Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Elster E-Mail geöffnet - PDF exploiteingefangen ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.09.2012, 15:31   #1
degalo
 
Elster E-Mail geöffnet - PDF exploiteingefangen ? - Standard

Elster E-Mail geöffnet - PDF exploiteingefangen ?



Hallo liebe Community,

jetzt hat es mich auch erwischt.

Mir kam es zwar komisch vor, aber da ich keine Rechtschreibfehler erkennen konnte und der Inhalt plausibel war, habe ich den Anhang dieser E-Mail geöffnet:

Code:
ATTFilter
Sehr geehrte Damen und Herren,



fur Sie wurde von Ihrem Finanzamt bzw. Ihrer Steuerverwaltung uber das Verfahren ELSTER eine verschlusselte Datei

(Einkommensteuerbescheid) zur Abholung bereitgestellt.



 -- Ihre Datei finden Sie als PDF-Datei im Anhang dieser E-Mail. --



Sollten Sie die Daten nicht abholen, so werden diese nach 6 Monaten automatisch geloscht.



Dies ist eine automatisch generierte E-Mail - bitte antworten Sie nicht an diese Mailadresse.



Mit freundlichen Grussen

Ihr Finanzamt / Ihre Steuerverwaltung

www.elster.de



HINWEIS:

Sie erhalten diese E-Mail, weil Sie bei der Datenubermittlung z.B. Ihrer Steuererklarung die

Mailbenachrichtigung auf diese E-Mailadresse gewunscht haben.

Bei Steuerbescheiden ist allein die Papierausfertigung rechtlich relevant.
         
Im Anhang war die datei "ELSTER_Finanzamt2012.pdf", die mein Acrobat Reader X Version 10.1.4 nicht öffnen konnte. Als die Festplatte plötzlich anfing zu rödeln, habe ich so etwa 3 Sekunden nach dem Start vom Acrobat Reader den Stecker gezogen. Nach dem Neustart habe ich bei Jottis folgendes Ergebnis bekommen:

hxxp://virusscan.jotti.org/de/scanresult/5881f2c24b6b9885f8ffb8bb659a7e77fd650276/597a7018d3f2b49430a016fd6fec35b00f58d773

Nun stelle ich mir die Frage, ob es nochmal gut gegangen ist und mein Acrobat nicht anfällig war.

Mein OTL.TXT:
Code:
ATTFilter
OTL logfile created on: 26.09.2012 14:49:26 - Run 1
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\brauns\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,27% Memory free
7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 77,62 Gb Free Space | 31,81% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 858,27 Gb Free Space | 61,43% Space Free | Partition Type: NTFS
 
