| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "TR/Dropper.Gen" und IE WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2010, 17:57
| #17 |
 |  "TR/Dropper.Gen" und IE Werbung Ok, dann hier das Combofix-Log:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 10-07-07.02 - *** 08.07.2010 18:45:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2225 [GMT 2:00]
ausgeführt von:: c:\users\***\Free Download Manager\Software\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\Uninstal.exe
c:\windows\system32\vb6ko.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-08 bis 2010-07-08 ))))))))))))))))))))))))))))))
.
2010-07-08 16:33 . 2010-07-08 16:33 -------- d-----w- C:\_OTL
2010-07-07 15:55 . 2010-07-07 15:55 63488 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-07 15:55 . 2010-07-07 15:55 52224 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-07 15:55 . 2010-07-07 15:55 117760 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-07 15:54 . 2010-07-07 15:54 -------- d-----w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-07-07 15:54 . 2010-07-07 15:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-07 15:54 . 2010-07-07 15:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-06 12:40 . 2010-07-06 12:40 -------- d-----w- c:\users\***\AppData\Local\Winamp Toolbar
2010-07-05 15:51 . 2010-07-08 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-05 15:51 . 2010-07-08 16:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-04 20:22 . 2010-07-04 20:22 -------- d-----w- c:\program files\CCleaner
2010-07-04 15:51 . 2010-07-04 15:51 -------- d-----w- c:\program files\High-Logic FontCreator
2010-07-04 15:49 . 2009-06-16 22:02 616600 ----a-w- c:\windows\system32\FontInstaller.dll
2010-07-04 15:18 . 2010-07-04 15:51 -------- d-----w- c:\users\***\AppData\Local\FontCreator
2010-07-04 15:18 . 2010-07-04 15:56 -------- d-----w- c:\users\***\AppData\Roaming\FontCreator
2010-07-04 09:02 . 2010-07-04 09:02 -------- d-----w- c:\programdata\Bluetooth
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\program files\IVT Corporation
2010-06-25 20:42 . 2010-06-25 20:42 -------- d-----w- C:\fc65b2e5f6d8808e3cf5302bd8
2010-06-23 20:41 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 20:41 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 20:41 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 20:41 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 20:41 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 20:37 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 20:37 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 11:32 . 2010-07-04 10:22 -------- d-----w- c:\programdata\DVD Shrink
2010-06-19 11:32 . 2010-06-19 11:32 -------- d-----w- c:\program files\DVD Shrink DE
2010-06-17 17:59 . 2010-06-17 17:59 -------- d-----w- c:\program files\TVersity Codec Pack
2010-06-17 17:59 . 2010-06-17 17:59 -------- d-----w- c:\users\***\AppData\Local\TVersity
2010-06-13 12:04 . 2010-06-13 12:04 -------- d-----w- c:\program files\Lavalys
2010-06-12 09:17 . 2010-06-12 09:18 -------- d-----w- c:\users\***\AppData\Roaming\Nero
2010-06-12 09:17 . 2010-07-06 12:35 119368 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 16:08 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 16:07 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 16:49 . 2010-05-23 16:48 -------- d-----w- c:\users\***\AppData\Roaming\Free Download Manager
2010-07-08 16:43 . 2008-01-21 07:15 626552 ----a-w- c:\windows\system32\perfh007.dat
2010-07-08 16:43 . 2008-01-21 07:15 126182 ----a-w- c:\windows\system32\perfc007.dat
2010-07-08 16:36 . 2010-06-04 22:06 52885 ----a-w- c:\programdata\nvModes.dat
2010-07-08 16:26 . 2010-06-05 17:19 -------- d-----w- c:\programdata\Lavasoft
2010-07-08 16:26 . 2010-06-05 17:19 -------- d-----w- c:\program files\Lavasoft
2010-07-08 05:05 . 2010-05-23 14:49 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-06 20:33 . 2010-06-01 16:36 -------- d-----w- c:\users\***\AppData\Roaming\DVD Flick
2010-07-05 19:55 . 2010-05-23 12:08 1356 ----a-w- c:\users\***\AppData\Local\d3d9caps.dat
2010-07-04 18:18 . 2010-05-23 17:19 -------- d-----w- c:\program files\pdfforge Toolbar
2010-07-04 17:18 . 2010-06-03 13:49 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2010-07-04 16:10 . 2010-05-23 12:09 119368 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-04 09:01 . 2010-05-23 12:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-28 16:44 . 2010-05-31 16:13 188152 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvcwxj1o.default\FlashGot.exe
2010-06-28 16:30 . 2010-06-03 16:44 -------- d-----w- c:\users\***\AppData\Roaming\dvdcss
