Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Dateien auf Desktop werden verschlüsselt (https://www.trojaner-board.de/136695-dateien-desktop-verschluesselt.html)

markusg 16.06.2013 18:39
lass combofix erst mal laufen

gigio1 16.06.2013 18:45
Habs wieder in einem anderen Ordner laufen lassen müssen. Hier das LOG-File:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 13-06-15.01 - DoVi 16.06.2013  19:19:34.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2681 [GMT 2:00]
ausgeführt von:: c:\users\DoVi\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Beurer\Beurer*HealthManager\Beurer.DeviceCommunicator.BM70UsbLibrary.dll
c:\program files (x86)\Beurer\Beurer*HealthManager\Beurer.DeviceCommunicator.UsbSupportLib.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-16 bis 2013-06-16  ))))))))))))))))))))))))))))))
.
.
2013-06-16 17:28 . 2013-06-16 17:28        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-16 17:28 . 2013-06-16 17:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-16 16:29 . 2013-06-16 16:29        --------        d-----w-        c:\program files (x86)\ESET
2013-06-16 16:19 . 2013-06-16 16:19        --------        d-----w-        c:\users\DoVi\AppData\Roaming\Malwarebytes
2013-06-16 16:19 . 2013-06-16 16:19        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-16 16:19 . 2013-06-16 16:19        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-16 16:19 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-16 10:42 . 2013-06-16 10:42        --------        d-----w-        c:\users\DoVi\AppData\Roaming\www.shadowexplorer.com
2013-06-16 10:41 . 2013-06-16 10:41        --------        d-----w-        c:\program files (x86)\ShadowExplorer
2013-06-16 10:16 . 2013-06-16 10:16        --------        d-----w-        c:\users\Test
2013-06-15 17:20 . 2013-06-15 17:20        --------        d-----w-        c:\programdata\Beurer
2013-06-15 17:20 . 2013-06-15 17:20        --------        d-----w-        c:\program files (x86)\Beurer
2013-06-14 10:22 . 2013-06-14 10:22        --------        d-----w-        c:\users\DoVi\AppData\Local\Beurer
2013-06-14 10:10 . 2013-06-14 10:10        --------        d-----w-        c:\users\DoVi\AppData\Roaming\Beurer HealthManager
2013-06-09 17:22 . 2013-06-09 17:22        --------        d-----w-        c:\users\DoVi\AppData\Local\roomeon
2013-06-09 17:21 . 2013-06-09 17:21        --------        d-----w-        c:\program files (x86)\roomeon 3D-Planer
2013-06-03 12:46 . 2013-06-03 12:47        --------        d-----w-        c:\users\DoVi\AppData\Roaming\PDF Architect
2013-06-03 12:28 . 2013-06-12 16:06        --------        d-----w-        c:\users\DoVi\AppData\Local\DoNotTrackPlus
2013-06-03 12:28 . 2013-06-03 12:28        --------        d-----w-        c:\users\DoVi\AppData\Local\AskToolbar
2013-06-02 17:02 . 2013-06-02 17:02        --------        d-----w-        c:\program files (x86)\PDF Architect
2013-06-02 17:01 . 2013-06-02 17:01        --------        d-----w-        c:\users\DoVi\AppData\Roaming\pdfforge
2013-06-02 17:01 . 2013-01-09 13:52        1070152        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2013-06-02 17:01 . 2012-05-05 09:54        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2013-06-02 17:01 . 2012-05-05 09:54        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2013-06-02 17:01 . 2013-04-09 13:13        110264        ----a-w-        c:\windows\system32\pdfcmon.dll
2013-06-02 17:01 . 2013-06-02 17:02        --------        d-----w-        c:\program files (x86)\PDFCreator
2013-06-02 17:01 . 2012-05-05 09:54        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2013-06-02 17:01 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2013-06-02 17:01 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2013-06-02 17:01 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2013-06-02 10:14 . 2013-06-02 10:14        --------        d-----w-        c:\users\DoVi\AppData\Local\TSR_Software
2013-05-30 15:09 . 2013-05-30 15:09        --------        d-----w-        c:\users\DoVi\AppData\Roaming\LaserWare
2013-05-23 20:10 . 2013-05-23 20:10        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2013-05-23 20:10 . 2013-05-23 20:10        262552        ----a-w-        c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 18:02 . 2013-05-22 18:02        --------        d-----w-        c:\users\DoVi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-05-19 12:47 . 2013-06-02 16:54        --------        d-----w-        c:\program files (x86)\PDF Password Remover v3.1
2013-05-19 10:09 . 2013-05-19 10:10        --------        d-----w-        c:\users\DoVi\AppData\Roaming\NVIDIA
2013-05-19 10:02 . 2013-05-19 10:10        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2013-05-19 09:59 . 2013-05-19 10:00        --------        d-----w-        c:\program files\Adobe