Computer Name: PHENOM | User Name: brauns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.09.26 14:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\brauns\Downloads\OTL.exe
PRC - [2012.09.10 13:34:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2011.01.12 17:24:06 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2010.09.15 05:14:06 | 007,130,112 | ---- | M] (AGFEO      ) -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe
PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.10 13:34:42 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2010.04.19 20:02:30 | 000,930,304 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtNetwork4.dll
MOD - [2010.03.26 20:48:12 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll
MOD - [2010.03.26 20:47:20 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll
MOD - [2010.03.26 20:47:14 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll
MOD - [2010.03.26 20:43:04 | 001,110,016 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtScript4.dll
MOD - [2010.03.26 20:26:44 | 009,823,232 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtWebKit4.dll
MOD - [2010.03.26 18:48:34 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\phonon4.dll
MOD - [2010.03.26 18:43:22 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtSql4.dll
MOD - [2010.03.26 18:43:08 | 007,829,504 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtGui4.dll
MOD - [2010.03.26 18:28:56 | 002,101,248 | ---- | M] () -- C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.12.02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2012.09.10 13:34:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.07.30 15:28:08 | 000,194,224 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.06.23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2010.06.22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:38:22 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.09.05 08:22:38 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.05 08:22:38 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.04.12 18:44:40 | 000,032,984 | ---- | M] (SEGGER Microcontroller Systeme GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jlinkx64.sys -- (jlink)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.11.24 09:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011.11.24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.10.07 11:24:12 | 000,152,064 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2011.10.07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011.08.09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.02.09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010.12.28 17:46:56 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.12.22 23:22:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.29 10:14:46 | 000,063,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb2ser64.sys -- (usb2ser64)
DRV:64bit: - [2010.08.30 10:29:30 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2010.08.30 10:26:30 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2010.08.30 10:07:40 | 000,895,640 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.07.28 13:41:24 | 000,022,528 | ---- | M] (IVI Foundation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ausbtmc.sys -- (Usbtmc)
DRV:64bit: - [2010.07.09 14:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.23 10:05:30 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2010.06.23 10:04:04 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2010.06.11 14:32:32 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2010.05.26 11:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\8CD4.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.03.24 12:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.14 15:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012.09.26 14:45:41 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.07.09 18:47:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.07.03 12:15:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2010.03.12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 CB 42 98 17 A2 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://127.0.0.1:3128/proxy.ins
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?tab=wc&pli=1"
FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 13:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.01 16:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 22:28:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.12.23 11:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\Extensions
[2010.12.23 11:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.25 11:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\Firefox\Profiles\equwkc4z.default\extensions
[2011.12.04 13:36:34 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\brauns\AppData\Roaming\mozilla\Firefox\Profiles\equwkc4z.default\extensions\DeviceDetection@logitech.com
[2012.05.14 23:02:48 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\brauns\AppData\Roaming\mozilla\Firefox\Profiles\equwkc4z.default\extensions\fb_add_on@avm.de
[2012.07.25 11:06:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\firefox\profiles\equwkc4z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.11 11:26:32 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\brauns\AppData\Roaming\mozilla\firefox\profiles\equwkc4z.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.04.27 08:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.10 13:34:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.27 08:50:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 13:34:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.27 08:50:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.27 08:50:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.27 08:50:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.27 08:50:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F4C5E51-2D31-405C-9E87-8B216E534772}: DhcpNameServer = 192.168.17.76
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6c15384d-1025-11e1-9a04-e0764533cc7b}\Shell - "" = AutoRun