2010-06-25 20:43 . 2010-05-23 12:48 -------- d-----w- c:\program files\Microsoft.NET
2010-06-09 20:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 17:17 . 2010-05-23 12:47 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 17:59 . 2010-06-07 17:57 -------- d-----w- c:\program files\Intel
2010-06-07 17:57 . 2010-05-23 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 17:24 . 2010-06-05 17:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-05 07:55 . 2010-05-23 13:53 -------- d-----w- c:\programdata\NVIDIA
2010-06-05 07:54 . 2010-05-26 20:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 22:05 . 2010-06-04 22:04 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-04 22:02 . 2010-06-03 12:38 -------- d-----w- c:\program files\Microsoft
2010-06-04 08:02 . 2010-05-26 16:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-04 08:02 . 2010-05-26 15:59 -------- d-----w- c:\programdata\DivX
2010-06-04 07:56 . 2010-06-04 07:56 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-04 07:56 . 2010-05-26 16:01 -------- d-----w- c:\program files\DivX
2010-06-04 07:56 . 2010-06-04 07:56 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 07:56 . 2010-06-04 07:56 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-04 07:54 . 2010-05-26 16:04 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-04 07:54 . 2010-05-26 16:04 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-04 07:53 . 2010-06-04 07:53 -------- d-----w- c:\programdata\Messenger Plus!
2010-06-03 16:41 . 2010-06-03 16:41 -------- d-----w- c:\users\***\AppData\Roaming\NeroDigital(TM)
2010-06-03 13:32 . 2010-05-26 16:05 -------- d-----w- c:\program files\DVD Flick
2010-06-03 12:43 . 2010-06-03 12:43 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-03 12:40 . 2010-06-03 12:38 -------- d-----w- c:\program files\Windows Live
2010-06-03 12:39 . 2010-06-03 12:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-03 12:38 . 2010-06-03 12:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-03 12:25 . 2010-06-03 12:25 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-03 11:28 . 2010-05-23 13:13 -------- d-----w- c:\users\***\AppData\Roaming\Nero
2010-06-03 11:00 . 2010-05-23 13:10 -------- d-----w- c:\programdata\Nero
2010-06-03 11:00 . 2010-05-23 13:10 -------- d-----w- c:\program files\Nero
2010-06-03 10:52 . 2010-05-23 13:10 -------- d-----w- c:\program files\Common Files\Nero
2010-06-02 16:38 . 2010-06-02 16:38 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-06-02 16:38 . 2010-06-02 16:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 16:38 . 2010-06-02 16:38 -------- d-----w- c:\programdata\Malwarebytes
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\VideoLAN
2010-05-29 11:48 . 2010-05-26 17:52 -------- d-----w- c:\users\***\AppData\Roaming\Winamp
2010-05-29 08:06 . 2010-05-28 13:59 -------- d-----w- c:\program files\MP3Gain
2010-05-28 20:31 . 2010-05-28 20:31 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-28 20:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-28 20:31 . 2010-05-28 20:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-27 16:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-27 16:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\program files\Runtime Software
2010-05-26 17:55 . 2010-05-26 17:52 -------- d-----w- c:\program files\Winamp
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\program files\Winamp Detect
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\program files\Winamp Toolbar
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\programdata\Winamp Toolbar
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\programdata\OrbNetworks
2010-05-26 17:54 . 2010-05-26 17:54 -------- d-----w- c:\program files\Winamp Remote
2010-05-26 16:07 . 2010-05-26 16:04 -------- d-----w- c:\users\***\AppData\Roaming\DivX
2010-05-26 16:04 . 2010-05-26 16:04 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-26 16:04 . 2010-05-26 16:04 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-26 16:04 . 2010-05-26 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-26 16:04 . 2010-05-26 16:04 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-26 16:03 . 2010-05-26 16:02 -------- d-----w- c:\program files\Google
2010-05-26 14:47 . 2010-06-09 16:08 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 20:23 . 2010-05-23 12:49 -------- d-----w- c:\program files\Microsoft Works
2010-05-24 12:38 . 2010-05-24 12:38 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 12:37 . 2010-05-24 12:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 12:37 . 2010-05-24 12:37 -------- d-----w- c:\program files\Java
