,039,586 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.07.06 18:07:18 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2011.06.30 01:16:55 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{18D59C89-51F3-48CC-AC65-C8F6B064C312}
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.16 23:59:21 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2010.11.15 14:27:30 | 000,000,218 | ---- | C] () -- C:\Users\SeS\.recently-used.xbel
[2010.09.23 19:44:30 | 000,003,584 | ---- | C] () -- C:\Users\SeS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.23 14:57:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.15 17:17:00 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.06.15 13:46:46 | 000,017,408 | ---- | C] () -- C:\Users\SeS\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2010.04.14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\CadSoft
[2010.09.16 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Canneverbe Limited
[2011.09.08 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\DVDVideoSoft
[2011.06.03 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.08 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\GetRightToGo
[2010.11.15 14:26:49 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\gtk-2.0
[2011.10.08 20:13:29 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\KeePass
[2010.06.28 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Notepad++
[2010.04.12 18:38:56 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\OpenOffice.org
[2011.02.17 03:14:47 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\picajet.com
[2010.04.19 02:41:57 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Subversion
[2010.09.04 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Thunderbird
[2012.01.10 20:22:14 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Wuala
[2012.04.11 15:07:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.03.13 13:58:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.30 20:43:30 | 000,000,000 | ---D | M] -- C:\BlueJ
[2012.07.07 13:47:08 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.05.02 20:22:34 | 000,000,000 | ---D | M] -- C:\cygwin
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.03.13 13:58:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.03.14 18:43:38 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.20 21:43:33 | 000,000,000 | ---D | M] -- C:\Medion
[2010.04.14 12:55:04 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.05.14 11:12:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.04 16:47:38 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.03.13 13:58:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.13 13:58:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.05.14 11:18:57 | 000,000,000 | R--D | M] -- C:\Sandbox
[2012.07.11 11:35:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.26 01:56:23 | 000,000,000 | ---D | M] -- C:\Temp
[2010.09.23 14:58:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.05 09:41:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.11.15 14:27:30 | 000,000,218 | ---- | M] () -- C:\Users\SeS\.recently-used.xbel
[2012.07.08 13:39:33 | 000,000,000 | ---- | M] () -- C:\Users\SeS\defogger_reenable
[2012.07.11 11:35:47 | 004,456,448 | -HS- | M] () -- C:\Users\SeS\ntuser.dat
[2012.07.11 11:35:47 | 000,262,144 | -HS- | M] () -- C:\Users\SeS\ntuser.dat.LOG1
[2010.03.13 13:58:34 | 000,000,000 | -HS- | M] () -- C:\Users\SeS\ntuser.dat.LOG2
[2010.03.14 19:32:01 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TM.blf
[2010.03.14 19:32:01 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TMContainer00000000000000000001.regtrans-ms
[2010.03.14 19:32:01 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TMContainer00000000000000000002.regtrans-ms
[2010.03.13 14:28:53 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.03.13 14:28:53 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.03.13 14:28:53 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.03.09 15:39:51 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TM.blf
[2012.03.09 15:39:51 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TMContainer00000000000000000001.regtrans-ms
[2012.03.09 15:39:51 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TMContainer00000000000000000002.regtrans-ms
[2010.03.13 13:58:34 | 000,000,020 | -HS- | M] () -- C:\Users\SeS\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7311BB85

