| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Searchnu.com - Free FLV Konverter Ordner noch vorhandenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2013, 09:33
| #1 |
| |  Searchnu.com - Free FLV Konverter Ordner noch vorhanden Hallo zusammen, ich habe gestern nach einem FLV Konverter gesucht und scheinbar dabei diese Searchnu.com Sache interstalliert. Aufgefallen ist es mir erst, als ich in meinem Browser einen neuen Tab öffnen wollte und eben diese Suchseite kam und nicht mein gewohntes Google. Google führte mich erst auf andere Lösungseiten, die ich durchgeführt habe. Mit CCleaner und der Systemsteuerung habe ich den FLV Converter und die Searchnu Programme gelöscht, aber mich beschleicht das Gefühl, dass das eher schlecht als gut war. Vor allem, weil unter C:/Programme immer noch ein FLV Ordner ist und ein Searchqu Toolbar Ordner. Nach nochmaliger Googlesuche und weiterblättern auf Seite 2 kam ich auf dieses Board. Ist mein System sauber? ############################################################## defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:28 on 01/04/2013 (Mathias) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ##############################################################OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.04.2013 10:12:55 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mathias\Desktop\SCans Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,85% Memory free 5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,21 Gb Total Space | 165,07 Gb Free Space | 84,56% Space Free | Partition Type: NTFS Drive D: | 503,32 Gb Total Space | 440,89 Gb Free Space | 87,59% Space Free | Partition Type: NTFS Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.01 09:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\SCans\OTL.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.12.19 21:44:28 | 000,393,216 | ---- | M] (Box, Inc.) -- C:\Programme\Box Sync\BoxSyncHelper.exe PRC - [2012.12.19 21:44:26 | 008,706,560 | ---- | M] (Box, Inc.) -- C:\Programme\Box Sync\BoxSync.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 23:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.08.27 06:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.05.19 14:49:00 | 003,449,344 | ---- | M] (Mirko Böer) -- C:\Programme\RouterControl\RouterControl.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 18:14:54 | 000,445,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\52f43f05d63e9b096e1d4d3775745a90\BoxSyncHelper.ni.exe MOD - [2013.02.15 18:14:53 | 008,813,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxSync\51239bf2d609bbef0034099a3aefc1ca\BoxSync.ni.exe MOD - [2013.02.15 18:11:16 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll MOD - [2013.02.15 18:11:06 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.15 18:10:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.11 21:12:48 | 001,762,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\fe72c94c8eac10f1feba44e556f2735f\Newtonsoft.Json.Net20.ni.dll MOD - [2013.01.11 21:12:46 | 000,387,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Python.Runtime\1f3edecb821c8b5ffe9fb63af25f1e16\Python.Runtime.ni.dll MOD - [2013.01.11 21:12:42 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.11 21:12:41 | 000,248,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxUtils\13d40b3732319d53be0f7f2f42fc08b3\BoxUtils.ni.dll MOD - [2013.01.11 21:12:41 | 000,055,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\6ab37c3c7777e03f258495087dfed466\ZetaLongPaths.ni.dll MOD - [2013.01.10 07:19:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 07:19:00 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.01.10 07:18:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\81edf0da5f951bd97acfbb9d54504617\System.Data.ni.dll MOD - [2013.01.10 07:18:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 07:18:09 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.10 07:17:46 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll MOD - [2013.01.10 07:17:45 | 002,508,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\27cd4cd09259ab84e92a6a55e8906d51\System.Data.SqlXml.ni.dll MOD - [2013.01.10 07:17:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 07:17:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 07:17:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 07:17:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.07.16 17:40:32 | 000,721,920 | ---- | M] () -- C:\Programme\Box Sync\_ssl.pyd MOD - [2012.07.16 17:40:32 | 000,688,128 | ---- | M] () -- C:\Programme\Box Sync\unicodedata.pyd MOD - [2012.07.16 17:40:32 | 000,635,392 | ---- | M] () -- C:\Programme\Box Sync\sqlite3.dll MOD - [2012.07.16 17:40:32 | 000,285,184 | ---- | M] () -- C:\Programme\Box Sync\_hashlib.pyd MOD - [2012.07.16 17:40:32 | 000,152,576 | ---- | M] () -- C:\Programme\Box Sync\pyexpat.pyd MOD - [2012.07.16 17:40:32 | 000,111,616 | ---- | M] () -- C:\Programme\Box Sync\win32file.pyd MOD - [2012.07.16 17:40:32 | 000,110,080 | ---- | M] () -- C:\Programme\Box Sync\pywintypes27.dll MOD - [2012.07.16 17:40:32 | 000,108,544 | ---- | M] () -- C:\Programme\Box Sync\win32security.pyd MOD - [2012.07.16 17:40:32 | 000,098,816 | ---- | M] () -- C:\Programme\Box Sync\win32api.pyd MOD - [2012.07.16 17:40:32 | 000,093,696 | ---- | M] () -- C:\Programme\Box Sync\_elementtree.pyd MOD - [2012.07.16 17:40:32 | 000,073,216 | ---- | M] () -- C:\Programme\Box Sync\_ctypes.pyd MOD - [2012.07.16 17:40:32 | 000,057,344 | ---- | M] () -- C:\Programme\Box Sync\_sqlite3.pyd MOD - [2012.07.16 17:40:32 | 000,040,960 | ---- | M] () -- C:\Programme\Box Sync\_socket.pyd MOD - [2012.07.16 17:40:32 | 000,032,256 | ---- | M] () -- C:\Programme\Box Sync\_testcapi.pyd MOD - [2012.07.16 17:40:32 | 000,008,192 | ---- | M] () -- C:\Programme\Box Sync\_win32sysloader.pyd MOD - [2010.11.20 23:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2013.03.12 20:32:36 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.09 04:49:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.18 20:45:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - [2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.03.07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.03.07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.03.07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.08.23 16:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.01.30 13:14:14 | 000,191,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.08.04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5143558421214132&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/413 IE - HKCU\..\URLSearchHook: {dc84d6f4-abf5-441d-bdef-65f3f4d7aabe} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5143558421214132&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de" FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724 FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: %7B11483926-db67-4190-91b1-ef20fcec5f33%7D:0.4.5 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=5143558421214132&o=APN10649&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.08 18:19:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 04:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 04:49:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.01 05:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2013.04.01 05:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\ijkmb88b.default\extensions [2012.12.18 22:01:38 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\ijkmb88b.default\extensions\coralietab@mozdev.org [2012.12.22 22:54:15 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\ijkmb88b.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2012.12.22 22:57:09 | 000,074,526 | ---- | M] () (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\ijkmb88b.