2013-05-19 09:54 . 2013-05-19 10:12        --------        d-----w-        c:\program files\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 08:41 . 2013-05-10 18:01        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-12 08:57 . 2013-05-12 14:42        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:57 . 2013-05-12 14:42        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-17 08:55 . 2013-05-17 08:55        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-17 08:55 . 2013-05-17 08:55        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-05-17 08:55 . 2013-05-17 08:55        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-05-17 08:55 . 2013-05-17 08:55        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-05-17 08:55 . 2013-05-17 08:55        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-05-17 08:55 . 2013-05-17 08:55        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-05-17 08:55 . 2013-05-17 08:55        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-05-17 08:55 . 2013-05-17 08:55        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-05-17 08:55 . 2013-05-17 08:55        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-17 08:55 . 2013-05-17 08:55        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-05-17 08:55 . 2013-05-17 08:55        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-05-17 08:55 . 2013-05-17 08:55        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-05-17 08:55 . 2013-05-17 08:55        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-05-17 08:55 . 2013-05-17 08:55        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-05-17 08:55 . 2013-05-17 08:55        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-05-17 08:55 . 2013-05-17 08:55        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-05-17 08:55 . 2013-05-17 08:55        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-05-17 08:55 . 2013-05-17 08:55        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-17 08:55 . 2013-05-17 08:55        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-05-17 08:55 . 2013-05-17 08:55        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-17 08:55 . 2013-05-17 08:55        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-05-17 08:55 . 2013-05-17 08:55        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-05-17 08:55 . 2013-05-17 08:55        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-17 08:55 . 2013-05-17 08:55        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-05-17 08:55 . 2013-05-17 08:55        441856        ----a-w-        c:\windows\system32\html.iec
2013-05-17 08:55 . 2013-05-17 08:55        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-05-17 08:55 . 2013-05-17 08:55        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-17 08:55 . 2013-05-17 08:55        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-05-17 08:55 . 2013-05-17 08:55        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-05-17 08:55 . 2013-05-17 08:55        235008        ----a-w-        c:\windows\system32\url.dll
2013-05-17 08:55 . 2013-05-17 08:55        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-05-17 08:55 . 2013-05-17 08:55        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-05-17 08:55 . 2013-05-17 08:55        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-17 08:55 . 2013-05-17 08:55        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-17 08:55 . 2013-05-17 08:55        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-05-17 08:55 . 2013-05-17 08:55        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-05-17 08:55 . 2013-05-17 08:55        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-05-17 08:55 . 2013-05-17 08:55        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-17 08:55 . 2013-05-17 08:55        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-17 08:55 . 2013-05-17 08:55        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-05-17 08:55 . 2013-05-17 08:55        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-05-17 08:55 . 2013-05-17 08:55        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-17 08:55 . 2013-05-17 08:55        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-17 08:55 . 2013-05-17 08:55        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-17 08:55 . 2013-05-17 08:55        149504        ----a-w-        c:\windows\system32\occache.dll
2013-05-17 08:55 . 2013-05-17 08:55        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-05-17 08:55 . 2013-05-17 08:55        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-05-17 08:55 . 2013-05-17 08:55        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-17 08:55 . 2013-05-17 08:55        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-05-17 08:53 . 2013-05-17 08:53        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-05-17 08:53 . 2013-05-17 08:53        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2013-05-17 08:53 . 2013-05-17 08:53        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-05-17 08:53 . 2013-05-17 08:53        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-05-17 08:53 . 2013-05-17 08:53        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-05-17 08:53 . 2013-05-17 08:53        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2013-05-17 08:53 . 2013-05-17 08:53        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-17 08:53 . 2013-05-17 08:53        363008        ----a-w-        c:\windows\system32\dxgi.dll
2013-05-17 08:53 . 2013-05-17 08:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        3419136        ----a-w-        c:\windows\SysWow64\d2d1.dll