O33 - MountPoints2\{6c15384d-1025-11e1-9a04-e0764533cc7b}\Shell\AutoRun\command - "" = L:\Startme.exe
O33 - MountPoints2\{adfeabe2-48ff-11e1-9d7a-1c6f658452f7}\Shell - "" = AutoRun
O33 - MountPoints2\{adfeabe2-48ff-11e1-9d7a-1c6f658452f7}\Shell\AutoRun\command - "" = M:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.26 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\brauns\Desktop\Virus
[2012.09.24 08:11:19 | 000,000,000 | ---D | C] -- C:\Users\brauns\Desktop\LAPTOPFRAESE
[2012.09.23 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\brauns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.09.23 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.09.23 18:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2012.09.20 18:44:30 | 000,000,000 | ---D | C] -- C:\Users\brauns\Desktop\CNCPROFI
[2012.09.13 08:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.09.05 19:14:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.09.05 19:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.05 19:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.05 08:22:38 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.09.05 08:22:38 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.09.03 08:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.01 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.01 16:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.01 15:48:33 | 000,000,000 | ---D | C] -- C:\Users\brauns\AppData\Roaming\Wings3D
[2012.08.29 16:58:27 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012.08.29 16:58:22 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2012.08.27 16:13:41 | 000,000,000 | ---D | C] -- C:\Users\brauns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
[2012.08.27 16:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RMPrepUSB
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.26 14:52:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 14:52:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 14:45:41 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012.09.26 14:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.26 14:45:37 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.26 14:44:28 | 000,000,020 | ---- | M] () -- C:\Users\brauns\defogger_reenable
[2012.09.26 10:01:40 | 000,000,600 | ---- | M] () -- C:\Users\brauns\AppData\Local\PUTTY.RND
[2012.09.24 08:12:27 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.24 08:12:27 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.24 08:12:27 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.24 08:12:27 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.24 08:12:27 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.24 08:05:55 | 000,000,218 | ---- | M] () -- C:\Users\brauns\.recently-used.xbel
[2012.09.23 18:54:01 | 000,000,991 | ---- | M] () -- C:\Users\brauns\Desktop\SopCast.lnk
[2012.09.23 18:52:18 | 009,625,551 | ---- | M] () -- C:\Users\brauns\Desktop\Setup-SopCast-3.5.0-2012-3-2.exe
[2012.09.21 11:08:03 | 001,448,424 | ---- | M] () -- C:\Users\brauns\Desktop\PENNY MOBIL erklärung.pdf
[2012.09.21 11:04:29 | 000,059,673 | ---- | M] () -- C:\Users\brauns\Desktop\PENNY MOBIL.pdf
[2012.09.18 17:19:40 | 000,721,816 | ---- | M] () -- C:\Users\brauns\Desktop\dungs.pdf
[2012.09.17 18:40:20 | 000,087,059 | ---- | M] () -- C:\Users\brauns\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf
[2012.09.16 18:20:34 | 000,315,265 | ---- | M] () -- C:\Users\brauns\Desktop\Chefkoch.de Rezept  Quiche.pdf
[2012.09.13 08:57:33 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.09.06 19:28:38 | 000,029,696 | ---- | M] () -- C:\Users\brauns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.05 08:24:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.09.05 08:24:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.09.05 08:22:38 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.09.05 08:22:38 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.09.04 18:46:35 | 000,003,840 | ---- | M] () -- C:\Windows\scad3.INI
[2012.09.03 11:43:22 | 000,183,326 | ---- | M] () -- C:\Users\brauns\Desktop\eberle geh.pdf
[2012.09.03 08:54:25 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.30 08:12:15 | 000,321,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.29 16:58:27 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.08.29 14:23:56 | 057,801,775 | ---- | M] () -- C:\Users\brauns\Documents\handbuchderfarbe00zerruoft.pdf
[2012.08.29 13:40:07 | 000,072,166 | ---- | M] () -- C:\Users\brauns\Documents\Anweisung_Aetznatron.pdf
[2012.08.29 13:39:49 | 000,112,560 | ---- | M] () -- C:\Users\brauns\Documents\Sicherheitsdatenblatt_Aetznatron.pdf
[2012.08.27 16:13:41 | 000,001,035 | ---- | M] () -- C:\Users\brauns\Desktop\RMPrepUSB.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.26 14:45:41 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012.09.26 14:44:28 | 000,000,020 | ---- | C] () -- C:\Users\brauns\defogger_reenable
[2012.09.24 08:05:55 | 000,000,218 | ---- | C] () -- C:\Users\brauns\.recently-used.xbel
[2012.09.23 18:54:01 | 000,000,991 | ---- | C] () -- C:\Users\brauns\Desktop\SopCast.lnk
[2012.09.21 11:08:02 | 001,448,424 | ---- | C] () -- C:\Users\brauns\Desktop\PENNY MOBIL erklärung.pdf
[2012.09.21 11:04:28 | 000,059,673 | ---- | C] () -- C:\Users\brauns\Desktop\PENNY MOBIL.pdf
[2012.09.18 17:19:40 | 000,721,816 | ---- | C] () -- C:\Users\brauns\Desktop\dungs.pdf
[2012.09.17 18:40:19 | 000,087,059 | ---- | C] () -- C:\Users\brauns\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.pdf
[2012.09.16 18:20:33 | 000,315,265 | ---- | C] () -- C:\Users\brauns\Desktop\Chefkoch.de Rezept  Quiche.pdf
[2012.09.13 08:57:33 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.09.05 08:24:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.09.05 08:24:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.09.03 11:43:21 | 000,183,326 | ---- | C] () -- C:\Users\brauns\Desktop\eberle geh.pdf
[2012.09.03 08:54:25 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.29 16:58:27 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.08.29 14:22:56 | 057,801,775 | ---- | C] () -- C:\Users\brauns\Documents\handbuchderfarbe00zerruoft.pdf