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2012.12.18 22:01:35 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\ijkmb88b.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2013.03.31 11:30:40 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\ijkmb88b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 22:11:19 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\ijkmb88b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.29 08:47:14 | 000,001,052 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\ijkmb88b.default\searchplugins\jdownloader-customized-web-search.xml [2013.03.31 17:49:52 | 000,002,683 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\ijkmb88b.default\searchplugins\Search_Results.xml [2013.04.01 05:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 18:19:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.03.09 04:49:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.31 17:49:52 | 000,002,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.searchnu.com/413 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll CHR - Extension: Google Drive = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Google-Suche = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: avast! WebRep = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: ScriptSafe = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062DED5D-339E-43B6-A060-31AA67D94A53}: DhcpNameServer = 153.97.105.18 153.96.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{433E2AE1-35EE-46EB-A4EA-FE760DAD1505}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.01 09:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\SCans [2013.03.31 23:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2013.03.31 17:50:06 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\System32\TubeFinder.exe [2013.03.31 17:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.03.31 17:49:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\FreeFLVConverter [2013.03.31 17:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2013.03.31 17:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2013.03.20 20:46:15 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Programs [2013.03.19 23:21:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\elsterformular [2013.03.19 23:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.03.19 23:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2013.03.19 23:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [2013.03.17 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.17 10:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.15 19:51:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2013.03.10 18:37:07 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Apps [2013.03.10 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\IrfanView [2013.03.10 13:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.10 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.03.10 13:45:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.03.09 04:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.06 06:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.04.01 10:15:11 | 000,023,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 10:15:11 | 000,023,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 10:14:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.01 10:14:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.01 10:14:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.01 10:14:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.01 10:10:24 | 000,001,053 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.01 10:10:00 | 000,001,025 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk [2013.04.01 10:08:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.01 10:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.01 10:07:42 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys [2013.04.01 09:57:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.01 09:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.01 09:28:11 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable [2013.04.01 05:04:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.31 07:51:53 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.20 20:46:37 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.19 23:14:47 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.03.10 13:45:42 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.08 19:25:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.03.07 01:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.03.07 01:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.03.07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.03.07 01:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.03.07 01:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe ========== Files Created - No Company Name ========== [2013.04.01 09:28:11 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable [2013.03.31 17:50:03 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2013.03.31 17:50:03 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2013.03.31 17:50:01 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2013.03.19 23:14:47 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.03.01 22:34:29 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.03.01 22:34:28 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2012.12.18 21:29:40 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2012.12.18 21:29:40 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat [2012.12.18 21:29:40 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2012.12.18 21:29:40 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2012.12.18 21:29:39 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2012.12.18 21:29:39 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2012.12.18 21:29:39 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2012.12.18 21:29:24 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI [2012.12.18 14:33:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.30 23:46:05 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Box Desktop [2013.04.01 10:09:06 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Box Sync [2013.04.01 10:10:28 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox [2013.03.19 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\elsterformular [2013.03.31 17:50:31 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\FreeFLVConverter [2013.03.10 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\IrfanView [2012.12.20 10:37:26 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\mp3DirectCut [2013.01.17 07:41:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mp3tag [2012.12.20 12:15:59 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Picturenaut [2013.02.25 07:20:47 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\RouterControl ========== Purity Check ========== < End of report > Eine "Extra.txt" finde komischerweise nicht. Wo soll die sein? ############################################################## GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-01 10:06:43
