Lästige Werbepopups wenn man mit der Maus über farbig unterstrichene Wörter fährt

Garfield- · 12.10.2013, 12:28

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-10-12.01 - Papa 12.10.2013  11:35:02.1.3 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2666 [GMT 2:00]
ausgeführt von:: c:\users\Papa\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}




unkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Papa on 12.10.2013 at 12:51:43,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1632185309-2399383750-939381153-1000\Software\SweetIM



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-chromeinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-codedownloader
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-enabler
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-firefoxinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-updater
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-updater.job
Successfully deleted: [File] "C:\Users\Papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\startmenu\startfenster.lnk"
Successfully deleted: [File] "C:\Users\Papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{090C31DD-7A46-43D4-8303-44C7584778AE}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{3148BF99-10F7-4312-99E9-40C0DD19F1C1}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{3C93F562-7B75-44C2-987C-3ACBFF84AAE0}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{64071A7D-9E7B-446E-8C5A-FE8F8A2387C9}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{68F4FD99-221F-423C-BBE7-AA43A76A00A1}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{A2C7196A-EF31-4071-B381-B236ACABF9D0}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{B1038E93-D185-45EE-BD84-496ACB25A8AE}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{D88DED79-EC31-40C2-AD79-6DE008A6DD9E}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{E9605856-4499-45C9-809E-167A090F3029}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\dfus4sez.default\extensions\49ef6b77-d546-42d3-a3a1-82912137df82@350ffb92-f05e-4412-b199-7a670953a747.com
Successfully deleted the following from C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\dfus4sez.default\prefs.js