[2012.08.29 13:40:06 | 000,072,166 | ---- | C] () -- C:\Users\brauns\Documents\Anweisung_Aetznatron.pdf
[2012.08.29 13:39:46 | 000,112,560 | ---- | C] () -- C:\Users\brauns\Documents\Sicherheitsdatenblatt_Aetznatron.pdf
[2012.08.27 16:13:41 | 000,001,035 | ---- | C] () -- C:\Users\brauns\Desktop\RMPrepUSB.lnk
[2012.07.14 12:40:05 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.06.14 08:01:24 | 000,000,412 | ---- | C] () -- C:\Users\brauns\AppData\Roaming\All CPU Meter_Settings.ini
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.22 09:04:08 | 000,000,036 | ---- | C] () -- C:\Users\brauns\.org.eclipse.epp.usagedata.recording.userId
[2012.03.20 17:18:44 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.06 10:08:50 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\vbarchiv.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.15 22:24:19 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.10 23:31:14 | 000,000,736 | ---- | C] () -- C:\Users\brauns\id_dsa
[2011.09.10 22:07:05 | 000,000,604 | ---- | C] () -- C:\Users\brauns\braunskey.pub
[2011.08.26 17:18:12 | 000,000,094 | ---- | C] () -- C:\Users\brauns\AppData\Local\fusioncache.dat
[2011.08.26 16:53:37 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.08 10:51:08 | 000,001,719 | ---- | C] () -- C:\Users\brauns\pgp_ingo_brauns.asc
[2011.08.07 20:35:50 | 000,077,110 | ---- | C] () -- C:\Users\brauns\pubring.pkr
[2011.08.07 20:35:44 | 000,001,806 | ---- | C] () -- C:\Users\brauns\ingobrauns2.sec
[2011.08.07 20:35:44 | 000,001,806 | ---- | C] () -- C:\Users\brauns\ingobrauns1.sec
[2011.07.16 15:29:59 | 000,001,050 | ---- | C] () -- C:\Windows\wiso.ini
[2011.06.08 10:32:37 | 000,000,600 | ---- | C] () -- C:\Users\brauns\AppData\Roaming\PUTTY.RND
[2011.06.01 19:20:48 | 000,000,133 | ---- | C] () -- C:\Users\brauns\backup.bat
[2011.05.16 09:33:08 | 001,386,056 | ---- | C] () -- C:\Users\brauns\.b2log
[2011.03.31 11:35:55 | 000,000,600 | ---- | C] () -- C:\Users\brauns\AppData\Local\PUTTY.RND
[2011.03.28 14:56:29 | 000,007,606 | ---- | C] () -- C:\Users\brauns\AppData\Local\resmon.resmoncfg
[2011.03.27 00:57:34 | 000,029,696 | ---- | C] () -- C:\Users\brauns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.23 12:52:52 | 000,003,840 | ---- | C] () -- C:\Windows\scad3.INI
[2011.01.16 14:07:35 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.16 14:07:35 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.16 14:07:35 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.16 14:07:35 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.16 14:07:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.12 11:59:35 | 000,409,363 | ---- | C] () -- C:\Users\brauns\Anwenderdoku.pdf
[2011.01.04 20:53:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.02 14:29:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.27 16:39:19 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.12.23 21:52:56 | 000,000,824 | ---- | C] () -- C:\Users\brauns\braunskey.ppk
[2010.12.22 22:44:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.22 22:31:54 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.12.22 22:25:55 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.12.22 22:21:52 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.04 22:40:38 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\.purple
[2010.12.30 12:22:44 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\AGFEO
[2011.06.09 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Aquamarin Haushaltsbuch
[2010.12.24 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Ashampoo
[2011.07.16 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Buhl Data Service
[2011.10.07 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\calibre
[2011.03.27 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\CamTrack
[2010.12.24 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Canneverbe Limited
[2012.07.13 17:29:20 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Canon
[2010.12.22 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\DAEMON Tools Lite
[2012.07.28 10:22:27 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Dropbox
[2011.03.10 10:48:00 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\DVDVideoSoft
[2011.03.02 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Familienbande
[2012.07.20 09:57:19 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\FRITZ!
[2012.07.20 09:52:27 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.03.10 10:48:17 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\GetRightToGo
[2011.08.08 11:07:55 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\gnupg
[2012.09.18 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\gtk-2.0
[2011.07.15 15:58:23 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\inkscape
[2012.03.31 13:03:43 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\IrfanView
[2012.07.02 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\KillProcess
[2010.12.25 11:18:18 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Leadertech
[2012.03.28 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\LibreOffice
[2011.03.18 20:53:51 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\LolClient
[2011.04.13 13:56:10 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Notepad++
[2010.12.23 11:43:17 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\OpenOffice.org
[2010.12.27 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\ScanSoft
[2011.11.17 20:00:39 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Sony
[2010.12.23 23:12:51 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Subversion
[2010.12.23 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Thunderbird
[2011.12.12 13:25:06 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\TrueCrypt
[2011.01.10 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Ubisoft
[2012.09.01 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Wings3D
[2012.03.19 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\brauns\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >
         