< End of report >
         
Gmer.log
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-08 17:19:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: hrid37ww.exe; Driver: C:\Users\SeS\AppData\Local\Temp\ugldqpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwAddBootEntry [0x89298536]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwAllocateVirtualMemory [0x8EC997BA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwAssignProcessToJobObject [0x89298F52]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateEvent [0x892A3D7A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateEventPair [0x892A3DC6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateIoCompletion [0x892A3F48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateMutant [0x892A3CE8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwCreateSection [0x8EC99BAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateSemaphore [0x892A3D30]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateThread [0x89299146]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateThreadEx [0x892992CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwCreateTimer [0x892A3F02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwDebugActiveProcess [0x892998CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwDeleteBootEntry [0x89298584]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwFreeVirtualMemory [0x8EC9989E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwLoadDriver [0x892981EC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwModifyBootEntry [0x892985D2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwNotifyChangeKey [0x8929D2A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwNotifyChangeMultipleKeys [0x8929A292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenEvent [0x892A3DA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenEventPair [0x892A3DE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenIoCompletion [0x892A3F6C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenMutant [0x892A3D0E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenSection [0x892A3E8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenSemaphore [0x892A3D58]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwOpenTimer [0x892A3F26]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwProtectVirtualMemory [0x8EC99A1E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwQueryObject [0x8929A15E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwQueueApcThreadEx [0x89299E9A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetBootEntryOrder [0x89298620]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetBootOptions [0x8929866E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetContextThread [0x8929974A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetSystemInformation [0x89298276]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSetSystemPowerState [0x89298426]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwShutdownSystem [0x892983CC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSuspendProcess [0x89299A2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSuspendThread [0x89299B88]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwSystemDebugControl [0x89298496]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwTerminateProcess [0x8EC99AE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwTerminateThread [0x892995CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)               ZwVdmControl [0x892986BC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwWriteVirtualMemory [0x8EC99954]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ZwCreateProcessEx [0x8ECB1744]
Code            99B50BFC                                                                                            ZwTraceEvent
Code            99B50BFB                                                                                            NtTraceEvent
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)               ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                            82E503C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                              82E89D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                 82E90D80 4 Bytes  [36, 85, 29, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                 82E90DA8 4 Bytes  [BA, 97, C9, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                 82E90E08 4 Bytes  [52, 8F, 29, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                 82E90E5C 8 Bytes  [7A, 3D, 2A, 89, C6, 3D, 2A, ...] {JP 0x3f; SUB CL, [ECX-0x76d5c23a]}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                 82E90E68 4 Bytes  [48, 3F, 2A, 89]
.text           ...                                                                                                 
.text           ntkrnlpa.exe!NtTraceEvent                                                                           82ED963A 5 Bytes  JMP 99B50C00 
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                  8301DC64 5 Bytes  JMP 8ECAE61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                    83036290 5 Bytes  JMP 8ECB0116 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                         8304B3D7 4 Bytes  CALL 8929A959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                             83050A45 5 Bytes  JMP 99B50D40 
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                          830650C0 5 Bytes  JMP 99B50DE0 
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                        830651E0 4 Bytes  CALL 8929A96F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!NtRequestPort + 2                                                                      83093687 5 Bytes  JMP 99B50CA0 
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                      830EF11A 7 Bytes  JMP 8ECB1748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[344] kernel32.dll!GetBinaryTypeW + 70                                       762D69F4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[452] kernel32.dll!GetBinaryTypeW + 70                                 762D69F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70                               762D69F4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70                                 762D69F4 1 Byte  [62]
.text           C:\Windows\system32\services.exe[552] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text           ...                                                                                                 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1416] kernel32.dll!SetUnhandledExceptionFilter  762BF4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1416] kernel32.dll!GetBinaryTypeW + 70          762D69F4 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[1516] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1648] kernel32.dll!GetBinaryTypeW + 70                   762D69F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text           ...                                                                                                 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                              aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000050                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
__________________

Alt 11.07.2012, 22:30   #4
markusg
/// Malware-holic
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.07.2012, 14:54   #5
nirvfreak
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



So hier mein Logfile von combofix.