user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
Emptied folder: C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\dfus4sez.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2013 at 12:54:43,86
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Papa\4.0
c:\windows\PFRO.log
c:\windows\system32\cnm243B.tmp
c:\windows\system32\cnm4A05.tmp
c:\windows\system32\cnm98C4.tmp
c:\windows\system32\cnmD312.tmp
c:\windows\system32\ntkrlICE.exe
c:\windows\system32\winio32.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-12 bis 2013-10-12  ))))))))))))))))))))))))))))))
.
.
2013-10-12 09:44 . 2013-10-12 09:44	--------	d-----w-	c:\users\Papa\AppData\Local\temp
2013-10-12 09:44 . 2013-10-12 09:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-12 09:44 . 2013-10-12 09:44	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-10-11 20:35 . 2013-10-11 20:35	--------	d-----w-	C:\FRST
2013-10-09 08:55 . 2013-07-04 11:50	530432	----a-w-	c:\windows\system32\comctl32.dll
2013-10-09 08:54 . 2013-08-29 01:51	3914176	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-10-02 09:38 . 2013-10-02 09:38	--------	d-----w-	c:\users\Papa\AppData\Roaming\vlc
2013-10-01 16:24 . 2013-10-01 16:24	--------	d-----w-	c:\programdata\Oracle
2013-10-01 16:24 . 2013-10-01 16:24	--------	d-----w-	c:\program files\Common Files\Java
2013-10-01 16:24 . 2013-10-01 16:24	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-09-26 18:00 . 2013-09-26 18:00	208760	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 21:03 . 2012-04-01 16:18	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-10-08 21:03 . 2011-05-14 08:08	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 16:24 . 2012-06-23 19:50	868264	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-10-01 16:24 . 2010-06-13 11:39	790440	----a-w-	c:\windows\system32\deployJava1.dll
2013-10-01 12:41 . 2013-08-02 16:02	29760	----a-w-	c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-10-01 10:18 . 2013-08-07 09:13	67680	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-10-01 10:18 . 2013-08-07 09:09	89376	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-10-01 10:18 . 2013-08-07 09:09	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-10-01 10:18 . 2013-08-07 09:09	137208	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-01 08:59 . 2013-09-01 08:59	167344	----a-w-	c:\windows\system32\mfevtps.exe.5e5d.deleteme
2013-08-30 17:46 . 2013-08-30 17:49	1169609	----a-w-	c:\windows\unins000.exe
2013-08-09 11:00 . 2013-08-16 14:29	121600	----a-w-	c:\windows\system32\drivers\WinisoCDBus.sys
2013-08-01 01:08 . 2013-08-03 20:54	32328	----a-w-	c:\windows\Launcher.exe
2013-07-25 08:57 . 2013-08-14 09:54	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-23 14:13 . 2013-07-23 14:13	14656	----a-w-	c:\windows\system32\drivers\FNETURPX.SYS
2013-07-21 17:02 . 2013-07-21 17:02	53248	----a-r-	c:\users\Papa\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-07-19 01:41 . 2013-08-14 09:54	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-03-08 393216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-06-27 1519680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"XFastUSB"="c:\program files\XFastUSB\XFastUsb.exe" [2013-07-23 5019360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-06-24 11992792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-01 681032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2010-2-22 1315840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Papa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon Inkjet PIXMA iP4000R.lnk]
path=c:\users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon Inkjet PIXMA iP4000R.lnk
backup=c:\windows\pss\Canon IJ Status Monitor Canon Inkjet PIXMA iP4000R.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 09:56	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-05-23 13:16	1561968	----a-w-	c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
2013-02-27 23:53	82632	----a-w-	c:\program files\Real\RealPlayer\Update\realonemessagecenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-02-27 23:53	295072	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"mumservice"=c:\program files\Motorola\Software Update\mumservice.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
.
R2 Megatech-Software-Protection;Megatech-Software-Protection;c:\megatech\MProtect\MPSERV.EXE [2007-12-12 36864]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 cpuz130;cpuz130;c:\users\Papa\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-06-04 84248]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2013-10-01 29760]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-08-08 47176]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2012-06-04 61696]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 181912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-10-01 1164360]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-08-09 33104]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 13832]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-01 37352]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-07-23 14656]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 219136]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-28 291840]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-12-14 131320]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-10-01 440392]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [2013-08-09 121600]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-02-14 79872]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-03-07 101248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-04-10 651848]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:46]
.
2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 17:26]
.
2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 17:26]
.
2013-10-12 c:\windows\Tasks\Plus-HD-3.2-chromeinstaller.job
- c:\program files\Plus-HD-3.2\Plus-HD-3.2-chromeinstaller.exe [2013-08-30 17:47]
.
2013-10-12 c:\windows\Tasks\Plus-HD-3.2-codedownloader.job
- c:\program files\Plus-HD-3.2\Plus-HD-3.2-codedownloader.exe [2013-08-30 17:47]
.
2013-10-12 c:\windows\Tasks\Plus-HD-3.2-enabler.job
- c:\program files\Plus-HD-3.2\Plus-HD-3.2-enabler.exe [2013-08-30 17:47]
.
2013-10-12 c:\windows\Tasks\Plus-HD-3.2-firefoxinstaller.job
- c:\program files\Plus-HD-3.2\Plus-HD-3.2-firefoxinstaller.exe [2013-08-30 17:47]
.
2013-10-12 c:\windows\Tasks\Plus-HD-3.2-updater.job
- c:\program files\Plus-HD-3.2\Plus-HD-3.2-updater.exe [2013-08-30 17:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: SmarThru4 Als HTML speichern - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} -
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
DPF: {631396C3-108B-46FE-9888-680694D242C6} - hxxp://login.vivicom.de/Files/client/SHWebManager.cab
FF - ProfilePath - c:\users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\dfus4sez.default\
FF - prefs.js: browser.search.selectedEngine - SuchMaschine
FF - prefs.js: keyword.URL - hxxp://www.sm.de/?q=
FF - ExtSQL: 2013-09-01 16:46; toolbar@web.de; c:\users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\dfus4sez.default\extensions\toolbar@web.de.xpi
FF - ExtSQL: 2013-10-02 11:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\dfus4sez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{78e516ef-11de-47a1-8364-a99b917ec5ee} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file)
HKCU-Run-ASRockIES - (no file)
MSConfigStartUp-Akamai NetSession Interface - c:\users\Papa\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-lrcsmonkey@lrcsmonkey.net - c:\program files\Lyrics_Monkey\uninstall.exe
AddRemove-SAMSUNG Mobile Composite Device - c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1632185309-2399383750-939381153-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1632185309-2399383750-939381153-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1632185309-2399383750-939381153-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:67,4b,51,f2,18,29,d7,8b,7b,f1,ee,39,fa,ac,a3,d5,1c,74,00,99,db,91,f5,
   02,b4,62,31,ef,ab,76,01,75,59,f2,86,82,d0,4e,ec,b7,20,23,a1,e4,cc,e7,eb,6f,\
"??"=hex:dc,7b,a3,4f,54,d8,7d,2e,ae,25,c8,f8,90,ff,fd,51
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-12  11:46:23
ComboFix-quarantined-files.txt  2013-10-12 09:46
.
Vor Suchlauf: 29 Verzeichnis(se), 169.492.725.760 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 169.746.030.592 Bytes frei
.
- - End Of File - - 5D4B1027493635C5DD92EF2D88885E5C