Freue mich auch Eure Tips und gelobe jetzt schon Besserung. Das nächste Mal bin ich vorsichtiger.

LG Ingo

Alt 26.09.2012, 15:42   #2
markusg
/// Malware-holic
 
Elster E-Mail geöffnet - PDF exploiteingefangen ? - Standard

Elster E-Mail geöffnet - PDF exploiteingefangen ?



geloscht
würden die sicher nicht schreiben.
leite mir mal die mail weiter, danke
wer solche mails bekommt, kann einfache sicherheitsmaßnamen beachten.
1. der absender, meist ist das keiner den man kennt.
2. rechtschreibung bzw ausdruck
3. erwarte ich überhaupt solch eine mail.
4. adresse, und sonstige angaben in der mail prüfen.
und, ruhig anrufen bei dem amt ob sie was geschickt haben, wenn nicht, löschen bzw vorher an uns weiterleiten
__________________

__________________

Alt 26.09.2012, 15:57   #3
markusg
/// Malware-holic
 
Elster E-Mail geöffnet - PDF exploiteingefangen ? - Standard

Elster E-Mail geöffnet - PDF exploiteingefangen ?



ok angekommen

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
__________________

Alt 26.09.2012, 17:29   #4
degalo
 
Elster E-Mail geöffnet - PDF exploiteingefangen ? - Standard

Elster E-Mail geöffnet - PDF exploiteingefangen ?



hmm, scheint gut gelaufen zu sein ...

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
brauns :: PHENOM [Administrator]

Schutz: Aktiviert

26.09.2012 16:20:22
mbam-log-2012-09-26 (16-20-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478994
Laufzeit: 1 Stunde(n), 3 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 27.09.2012, 15:30   #5
markusg
/// Malware-holic
 
Elster E-Mail geöffnet - PDF exploiteingefangen ? - Standard

Elster E-Mail geöffnet - PDF exploiteingefangen ?



hi
ja weil ich die mail schon vorher bekommen hatte, und die autoren der seiten, wo die malware gehostet wurde, die von der pdf geladen wurde, angeschrieben hab und die ihren webauftritt bereinigt haben außerdem scheint dein adobe reader aktuell zu sein.
wir machen aber noch einen check, und danach, wenn alles gut läuft, sichern wir den pc ab.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.09.2012, 16:00   #6
degalo
 
Elster E-Mail geöffnet - PDF exploiteingefangen ? - Standard

Elster E-Mail geöffnet - PDF exploiteingefangen ?