Code:
ATTFilter
ComboFix 12-07-13.03 - SeS 14.07.2012  13:54:40.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2038.1104 [GMT 2:00]
ausgeführt von:: f:\desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\app
c:\programdata\app\Textaizer Pro\Projects\Default.mpr
c:\programdata\app\Textaizer Pro\Projects\Lene.mpr
c:\programdata\app\Textaizer Pro\Sources\Balloons.png
c:\programdata\app\Textaizer Pro\Sources\Beatles.txt
c:\programdata\app\Textaizer Pro\Sources\CiegaSordomuda.txt
c:\programdata\app\Textaizer Pro\Sources\Congrats.txt
c:\programdata\app\Textaizer Pro\Sources\Greetings.txt
c:\programdata\app\Textaizer Pro\Sources\Heer Bommel.jpg
c:\programdata\app\Textaizer Pro\Sources\Lene Marlin.jpg
c:\programdata\app\Textaizer Pro\Sources\Shakespeare.txt
c:\programdata\app\Textaizer Pro\Sources\Shakira.jpg
c:\programdata\app\Textaizer Pro\Sources\Stones.txt
c:\programdata\app\Textaizer Pro\Sources\Tin Tin.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Burlap.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Canvas.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Concrete.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Cork.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Gaze.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Jeans.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Lightwood.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Sandstone.jpg
c:\programdata\gema
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Magic Speed.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Reach-a-Mail.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Smart PC.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Hilfe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery entfernen.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery im Internet.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery.lnk
c:\programdata\xml3A21.tmp
c:\programdata\xml541F.tmp
c:\programdata\xml5604.tmp
c:\programdata\xml56B0.tmp
c:\programdata\xmlADFE.tmp
c:\programdata\xmlB493.tmp
c:\programdata\xmlB494.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-14 bis 2012-07-14  ))))))))))))))))))))))))))))))
.
.
2012-07-14 12:06 . 2012-07-14 12:06	--------	d-----w-	c:\users\Mcx1-BOOOOM\AppData\Local\temp
2012-07-14 12:06 . 2012-07-14 12:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-13 07:19 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6907A30A-D1EA-47F7-9561-FB1E3812474E}\mpengine.dll
2012-07-11 20:22 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 19:01 . 2012-06-02 04:45	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 19:01 . 2012-06-02 04:40	369336	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-11 19:01 . 2012-06-02 04:39	219136	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-11 19:01 . 2012-06-02 04:40	225280	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 19:01 . 2012-06-02 04:45	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:01 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 19:01 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 19:01 . 2010-06-26 03:24	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-11 19:00 . 2012-06-06 05:05	1019904	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:00 . 2012-06-06 05:03	805376	----a-w-	c:\windows\system32\cdosys.dll
2012-07-11 19:00 . 2012-06-06 05:05	352256	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 19:00 . 2012-06-06 05:05	57344	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 19:00 . 2012-06-06 05:05	212992	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 19:00 . 2012-06-06 05:05	143360	----a-w-	c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 19:00 . 2012-06-06 05:05	372736	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-04 10:02 . 2012-07-04 10:02	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-04 10:02 . 2012-07-04 10:02	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-26 15:03 . 2012-06-26 15:03	--------	d-----w-	c:\users\SeS\AppData\Local\Macromedia
2012-06-23 06:14 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-23 06:14 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-23 06:14 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-23 06:14 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-23 06:14 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-23 06:14 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-23 06:14 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-23 06:14 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-23 06:14 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:36 . 2012-04-11 13:09	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:36 . 2011-05-31 11:19	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2010-03-14 17:39	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-04-03 14:50	44784	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-04-15 23:48	721000	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-03-14 17:39	353688	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-03-14 17:39	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-03-14 17:39	57656	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-07-01 07:13	41224	----a-w-	c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-03-14 17:38	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-05-01 04:44 . 2012-06-13 05:39	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 05:39	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 05:39	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 05:39	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 05:39	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 05:39	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 05:39	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 05:39	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-07-04 10:02 . 2011-05-23 20:29	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07	559104	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07	559104	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07	559104	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07	559104	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{F355C53D-68AA-437A-9E32-E7EBE595795B}"
[HKEY_CLASSES_ROOT\CLSID\{F355C53D-68AA-437A-9E32-E7EBE595795B}]
2011-11-04 19:33	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-11-04 19:33	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 452880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\SeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:36]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\SeS\AppData\Roaming\Mozilla\Firefox\Profiles\udnyqyfl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14  14:09:10
ComboFix-quarantined-files.txt  2012-07-14 12:09
.
Vor Suchlauf: 928.653.312 Bytes frei
Nach Suchlauf: 731.164.672 Bytes frei
.
- - End Of File - - 1EB3D5328BBF6AAA93BAA34347CCF9BA
         


Alt 15.07.2012, 19:52   #6
markusg
/// Malware-holic
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> JS:Iframe-KQ [Trj]

Alt 17.07.2012, 00:16   #7
nirvfreak
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



So nun der Malewarebytes Log.
Das einzige das er als Virus gefunden hat war der Decrypthelper, den ich mir hier mal für nen Kollegen gesaugt habe

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
SeS :: BOOOOM [Administrator]

16.07.2012 14:37:19
mbam-log-2012-07-16 (14-37-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 497764
Laufzeit: 2 Stunde(n), 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
F:\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 17.07.2012, 18:53   #8
markusg
/// Malware-holic
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



ein fehlalarm.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.07.2012, 21:30   #9
nirvfreak
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