--- --- ---
3E3318301A6E144EC408FD8DB50F51D4

Was bitte sind CODE-Tags?

Richtige Datei? ComboFix ist aber ohne die beschriebene (Fehler)Meldung nach dem Neustart durchgelaufen.
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.007 - Bericht erstellt am 12/10/2013 um 12:24:21
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Papa - TOWER-PAPA
# Gestartet von : C:\Users\Papa\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\pccustubinstaller
Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\dfus4sez.default\Extensions\128

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\dfus4sez.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]

*************************

AdwCleaner[R0].txt - [22628 octets] - [01/09/2013 14:53:53]
AdwCleaner[R1].txt - [8338 octets] - [02/10/2013 01:55:08]
AdwCleaner[R2].txt - [1402 octets] - [02/10/2013 11:41:08]
AdwCleaner[R3].txt - [1376 octets] - [02/10/2013 23:59:04]
AdwCleaner[R4].txt - [3745 octets] - [12/10/2013 12:23:35]
AdwCleaner[S0].txt - [17021 octets] - [01/09/2013 15:33:18]
AdwCleaner[S1].txt - [8403 octets] - [02/10/2013 01:55:48]
AdwCleaner[S2].txt - [1443 octets] - [02/10/2013 11:41:55]
AdwCleaner[S3].txt - [3589 octets] - [12/10/2013 12:24:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3649 octets] ##########

--- --- ---

unkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Papa on 12.10.2013 at 12:51:43,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1632185309-2399383750-939381153-1000\Software\SweetIM

~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-chromeinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-codedownloader
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-enabler
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-firefoxinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-3.2-updater
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-3.2-updater.job
Successfully deleted: [File] "C:\Users\Papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\startmenu\startfenster.lnk"
Successfully deleted: [File] "C:\Users\Papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{090C31DD-7A46-43D4-8303-44C7584778AE}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{3148BF99-10F7-4312-99E9-40C0DD19F1C1}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{3C93F562-7B75-44C2-987C-3ACBFF84AAE0}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{64071A7D-9E7B-446E-8C5A-FE8F8A2387C9}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{68F4FD99-221F-423C-BBE7-AA43A76A00A1}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{A2C7196A-EF31-4071-B381-B236ACABF9D0}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{B1038E93-D185-45EE-BD84-496ACB25A8AE}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{D88DED79-EC31-40C2-AD79-6DE008A6DD9E}
Successfully deleted: [Empty Folder] C:\Users\Papa\appdata\local\{E9605856-4499-45C9-809E-167A090F3029}

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\dfus4sez.default\extensions\49ef6b77-d546-42d3-a3a1-82912137df82@350ffb92-f05e-4412-b199-7a670953a747.com
Successfully deleted the following from C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\dfus4sez.default\prefs.js

user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
Emptied folder: C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\dfus4sez.default\minidumps [24 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2013 at 12:54:43,86
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Alles richtig?

Hallo,

habe wie gewünscht die drei Log-Files gepostet. Schaut im Moment sehr gut aus. Zumindest hier im Trojaner-Board und im Warbirdforum wo ich bisher war sind die Werbelinks weg.

Habt Ihr Ratschläge für mich wieich das in Zukunft verhindern kann respektive die Wahrscheinlichkeit herabsetzen kann?

Uwe

Lästige Werbepopups wenn man mit der Maus über farbig unterstrichene Wörter fährt

Plagegeister aller Art und deren Bekämpfung: Lästige Werbepopups wenn man mit der Maus über farbig unterstrichene Wörter fährt

Lästige Werbepopups wenn man mit der Maus über farbig unterstrichene Wörter fährt

Ähnliche Themen: Lästige Werbepopups wenn man mit der Maus über farbig unterstrichene Wörter fährt