Vielen Dank!

Hier das Logfile von Combofix:
Code:
ATTFilter
ComboFix 12-09-26.06 - brauns 27.09.2012  15:40:41.1.6 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4093.2680 [GMT 2:00]
ausgeführt von:: c:\users\brauns\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
F:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-27 bis 2012-09-27  ))))))))))))))))))))))))))))))
.
.
2012-09-27 13:46 . 2012-09-27 13:46	--------	d-----w-	c:\users\Mcx1-PHENOM\AppData\Local\temp
2012-09-27 13:46 . 2012-09-27 13:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-26 14:19 . 2012-09-26 14:19	--------	d-----w-	c:\users\brauns\AppData\Roaming\Malwarebytes
2012-09-26 14:18 . 2012-09-26 14:18	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-26 14:18 . 2012-09-26 14:18	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 14:18 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-25 06:40 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{21943AC4-A717-4FFE-BB0C-D77308B0D82B}\mpengine.dll
2012-09-23 16:54 . 2012-09-23 16:54	--------	d-----w-	c:\program files (x86)\SopCast
2012-09-13 06:57 . 2012-09-07 15:38	224088	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-09-13 06:57 . 2012-09-07 15:38	130904	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-09-12 06:53 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:53 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 06:53 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 11:34 . 2012-09-10 11:34	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-07 15:38 . 2012-09-07 15:38	166232	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2012-09-07 15:38 . 2012-09-07 15:38	147288	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2012-09-07 15:38 . 2012-09-07 15:38	117080	----a-w-	c:\windows\system32\drivers\VBoxUSB.sys
2012-09-07 15:37 . 2012-09-07 15:37	320856	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2012-09-05 17:14 . 2012-09-05 17:14	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-09-05 17:14 . 2012-09-05 17:14	--------	d-----r-	c:\program files (x86)\Skype
2012-09-05 06:22 . 2012-09-05 06:22	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-09-05 06:22 . 2012-09-05 06:22	1721576	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2012-09-05 06:22 . 2012-09-05 06:22	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-09-01 14:54 . 2012-09-01 14:54	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-01 14:54 . 2012-09-01 14:54	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 14:53 . 2012-09-01 14:53	--------	d-----w-	c:\program files (x86)\Java
2012-09-01 13:48 . 2012-09-01 13:48	--------	d-----w-	c:\users\brauns\AppData\Roaming\Wings3D
2012-08-31 08:15 . 2012-08-31 08:15	2295408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-29 14:58 . 2012-08-29 14:58	--------	d-----w-	c:\windows\ShellNew
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 06:58 . 2012-06-13 13:48	25640	----a-w-	c:\windows\gdrv.sys
2012-09-12 14:49 . 2010-12-23 16:25	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-03 06:52 . 2012-07-04 09:36	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-03 06:52 . 2011-05-19 13:51	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 14:54 . 2012-06-21 12:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 14:54 . 2010-12-23 09:36	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-31 08:15 . 2011-01-14 17:33	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-18 18:15 . 2012-08-16 06:02	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-14 10:36 . 2012-07-14 10:36	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2012-07-14 10:36 . 2011-01-14 18:33	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-14 10:36 . 2012-07-14 10:36	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-09 16:47 . 2010-12-22 20:31	30528	----a-w-	c:\windows\GVTDrv64.sys
2012-07-04 22:16 . 2012-08-16 06:02	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 06:02	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 06:02	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 06:02	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-07-03 10:15 . 2010-12-23 16:25	25640	----a-w-	c:\windows\etdrv.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-6-3 292240]
TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2010-9-15 7130112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
R2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ALSysIO;ALSysIO;c:\users\brauns\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-07-03 25640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-05 14448]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-09 30528]
R3 jlink;J-Link driver;c:\windows\system32\DRIVERS\jlinkx64.sys [2012-04-12 32984]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.6.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\8CD4.tmp [2010-05-26 6144]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-08-30 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-08-30 12992]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11944]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 usb2ser64;usb2ser64;c:\windows\system32\DRIVERS\usb2ser64.sys [2010-10-29 63608]
R3 Usbtmc;ausbtmc;c:\windows\system32\Drivers\ausbtmc.sys [2010-07-28 22528]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-09-07 117080]
R4 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
R4 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-07-30 194224]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-22 834544]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-07 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-07 130904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [2011-12-02 4913608]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11944]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-07 166232]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\brauns\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.17.76
FF - ProfilePath - c:\users\brauns\AppData\Roaming\Mozilla\Firefox\Profiles\equwkc4z.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?tab=wc&pli=1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8CD4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-27  15:49:23
ComboFix-quarantined-files.txt  2012-09-27 13:49
.
Vor Suchlauf: 21 Verzeichnis(se), 97.979.502.592 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 98.348.236.800 Bytes frei
.
- - End Of File - - E8EE10B425AA8BA3F95133B8D8BADFCA
         