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9750420AS rev.0001SDM5 698,64GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\pwtiifow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FA4E59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90394388]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8FA4F02E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FA5A7F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FA5A83E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FA5A9D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FA5A760]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90394720]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FA5A7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8FA4F52C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8FA4F748]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FA5A992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8FA4FDE4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FA4E602]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8FA535C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90394450]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x903929B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FA4E668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FA5398C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FA50874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FA5A81C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FA5A860]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FA5A9FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FA5A786]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8FA52EA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FA5A910]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FA5A7D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8FA5329A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FA5A9B6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x903945B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FA50740]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8FA5044E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FA4E6CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FA4E734]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8FA4FC5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FA4E284]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FA4E45A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FA4E3E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8FA4FFAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8FA50110]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FA4E4E2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90394678]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8FA4FC3E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x903929E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FA4E79A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x903944FC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x903ADBA0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E449E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7E1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E851E0 4 Bytes [9C, E5, A4, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E85208 4 Bytes [88, 43, 39, 90] {MOV [EBX+0x39], AL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E85268 4 Bytes [2E, F0, A4, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E852BC 8 Bytes [F2, A7, A5, 8F, 3E, A8, A5, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E852C8 4 Bytes [D8, A9, A5, 8F]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83012C6B 5 Bytes JMP 903AAA3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8302B280 5 Bytes JMP 903AC56C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830403C7 4 Bytes CALL 8FA50F37 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8305A1B0 4 Bytes CALL 8FA50F4D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830E4008 7 Bytes JMP 903ADBA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90E35000, 0x2D5378, 0xE8000020]
.text kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[520] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[532] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\services.exe[568] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text ...
.text C:\Windows\system32\taskhost.exe[636] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskhost.exe[636] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskhost.exe[636] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[636] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[636] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[636] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[636] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[636] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00070600
.text C:\Windows\system32\winlogon.exe[676] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[876] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[908] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001203FC
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001201F8
.text C:\Windows\system32\svchost.exe[2224] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\atieclxx.exe[2468] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001E03FC
.text C:\Windows\system32\atieclxx.exe[2468] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\atieclxx.exe[2468] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[2468] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atieclxx.exe[2468] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atieclxx.exe[2468] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atieclxx.exe[2468] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atieclxx.exe[2468] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\taskhost.exe[2580] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001103FC
.text C:\Windows\system32\taskhost.exe[2580] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001101F8
.text C:\Windows\system32\taskhost.exe[2580] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2580] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[2580] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[2580] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[2580] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[2580] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00120600
.text C:\Windows\system32\Dwm.exe[2692] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\Dwm.exe[2692] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\Dwm.exe[2692] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2692] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\Dwm.exe[2692] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\Dwm.exe[2692] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\Dwm.exe[2692] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\Dwm.exe[2692] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00130600
.text C:\Windows\Explorer.EXE[2736] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000E03FC
.text C:\Windows\Explorer.EXE[2736] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000E01F8
.text C:\Windows\Explorer.EXE[2736] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2736] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00100A08
.text C:\Windows\Explorer.EXE[2736] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001003FC
.text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00100804
.text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001001F8
.text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[2780] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2780] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2780] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2780] user32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 001A0A08
.text C:\Windows\System32\svchost.exe[2780] user32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001A03FC
.text C:\Windows\System32\svchost.exe[2780] user32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 001A0804
.text C:\Windows\System32\svchost.exe[2780] user32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001A01F8
.text C:\Windows\System32\svchost.exe[2780] user32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 001A0600
