Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
wisersearch - Suchmaschine

wisersearch - Suchmaschine


Log-Analyse und Auswertung: wisersearch - Suchmaschine

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.09.2013, 08:36   #1
ElisMam
 
wisersearch - Suchmaschine - Standard

wisersearch - Suchmaschine


Hallo,

ich habe es - leider - schon auf eigene Faust probiert, da das Problem mit der wisersearch-Suchmaschine hier schon besprochen wurde:
1. adw-cleaner
2. frst-scan
3. combofix (Tut mir Leid, ich habe die Wahrnungen diesbezüglich erst später gelesen)
4. malwarebytes
Alles hat nichts gebracht - diese blöde Suchmaschine ist immernoch da.

Also versuche ich es nochmal von vorn. Hier das Ergebnis des frst-scans:

Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by Expert OEM (administrator) on EXPERT on 21-09-2013 08:45:22
Running from C:\Users\Expert OEM\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-07-18] (Alcor Micro Corp.)
HKCU\...\Run: [Spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-11-16] ()
HKCU\...\Run: [Snoozer] - C:\Users\Expert OEM\AppData\Roaming\Snz\Snz.exe [1137763 2013-09-16] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-09] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
Startup: C:\Users\Expert OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {C25E2F54-FD62-4D07-802E-BF758B4D6491} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {C25E2F54-FD62-4D07-802E-BF758B4D6491} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm255^YY^de&si=CL2z2ZncprYCFZHbzAod-WsAoQ&ptb=6E613D14-3730-4B12-BA40-44EEB5B54253&ind=2013033106&n=77fc7292&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {28FB9306-DA6C-4C73-A919-F3FF2E7F19B9} URL = hxxp://search.softonic.com/MOY00096/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=974
SearchScopes: HKCU - {C25E2F54-FD62-4D07-802E-BF758B4D6491} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Expert OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hw8c4rxx.default
FF DefaultSearchEngine: Search
FF Homepage: hxxp://wisersearch.com/?channel=de
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: m2k - C:\Users\Expert OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hw8c4rxx.default\Extensions\m2k@m2kdownloader.com.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (LyricsPal) - C:\Users\EXPERT~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.110
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\EXPERT~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0
CHR HKLM-x32\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-09] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-16] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-16] (Dritek System Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-21 08:46 - 2013-09-21 08:46 - 00377856 _____ C:\Users\Expert OEM\Downloads\h5y9rfc2.exe
2013-09-21 08:42 - 2013-09-21 08:43 - 00050477 _____ C:\Users\Expert OEM\Downloads\Defogger.exe
2013-09-21 08:04 - 2013-09-21 08:04 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-21 08:04 - 2013-09-21 08:04 - 00000000 ____D C:\Users\Expert OEM\AppData\Roaming\Malwarebytes
2013-09-21 08:04 - 2013-09-21 08:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-21 08:04 - 2013-09-21 08:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-21 08:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-21 08:03 - 2013-09-21 08:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Expert OEM\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-20 23:27 - 2013-09-20 23:27 - 00016992 _____ C:\ComboFix.txt
2013-09-20 23:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-20 23:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-20 23:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-20 23:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-20 23:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-20 23:00 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-09-20 23:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-20 23:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-20 23:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-20 20:50 - 2013-09-20 23:27 - 00000000 ____D C:\Qoobox
2013-09-20 20:49 - 2013-09-20 23:22 - 00000000 ____D C:\Windows\erdnt
2013-09-20 20:47 - 2013-09-20 20:49 - 05128554 ____R (Swearware) C:\Users\Expert OEM\Downloads\ComboFix.exe
2013-09-20 20:45 - 2013-09-20 20:45 - 00000265 _____ C:\Users\Expert OEM\Downloads\Search.txt
2013-09-20 20:43 - 2013-09-20 20:45 - 00028391 _____ C:\Users\Expert OEM\Downloads\Addition.txt
2013-09-20 20:41 - 2013-09-20 20:41 - 00000000 ____D C:\FRST
2013-09-20 20:40 - 2013-09-20 20:40 - 01950622 _____ (Farbar) C:\Users\Expert OEM\Downloads\FRST64.exe
2013-09-20 15:54 - 2013-09-20 16:31 - 00000000 ____D C:\AdwCleaner
2013-09-20 15:54 - 2013-09-20 15:54 - 01039554 _____ C:\Users\Expert OEM\Downloads\adwcleaner004.exe
2013-09-19 17:41 - 2013-09-19 17:41 - 00319211 _____ C:\Users\Expert OEM\Downloads\Joy2Key.zip
2013-09-19 17:41 - 2013-09-19 17:41 - 00319211 _____ C:\Users\Expert OEM\Downloads\Joy2Key(1).zip
2013-09-18 15:15 - 2013-09-18 15:15 - 98132872 _____ C:\Windows\SysWOW64\�詝Là
2013-09-17 16:08 - 2013-09-17 16:08 - 00000000 ____D C:\Users\Expert OEM\AppData\Roaming\Snz
2013-09-14 17:06 - 2013-09-19 17:31 - 00000035 _____ C:\Users\Expert OEM\AppData\Roaming\WB.CFG
2013-09-13 15:36 - 2013-09-13 15:36 - 97463612 _____ C:\Windows\SysWOW64\ŷ⛨瞇
2013-09-03 16:19 - 2013-09-04 08:36 - 00000416 _____ C:\Users\Expert OEM\Desktop\11.txt
2013-09-03 16:19 - 2013-09-03 16:27 - 00000315 _____ C:\Users\Expert OEM\Desktop\12.txt
2013-09-01 11:08 - 2013-09-01 11:11 - 00000000 ____D C:\Windows\system32\MRT
2013-09-01 10:50 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-09-01 10:50 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-29 20:15 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-29 20:15 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-29 20:15 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-29 20:15 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-29 20:15 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-29 20:15 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-29 20:15 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-29 20:15 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-29 20:15 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-29 20:15 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-29 20:15 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-29 20:15 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-29 20:15 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-29 20:15 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-29 20:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-29 20:15 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-29 20:15 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-29 20:15 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-29 20:15 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-29 19:52 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-29 19:52 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-29 19:52 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-29 19:52 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-29 19:52 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-29 19:52 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-29 19:52 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-29 19:52 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-29 19:52 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-22 21:19 - 2013-08-22 21:19 - 00002142 _____ C:\Users\Public\Desktop\Angry Birds Star Wars.lnk