Hat bestens geklappt und sieht gut aus ...

Alt 01.10.2012, 20:12   #7
markusg
/// Malware-holic
 
Elster E-Mail geöffnet - PDF exploiteingefangen ? - Standard

Elster E-Mail geöffnet - PDF exploiteingefangen ?



lade den CCleaner standard:
CCleaner Download - CCleaner 3.23.1823
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Elster E-Mail geöffnet - PDF exploiteingefangen ?
adobe, e-mail, error, explorer, festplatte, firefox, format, frage, helper, logfile, microsoft, mozilla, national, neustart, nicht öffnen, object, pdf, programme, realtek, registry, safer networking, schreibfehler, secure, sekunden, software, sophos, usb, usb 3.0, windows, winlogon



Ähnliche Themen: Elster E-Mail geöffnet - PDF exploiteingefangen ?


  1. DHL Mail geöffnet
    Alles rund um Mac OSX & Linux - 12.06.2015 (9)
  2. DHL Mail auf MacBook geöffnet
    Alles rund um Mac OSX & Linux - 22.05.2015 (3)
  3. DHL Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (13)
  4. Ups e-mail geöffnet
    Log-Analyse und Auswertung - 08.03.2015 (5)
  5. Mail mit .rft-Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 02.10.2014 (2)
  6. Auf Phishing-Mail reingefallen - ELSTER-(Steuer)Bescheid
    Plagegeister aller Art und deren Bekämpfung - 27.09.2014 (9)
  7. Android: ELSTER-Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (3)
  8. ELSTER Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Smartphone, Tablet & Handy Security - 23.09.2014 (5)
  9. mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.06.2014 (11)
  10. E-Mail von Media Center GmbH - Abo 39€ - E-Mail, nicht Anhang geöffnet, Antivirenprogramm meldet sich.
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (5)
  11. Abmahungs-Mail, Zip geöffnet
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (25)
  12. .exe aus Mail geöffnet
    Log-Analyse und Auswertung - 17.11.2013 (10)
  13. spam mail geöffnet :-(
    Log-Analyse und Auswertung - 23.08.2013 (3)
  14. Elster E-Mail PDF im Anhang geöffnet - Mac Nutzer
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)
  15. Elster.PDF geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  16. Elster-Spam Mail auf Apple Rechner geöffnet
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (5)
  17. E-Mail geöffnet / Trojaner?
    Log-Analyse und Auswertung - 31.08.2007 (2)

Zum Thema Elster E-Mail geöffnet - PDF exploiteingefangen ? - Hallo liebe Community, jetzt hat es mich auch erwischt. Mir kam es zwar komisch vor, aber da ich keine Rechtschreibfehler erkennen konnte und der Inhalt plausibel war, habe ich den - Elster E-Mail geöffnet - PDF exploiteingefangen ?...
Archiv
Du betrachtest: Elster E-Mail geöffnet - PDF exploiteingefangen ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.