Code:
ATTFilter
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen	Adobe Systems Incorporated	04.04.2010	1,14GB	1.0  -->notwendig
Adobe Digital Editions		12.04.2010		-->notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.07.2012	6,00MB	11.3.300.265 -->notwendig
Adobe Flash Player 9 ActiveX	Adobe Systems, Inc.	04.04.2010	2,65MB	9.0.45.0	-->notwendig
Adobe Reader 9.5.1 - Deutsch	Adobe Systems Incorporated	28.04.2012	118MB	9.5.1	-->notwendig
AppInventor Setup	Google Inc.	04.11.2011		1.1		-->notwendig
AuthenTec TrueSuite	AuthenTec, Inc.	05.04.2010	6,54MB	2.0.0.57		-->unbekannt
avast! Free Antivirus	AVAST Software	05.07.2012		7.0.1456.0		-->notwendig
BlueJ 2.5.3	Deakin University	30.05.2010			-->notwendig
Boost C++ Libraries 1.44		22.10.2010			-->notwendig
CCleaner	Piriform	22.06.2012		3.20		-->notwendig
DartPro 2.9.0.0	RuSyS	26.08.2011					--unnötig
Dia (nur entfernen)		14.04.2010					-->notwendig
Diablo II		31.08.2011							-->notwendig
DivX-Setup	DivX, Inc. 	22.11.2010		2.1.2.2		-->notwendig
DVD Flick 1.3.0.7	Dennis Meuwissen	11.10.2010		1.3.0.7		-->unbekannt
EAGLE 5.8.0	CadSoft Computer GmbH	14.04.2010		5.8.0		-->notwendig
Free YouTube to MP3 Converter version 3.10.8.815	DVDVideoSoft Ltd.	08.09.2011	45,3MB		-->notwendig	
Ghost Recon		21.05.2010				-->notwendig
GNUARM 4.1.1	GNU	02.05.2010		4.1.1		-->notwendig
HP Customer Participation Program 13.0	HP	09.07.2010		13.0		-->notwendig
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3	HP	09.07.2010		13.0		-->notwendig
HP Imaging Device Functions 13.0	HP	09.07.2010		13.0		-->notwendig
HP Photosmart Essential 3.5	HP	09.07.2010		3.5		-->notwendig		
HP Smart Web Printing 4.51	HP	09.07.2010		4.51	-->notwendig
HP Solution Center 13.0	HP	09.07.2010		13.0		-->notwendig
HP Update	Hewlett-Packard	09.03.2012	3,98MB	5.003.001.001		-->notwendig
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	14.08.2010	54,2MB	8.15.10.1930		-->notwendig
Internet-TV für Windows Media Center	Microsoft Corporation	27.09.2010	13,6MB	4.2.2.0				-->unbekannt
Java DB 10.5.3.0	Sun Microsystems, Inc	28.03.2010	28,4MB	10.5.3.0		-->notwendig
Java(TM) 6 Update 29	Sun Microsystems, Inc.	28.03.2010	97,1MB	6.0.290		-->notwendig
Java(TM) SE Development Kit 6 Update 18	Sun Microsystems, Inc.	28.03.2010	150MB	1.6.0.180		-->notwendig
KeePass Password Safe 2.16	Dominik Reichl	11.08.2011	5,35MB			-->notwendig
Launch Manager V1.4.8	Wistron Corp.	14.03.2010		1.4.8		-->notwendig
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	16.07.2012	18,7MB	1.62.0.1300		-->notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.06.2010	38,8MB	4.0.30319		-->notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.06.2010	2,93MB	4.0.30319		-->notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	22.10.2010	51,9MB	4.0.30319		-->notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	22.10.2010	10,6MB	4.0.30319  -->notwendig
Microsoft .NET Framework 4 Multi-Targeting Pack	Microsoft Corporation	22.10.2010	83,4MB	4.0.30319  -->notwendig
Microsoft Help Viewer 1.0	Microsoft Corporation	22.10.2010	3,97MB	1.0.30319  -->unbekannt
Microsoft Help Viewer 1.0 Language Pack - DEU	Microsoft Corporation	22.10.2010	1,95MB	1.0.30319  -->unbekannt
Microsoft Office Visio Professional 2007	Microsoft Corporation	08.02.2012		12.0.6612.1000		-->notwendig
Microsoft Silverlight	Microsoft Corporation	12.05.2012	60,4MB	4.1.10329.0		-->notwendig
Microsoft Small Basic v0.95	Microsoft Corporation	29.05.2011	7,35MB	0.9.5.0		-->notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	27.09.2010	1,72MB	3.1.0000		-->notwendig
Microsoft SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	22.10.2010	3,69MB	3.5.8080.0		-->notwendig