==================== One Month Modified Files and Folders =======

2013-09-21 08:46 - 2013-09-21 08:46 - 00377856 _____ C:\Users\Expert OEM\Downloads\h5y9rfc2.exe
2013-09-21 08:43 - 2013-09-21 08:42 - 00050477 _____ C:\Users\Expert OEM\Downloads\Defogger.exe
2013-09-21 08:42 - 2013-02-15 00:14 - 01108063 _____ C:\Windows\WindowsUpdate.log
2013-09-21 08:35 - 2013-03-04 19:38 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2601796410-1098729037-2499895503-1001
2013-09-21 08:30 - 2013-07-01 16:04 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 08:26 - 2013-07-01 16:04 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 08:26 - 2012-09-01 05:23 - 00067550 _____ C:\Windows\PFRO.log
2013-09-21 08:26 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-21 08:25 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-21 08:04 - 2013-09-21 08:04 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-21 08:04 - 2013-09-21 08:04 - 00000000 ____D C:\Users\Expert OEM\AppData\Roaming\Malwarebytes
2013-09-21 08:04 - 2013-09-21 08:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-21 08:04 - 2013-09-21 08:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-21 08:03 - 2013-09-21 08:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Expert OEM\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-21 07:49 - 2013-03-04 20:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 07:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-20 23:27 - 2013-09-20 23:27 - 00016992 _____ C:\ComboFix.txt
2013-09-20 23:27 - 2013-09-20 20:50 - 00000000 ____D C:\Qoobox
2013-09-20 23:27 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
Ok, jetzt führe ich den GMER-scan aus.