2010-05-24 12:36 . 2010-05-24 12:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-24 12:35 . 2010-05-24 12:35 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-24 08:45 . 2010-05-23 16:48 -------- d-----w- c:\users\***\AppData\Roaming\Software Informer
2010-05-24 07:59 . 2010-05-24 07:59 -------- d-----w- c:\program files\MSXML 4.0
2010-05-24 07:50 . 2010-05-23 14:54 65536 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-05-24 07:50 . 2010-05-23 14:54 10134 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2010-05-24 07:48 . 2010-05-23 14:51 -------- d-----w- c:\program files\Corel
2010-05-23 17:50 . 2010-05-23 17:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-23 17:20 . 2010-05-23 17:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station.lnk
backup=c:\windows\pss\WiFi Station.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
2005-02-08 02:00 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIACE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 06:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-04-02 23:27 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 13:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-01-07 23:36 974848 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2006-10-04 14:41 86016 ----a-w- c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):57,81,32,d8,bb,fd,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-869651104-1356322529-2937558675-1000]
"EnableNotificationsRef"=dword:00000003
R3 RT70x86;Hercules Wireless USB Dongle Driver;c:\windows\system32\DRIVERS\netr70.sys [2006-12-27 245248]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 135664]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:02]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:02]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvcwxj1o.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvcwxj1o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-EWABQAF7KL - c:\users\***\AppData\Local\Temp\Fg1.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-08 18:50
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-07-08 18:52:40
ComboFix-quarantined-files.txt 2010-07-08 16:52
Vor Suchlauf: 11 Verzeichnis(se), 864.627.585.024 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 864.541.630.464 Bytes frei
- - End Of File - - 5244F7D70120F3628FF9005D87384620
|
|
08.07.2010, 18:15
| #18 |
| /// Malware-holic   | "TR/Dropper.Gen" und IE Werbung öffne malwarebytes, registerkarte aktualisierung, update das programm.
__________________schalte alle laufenden programme, auch den avira guard ab, trenne die internetverbindung, durch das ziehen des netzwerkkabels, bzw schalte das wlan aus. klicke auf die registerkarte scanner, komplett scan, arbeite nicht am pc, funde löschen, avira ein, internet ein, log posten. |
|
08.07.2010, 19:49
| #19 | |
| | "TR/Dropper.Gen" und IE Werbung Anti-Malware Log: Zitat:
|
|
08.07.2010, 20:00
| #20 |
| /// Malware-holic | "TR/Dropper.Gen" und IE Werbung avira avira so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
08.07.2010, 21:34
| #21 | |
| | "TR/Dropper.Gen" und IE Werbung Antivir Log: Zitat:
|
|
09.07.2010, 11:59
| #22 |
| /// Malware-holic | "TR/Dropper.Gen" und IE Werbung könntest du den suchlauf noch mal nach update ausführen, du hast die rootkit suche nicht aktiv gehabt. |
|
09.07.2010, 12:56
| #23 | |
| | "TR/Dropper.Gen" und IE WerbungZitat:
Aber mal ne andere Frage, ich hab mir vorhin mal die OTL Logs angesehen, da sind unter "Last 10 Event Log Errors" einige Zeiten aufgeführt, wo der PC definitiv nicht an war (z.B. 06.07.2010 00:57:16, das hätte ich in jedem Fall mitbekommen, wenn der PC mitten in der Nacht auf einmal läuft)  |
|
09.07.2010, 16:15
| #24 | |
| | "TR/Dropper.Gen" und IE Werbung So, jetzt hoffentlich das richtige  Zitat:
|
|
09.07.2010, 16:39
| #25 |
| /// Malware-holic | "TR/Dropper.Gen" und IE Werbung ok sieht gut aus, irgendwelche probs? |
|
09.07.2010, 16:53
| #26 | |
| | "TR/Dropper.Gen" und IE WerbungZitat:
Vllt noch kurz zur Frage von vorhin, wegen der Zeiten im OTL-Log - hast du da ne Erklärung, wo die her kommen? Ansonsten kann ich dir nur recht herzlich danken, für die wirklich tolle und unkomplizierte Hilfe  |
|
| Themen zu "TR/Dropper.Gen" und IE Werbung |
| 32-bit, ad-aware, antivir, antivir guard, avira, awareness, benachrichtigungsdienst, bho, c:\windows\system32\services.exe, desktop, e-mail, excel, firefox, free download, google, gruppe, hijack, hijackthis, home, home premium, kaspersky, kein log, keine funde, logfile, malwarebytes' anti-malware, mozilla, neues fenster, plug-in, programdata, realtek, registry, safer networking, security, software, start menu, svchost.exe, system, tr/dropper.gen", vista, werbung, windows vista home |
Linear-Darstellung