.text C:\Windows\system32\SearchIndexer.exe[2792] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\SearchIndexer.exe[2792] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\SearchIndexer.exe[2792] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2792] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[2792] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[2792] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[2792] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[2792] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00100600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2876] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\rundll32.exe[2924] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000F03FC
.text C:\Windows\System32\rundll32.exe[2924] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000F01F8
.text C:\Windows\System32\rundll32.exe[2924] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2924] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\rundll32.exe[2924] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\rundll32.exe[2924] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\rundll32.exe[2924] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\rundll32.exe[2924] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00100600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 002403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00240804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 002401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00240600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3304] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Launch Manager\LManager.exe[3608] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Launch Manager\LManager.exe[3608] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Launch Manager\LManager.exe[3608] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Launch Manager\LManager.exe[3608] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Launch Manager\LManager.exe[3608] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Launch Manager\LManager.exe[3608] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Launch Manager\LManager.exe[3608] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Launch Manager\LManager.exe[3608] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00310A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 003103FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00310804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 003101F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3624] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00310600
.text C:\Program Files\RouterControl\RouterControl.exe[3740] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\RouterControl\RouterControl.exe[3740] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001E01F8
.text C:\Program Files\RouterControl\RouterControl.exe[3740] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\RouterControl\RouterControl.exe[3740] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\RouterControl\RouterControl.exe[3740] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001F03FC
.text C:\Program Files\RouterControl\RouterControl.exe[3740] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 001F0804
.text C:\Program Files\RouterControl\RouterControl.exe[3740] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\RouterControl\RouterControl.exe[3740] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000701F8
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 000903FC
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00090804
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 000901F8
.text C:\Program Files\Box Sync\BoxSyncHelper.exe[3896] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00090600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00210600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4004] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4072] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[4652] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[4652] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[4652] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4652] USER32.dll!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[4652] USER32.dll!UnhookWinEvent 76D3B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[4652] USER32.dll!SetWindowsHookExW 76D3E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[4652] USER32.dll!SetWinEventHook 76D424DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[4652] USER32.dll!SetWindowsHookExA 76D66D0C 5 Bytes JMP 00100600
.text C:\Users\Mathias\Desktop\SCans\gmer_2.1.19155.exe[5484] kernel32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] ntdll.dll!LdrUnloadDll 76F7C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] ntdll.dll!LdrLoadDll 76F8223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] KERNEL32.dll!GetBinaryTypeW + 70 76C369F4 1 Byte [62]
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] USER32.DLL!UnhookWindowsHookEx 76D3ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] USER32.DLL!UnhookWinEvent 76D3B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] USER32.DLL!SetWindowsHookExW 76D3E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] USER32.DLL!SetWinEventHook 76D424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Free FLV Converter\FreeFLVConverter.exe[6488] USER32.DLL!SetWindowsHookExA 76D66D0C 5 Bytes JMP 001F0600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{AF5CCAC5-490E-11E2-A3CA-806E6F6E6963} 1906386600
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{AF5CCAC6-490E-11E2-A3CA-806E6F6E6963} 41875040
---- EOF - GMER 2.1 ----
Ich danke für die Hilfe |
|
01.04.2013, 12:37
| #2 |
| | Searchnu.com - Free FLV Konverter Ordner noch vorhanden Hier noch der Malewarebytest Scan:
__________________Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.31.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Mathias :: MATHIAS-PC [Administrator] 01.04.2013 13:30:01 mbam-log-2013-04-01 (13-30-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195144 Laufzeit: 3 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
01.04.2013, 20:33
| #3 |
| /// Helfer-Team  | Searchnu.com - Free FLV Konverter Ordner noch vorhanden Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
02.04.2013, 16:50
| #4 |
| | Searchnu.com - Free FLV Konverter Ordner noch vorhanden Hallo t'john, vielen Dank schon mal für Deine Hilfe. Malwarebytes Anti-Rootkit hat keine Malware gefunden und bot mir nur Previous oder Exit an (kein CleanUp) ein Neustart erfolgte ebenfalls nicht: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.02.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mathias :: MATHIAS-PC [administrator]
02.04.2013 17:27:05
mbar-log-2013-04-02 (17-27-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27587
Time elapsed: 6 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 02/04/2013 um 17:40:43 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Mathias - MATHIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mathias\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Mathias\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\ijkmb88b.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Searchqu Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Users\Mathias\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Mathias\AppData\Local\Temp\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}
Ordner Gelöscht : C:\Users\Mathias\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\ijkmb88b.default\extensions\staged
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3175297
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SearchquSRTB
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\ijkmb88b.default\prefs.js
Gelöscht : user_pref("CT3175297.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforum.spiegel.de[...]