Hier das Ergebnis von GMER:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-21 09:35:21
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000036 WDC_WD3200BPVT-22JJ5T0 rev.01.01A01 298,09GB
Running: h5y9rfc2.exe; Driver: C:\Users\EXPERT~1\AppData\Local\Temp\pwloapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\atiesrxx.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007fcd46d177a 4 bytes [6D, D4, FC, 07]
.text   C:\Windows\system32\atiesrxx.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007fcd46d1782 4 bytes [6D, D4, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007fcd46d177a 4 bytes [6D, D4, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007fcd46d1782 4 bytes [6D, D4, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[348] C:\Windows\system32\WSOCK32.dll!recvfrom + 742                                                    000007fcd00f1b32 4 bytes [0F, D0, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[348] C:\Windows\system32\WSOCK32.dll!recvfrom + 750                                                    000007fcd00f1b3a 4 bytes [0F, D0, FC, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[1540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fccdaf1532 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[1540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fccdaf153a 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[1540] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fccdaf165a 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1484] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fcd46d177a 4 bytes [6D, D4, FC, 07]
.text   C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1484] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fcd46d1782 4 bytes [6D, D4, FC, 07]
.text   C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2692] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                   000007fcd46d177a 4 bytes [6D, D4, FC, 07]
.text   C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2692] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                   000007fcd46d1782 4 bytes [6D, D4, FC, 07]
.text   C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2692] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                 000007fcd00f1b32 4 bytes [0F, D0, FC, 07]
.text   C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2692] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                 000007fcd00f1b3a 4 bytes [0F, D0, FC, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3092] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306            000007fcd46d177a 4 bytes [6D, D4, FC, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3092] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314            000007fcd46d1782 4 bytes [6D, D4, FC, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[3620] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fccdaf1532 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[3620] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fccdaf153a 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[3620] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fccdaf165a 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fccdaf1532 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fccdaf153a 4 bytes [AF, CD, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3388] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fccdaf165a 4 bytes [AF, CD, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [552:576]                                                                                                 fffff960009725e8
Thread   [1876:1896]                                                                                                                            00000000775f50a7
Thread   [1876:1904]                                                                                                                            00000000773c8064
Thread   [1876:1908]                                                                                                                            0000000074abc59c
Thread   [1876:1912]                                                                                                                            0000000074abc59c
Thread   [1876:1944]                                                                                                                            0000000074658a80
Thread   [1876:1144]                                                                                                                            0000000074abc59c
Thread   [1876:2240]                                                                                                                            0000000074abc41c
Thread   [1876:3028]                                                                                                                            0000000074abc41c
Thread   [1876:3048]                                                                                                                            0000000074abc41c
Thread   [1876:2064]                                                                                                                            0000000074abc41c
Thread   [1876:2164]                                                                                                                            0000000074abc41c
Thread   [1876:2176]                                                                                                                            0000000074abc41c
Thread   [1876:2172]                                                                                                                            0000000074abc41c
Thread   [1876:2836]                                                                                                                            0000000074abc41c
Thread   [1876:3056]                                                                                                                            0000000074abc41c
Thread   [1876:2696]                                                                                                                            0000000074abc41c
Thread   [1876:2708]                                                                                                                            0000000074abc41c
Thread   [1876:2188]                                                                                                                            0000000074abc41c
Thread   [1876:2220]                                                                                                                            0000000074abc41c
Thread   [1876:2168]                                                                                                                            0000000074abc41c
Thread   [1876:2160]                                                                                                                            0000000074abc41c
Thread   [1876:2232]                                                                                                                            0000000074abc41c
Thread   [1876:304]                                                                                                                             0000000074abc41c
Thread   [1876:788]                                                                                                                             0000000074abc41c
Thread   [1876:1360]                                                                                                                            0000000074abc59c
Thread   [1876:2788]                                                                                                                            0000000071928bf0
Thread   [1876:2776]                                                                                                                            0000000071928bf0
Thread   [1876:880]                                                                                                                             0000000071928bf0
Thread   [1876:2820]                                                                                                                            0000000071924090
Thread   [1876:1656]                                                                                                                            0000000074abc59c
Thread   [1876:2864]                                                                                                                            0000000074abc59c
Thread   [1876:3952]                                                                                                                            0000000074abc59c
Thread  C:\Windows\system32\svchost.exe [2092:2344]                                                                                             000007fccc7754c0
Thread  C:\Windows\system32\svchost.exe [2092:2348]                                                                                             000007fccc7530ec

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---

 

Themen zu wisersearch - Suchmaschine
administrator, adobe, adobe flash player, antivir, avira, browser, combofix, defender, desktop, explorer, farbar, farbar recovery scan tool, firefox, flash player, homepage, iexplore.exe, launch, microsoft, mozilla, opera, problem, realtek, registry, siteadvisor, snoozer, software, spotify web helper, suchmaschine, svchost.exe, system, wildtangent games, wisersearch


« Trojan-Spy.HTML.Fraud.gen | Windows Vista Systemstart Weißer Bildschirm »


Ähnliche Themen: wisersearch - Suchmaschine


  1. sm.de Suchmaschine
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (16)
  2. wisersearch.com/?channel=de kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (5)
  3. http://wisersearch.com/?channel=de_nt beim Öffnen eines neues Fensters (Chrome)
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (10)
  4. wisersearch.com/?channel=de_nt eingefangen
    Log-Analyse und Auswertung - 12.01.2014 (25)
  5. Probleme mit wisersearch und vllt anderen trojanern
    Log-Analyse und Auswertung - 07.01.2014 (5)
  6. http://wisersearch.com/?channel=de_nt eingefangen war tun
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (2)
  7. http://wisersearch.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (8)
  8. Windows 8, x64: wisersearch.com und weiße Popups im Firefox
    Log-Analyse und Auswertung - 06.01.2014 (16)
  9. wie kann ich wisersearch entfernen.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (2)
  10. Ebenfalls Probleme mit http://wisersearch.com/?channel=de_nt
    Log-Analyse und Auswertung - 29.12.2013 (6)
  11. http://wisersearch.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (7)
  12. Ungewolltes Öffnen von http://wisersearch.com/?channel=de_nt und dazu noch erscheinen von ungewollter Werbung im Browser (Pop-Ups)
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (11)
  13. Wisersearch ungewollt
    Log-Analyse und Auswertung - 16.12.2013 (15)
  14. wisersearch entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (3)
  15. wisersearch.com/?channel=de_nt als Startseite deaktivieren
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (3)
  16. wisersearch.com wSearch entfernen
    Anleitungen, FAQs & Links - 09.11.2013 (2)
  17. wisersearch Suchmaschine enternen
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema wisersearch - Suchmaschine - Hallo, ich habe es - leider - schon auf eigene Faust probiert, da das Problem mit der wisersearch-Suchmaschine hier schon besprochen wurde: 1. adw-cleaner 2. frst-scan 3. combofix (Tut mir - wisersearch - Suchmaschine...
Archiv
Du betrachtest: wisersearch - Suchmaschine auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131