Microsoft Visual C++ 2005 Express Edition - DEU	Microsoft Corporation	22.10.2010			-->notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	300KB	8.0.61001		-->notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	19.04.2011	598KB	9.0.30729.5570	-->notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.03.2010	596KB	9.0.30729.4148		-->notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974	Microsoft Corporation	22.10.2010	599KB	9.0.30729.4974		-->notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161		-->notwendig
Microsoft Visual C++ 2010 Express - DEU	Microsoft Corporation	22.10.2010		10.0.30319		-->notwendig
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	04.07.2012	36,8MB	13.0.1		-->notwendig
Mozilla Maintenance Service	Mozilla	04.07.2012	309KB	13.0.1  -->unbekannt
Mozilla Thunderbird (3.1.11)	Mozilla	10.07.2011		3.1.11 (de)		-->notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	10.07.2010	1,27MB	4.20.9870.0  -->unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	12.07.2010	1,33MB	4.20.9876.0  -->unbekannt
NetBeans IDE 6.8	NetBeans.org	28.03.2010		6.8		-->notwendig
Notepad App	Sun Microsystems, Inc.	04.11.2011				-->unbekannt
Notepad++		28.06.2010		5.6.8				-->notwendig
OpenOffice.org 3.2	OpenOffice.org	12.04.2010	355MB	3.2.9483		-->notwendig
PC Inspector smart recovery		16.02.2011		4.50		-->unbekannt
PDF-Viewer	Tracker Software Products Ltd	29.04.2010	30,4MB	2.0.50.0  -->unbekannt  
PDFCreator	Frank Heindörfer, Philip Chinery	31.05.2010		1.0.0		-->notwendig
PicaJet Photo Recovery 1.0.1 Beta	PicaJet.Com	17.02.2011		1.0.1 Beta		-->notwendig
Picasa 3	Google, Inc.	12.08.2011		3.8		-->notwendig
PlayReady PC Runtime x86	Microsoft Corporation	19.07.2010	1,65MB	1.3.0		-->unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.08.2010		6.0.1.6167		-->notwendig
Recover My Files	GetData Pty Ltd	17.02.2011	14,6MB	4.6.8.1012		-->notwendig
Recuva	Piriform	17.02.2011		1.39		-->notwendig
Sandboxie 3.68 (32-bit)	SANDBOXIE L.T.D	14.05.2012		3.68		-->notwendig
Shop for HP Supplies	HP	09.07.2010		13.0		-->unnötig
SiSoftware Sandra Lite 2010.SP2	SiSoftware	15.08.2010	67,4MB	16.52.2010.7		-->notwendig
Skype™ 5.9	Skype Technologies S.A.	18.06.2012	19,2MB	5.9.123		-->notwendig
Smart Flash Recovery v4.4	Smart PC Solutions	17.02.2011		4.4		-->notwendig
SopCast 3.4.0	www.sopcast.com	18.09.2011		3.4.0		-->notwendig
Spybot - Search & Destroy	Safer Networking Limited	09.03.2012		1.6.2		-->notwendig
Stellar Phoenix Photo Recovery v3.5	Stellar Information Systems Ltd	17.02.2011	9,60MB			-->notwendig
Synaptics Pointing Device Driver	Synaptics	14.03.2010		10.0.14.0		-->unbekannt
Textaizer Pro v4.0	APP Helmond	22.08.2011	5,45MB	-->unbekannt
TinyCAD 2.60.01	TinyCAD	14.04.2010		2.60.01		-->notwendig
TmNationsForever	Nadeo	28.07.2011		-->notwendig
TortoiseSVN 1.6.7.18415 (32 bit)	TortoiseSVN	19.04.2010	18,3MB	1.6.18415		-->notwendig
Veetle TV	Veetle, Inc	30.04.2012		0.9.19		-->notwendig
VLC media player 1.1.5	VideoLAN	03.01.2011		1.1.5		-->notwendig
Windows Live Anmelde-Assistent	Microsoft Corporation	27.09.2010	1,93MB	5.000.818.5		-->unbekannt
Windows Live Essentials	Microsoft Corporation	27.09.2010		14.0.8117.0416		-->unbekannt
Windows Live Sync	Microsoft Corporation	27.09.2010	2,79MB	14.0.8117.416		-->unbekannt	
Windows Live-Uploadtool	Microsoft Corporation	27.09.2010	224KB	14.0.8014.1029	-->unbekannt	
Windows Media Player Firefox Plugin	Microsoft Corp	05.04.2010	296KB	1.0.0.8		-->unbekannt
WinRAR		21.03.2010				-->notwendig
Wuala	LaCie	31.08.2011		1.0.367.0		-->notwendig
Wuala CBFS	LaCie	12.11.2011		3.2.101.0		-->notwendig
Wuala OverlayIcons	LaCie	31.08.2011		1.0.0.1		-->notwendig
XBCD 1.07	Redcl0ud	29.05.2010		1.07		-->notwendig
ZDFmediathek Version 2.1.6	ZDF	11.01.2012		-->notwendig
         