Gelöscht : user_pref("CT3175297_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3175297&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "JDownloader Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3175297[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3175297");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_d[...]
-\\ Google Chrome v26.0.1410.43
Datei : C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2207] : homepage = "hxxp://www.searchnu.com/413",
*************************
AdwCleaner[S1].txt - [4169 octets] - [02/04/2013 17:40:43]
########## EOF - C:\AdwCleaner[S1].txt - [4229 octets] ##########
--- --- ---
|
|
03.04.2013, 08:42
| #5 |
| /// Helfer-Team | Searchnu.com - Free FLV Konverter Ordner noch vorhanden Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
03.04.2013, 19:02
| #6 |
| | Searchnu.com - Free FLV Konverter Ordner noch vorhanden Hier die Ergebnisse aus aswMBR, Eset und SecurityCheck: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-03 17:15:24
-----------------------------
17:15:24.914 OS Version: Windows 6.1.7601 Service Pack 1
17:15:24.914 Number of processors: 2 586 0x170A
17:15:24.914 ComputerName: MATHIAS-PC UserName: Mathias
17:15:26.802 Initialize success
17:15:26.958 AVAST engine defs: 13040300
17:15:43.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:15:43.494 Disk 0 Vendor: ST9750420AS 0001SDM5 Size: 715404MB BusType: 11
17:15:43.572 Disk 0 MBR read successfully
17:15:43.587 Disk 0 MBR scan
17:15:43.587 Disk 0 Windows 7 default MBR code
17:15:43.603 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:15:43.618 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
17:15:43.634 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 515403 MB offset 409600000
17:15:43.650 Disk 0 scanning sectors +1465145344
17:15:43.728 Disk 0 scanning C:\Windows\system32\drivers
17:15:52.854 Service scanning
17:16:08.235 Modules scanning
17:16:17.314 Disk 0 trace - called modules:
17:16:17.923 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
17:16:17.938 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861c6ac8]
17:16:17.938 3 CLASSPNP.SYS[8b3ac59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ce3908]
17:16:22.993 AVAST engine scan C:\Windows
17:16:29.358 AVAST engine scan C:\Windows\system32
17:18:36.857 AVAST engine scan C:\Windows\system32\drivers
17:18:48.198 AVAST engine scan C:\Users\Mathias
17:20:37.835 AVAST engine scan C:\ProgramData
17:21:03.154 Scan finished successfully
17:22:09.594 Disk 0 MBR has been saved successfully to "C:\Users\Mathias\Desktop\MBR.dat"
17:22:09.610 The log file has been saved successfully to "C:\Users\Mathias\Desktop\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b48e547a6b7e0741ae3522b9ac753d57
# engine=13541
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-03 05:51:15
# local_time=2013-04-03 07:51:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 2247834 141721347 0 0
# compatibility_mode=5893 16776573 100 94 47204 116642666 0 0
# scanned=451789
# found=0
# cleaned=0
# scan_time=8626
Code:
ATTFilter Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox (20.0) Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
04.04.2013, 10:24
| #7 |
| /// Helfer-Team | Searchnu.com - Free FLV Konverter Ordner noch vorhanden Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
04.04.2013, 10:45
| #8 |
| | Searchnu.com - Free FLV Konverter Ordner noch vorhanden t'john, ich möchte dir ganz herzlich danken! Super Sache! Grüße Soulgate |
|
04.04.2013, 10:54
| #9 |
| /// Helfer-Team | Searchnu.com - Free FLV Konverter Ordner noch vorhanden wuensche eine virenfreie Zeit  |
|
| Themen zu Searchnu.com - Free FLV Konverter Ordner noch vorhanden |
| adblock, adobe, antivirus, aswrvrt.sys, autorun, avast, bho, bonjour, browser, converter, defender, desktop, firefox, flash player, format, koyote, launch, logfile, mozilla, ntdll.dll, object, plug-in, realtek, registry, rundll, services.exe, software, svchost.exe, udp, windows |