Alt 19.07.2012, 22:42   #10
markusg
/// Malware-holic
 
JS:Iframe-KQ [Trj] - Standard

JS:Iframe-KQ [Trj]



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
DartPro
DVD Flick
Internet-TV
Java: alle
Download der kostenlosen Java-Software
downloade java jre instalieren
deinstaliere:
PC Inspector
PDF-Viewer
Spybot : verzichte lieber drauf, und behalte malwarebytes.
Windows Live : alle die du nicht benötigst.

öffne CCleaner analysieren bereinigen.
öffne otl, cleanup pc startet neu, teste wie er läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu JS:Iframe-KQ [Trj]
adobe, antivirus, avast, bho, bonjour, computer, converter, emsisoft, firefox, flash player, frage, google, hijack, hijackthis, internet, internet explorer, launch, mozilla, mp3, notification, realtek, safer networking, scan, security, software, system, trojan.iframeref!ik, trojaner, trojaner js:iframe-kq, virus, virustotal.com, windows



Ähnliche Themen: JS:Iframe-KQ [Trj]


  1. Mal/Iframe-AN ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (15)
  2. JS/iFrame.cqi
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (17)
  3. JS:Trojan.JS.Iframe.DH (Virus)
    Log-Analyse und Auswertung - 05.05.2013 (34)
  4. Mal/Iframe-V (trojaner-board.de)
    Lob, Kritik und Wünsche - 24.02.2013 (1)
  5. HTML:IFrame-K [Trj]
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (8)
  6. Trojaner JS:Iframe-UC (trj)
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (1)
  7. HTML/Iframe.aho
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (13)
  8. (3x) Trojaner JS/iFrame.byo.3
    Mülltonne - 15.08.2012 (1)
  9. Trojan.JS.Iframe.BDJ
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (5)
  10. Antivir findet EXP/JS.Iframe.AL
    Plagegeister aller Art und deren Bekämpfung - 07.04.2012 (27)
  11. TR/Rootkit.gen und HTML/Iframe.adw.1
    Log-Analyse und Auswertung - 02.02.2012 (9)
  12. Trojaner auf Web-Starseite?! js:Iframe-DA [Trj]
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (4)
  13. iframe Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.09.2009 (1)
  14. IFrame Trojan
    Mülltonne - 05.11.2008 (0)
  15. HTML:Iframe-gen
    Plagegeister aller Art und deren Bekämpfung - 12.10.2008 (2)
  16. HTML/IFrame.aaa.100
    Mülltonne - 17.01.2008 (0)
  17. iFrame
    Alles rund um Windows - 29.11.2006 (1)

Zum Thema JS:Iframe-KQ [Trj] - Hallo habe mir laut Avast, einen Trojaner namens JS:Iframe-KQ [Trj] eingefangen. Dateipfad ist C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\1\41 und C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\C\93 Hab die Datein bei virustotal.com scannen lassen, dort haben (nur) 4 weitere Scanner einen - JS:Iframe-KQ [Trj]...
Archiv
Du betrachtest: JS:Iframe-KQ [Trj] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.