2013-05-17 08:53 . 2013-05-17 08:53        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-05-17 08:53 . 2013-05-17 08:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2013-05-17 08:53 . 2013-05-17 08:53        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll
2013-05-17 08:53 . 2013-05-17 08:53        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-05-17 08:53 . 2013-05-17 08:53        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-05-17 08:53 . 2013-05-17 08:53        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 08:53 . 2013-05-17 08:53        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2013-05-17 08:53 . 2013-05-17 08:53        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-05-17 08:53 . 2013-05-17 08:53        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-17 08:53 . 2013-05-17 08:53        221184        ----a-w-        c:\windows\system32\UIAnimation.dll
2013-05-17 08:53 . 2013-05-17 08:53        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll
2013-05-17 08:53 . 2013-05-17 08:53        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-17 08:53 . 2013-05-17 08:53        1988096        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2013-05-17 08:53 . 2013-05-17 08:53        194560        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-05-17 08:53 . 2013-05-17 08:53        187392        ----a-w-        c:\windows\SysWow64\UIAnimation.dll
2013-05-17 08:53 . 2013-05-17 08:53        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-05-17 08:53 . 2013-05-17 08:53        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-05-17 08:53 . 2013-05-17 08:53        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2013-05-17 08:53 . 2013-05-17 08:53        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-05-17 08:53 . 2013-05-17 08:53        1238528        ----a-w-        c:\windows\system32\d3d10.dll
2013-05-17 08:53 . 2013-05-17 08:53        1175552        ----a-w-        c:\windows\system32\FntCache.dll
2013-05-17 08:53 . 2013-05-17 08:53        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2013-05-17 08:53 . 2013-05-17 08:53        1080832        ----a-w-        c:\windows\SysWow64\d3d10.dll
2013-05-17 08:53 . 2013-05-17 08:53        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-01 10:59        1521800        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-01 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:38        1720976        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:38        1720976        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:38        1720976        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-01 1646216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-10 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe;c:\program files (x86)\ShadowExplorer\sesvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 98637027
*Deregistered* - 98637027
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-04 18:36        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-12 08:57]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 13:31]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 13:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:37        2322576        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:37        2322576        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:37        2322576        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-09 12856936]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=697eb3f8-478a-40ae-8046-265e3ca12e94&searchtype=hp&fr=linkury-tb&installDate=10/05/2013&type=hp1000
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=697eb3f8-478a-40ae-8046-265e3ca12e94&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/05/2013&type=hp1000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\DoVi\AppData\Roaming\Mozilla\Firefox\Profiles\p55f7vxu.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-10 17:15; toolbar@ask.com; c:\users\DoVi\AppData\Roaming\Mozilla\Firefox\Profiles\p55f7vxu.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-06-02 19:02; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-16  19:43:56
ComboFix-quarantined-files.txt  2013-06-16 17:43
.
Vor Suchlauf: 8 Verzeichnis(se), 35.618.349.056 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 39.436.300.288 Bytes frei
.
- - End Of File - - 06739F6AFC67674F9960A58CF6E1122A

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

markusg 17.06.2013 11:29
ok jetzt mal malwarebytes updaten, vollständiger scan, log bitte posten

gigio1 17.06.2013 15:22
Kein Fund:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
DoVi :: DOVI-PC [Administrator]

17.06.2013 15:23:30
mbam-log-2013-06-17 (15-23-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 360581
Laufzeit: 47 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 17.06.2013 15:26
gab es noch mehr logs mit Funden von Malwarebytes? unter malwarebytes, logdateien

gigio1 17.06.2013 15:33
Nein, nur einen Quickscan von gestern, auch ohne Funde.

markusg 17.06.2013 17:42
da combofix einige einstellungen auf standard setzt teste mal ob du wieder dateien speichern kannst

gigio1 17.06.2013 18:01
ne, brauche noch immer Adminrechte und Anwendungen lassen sich anschließend nicht öffnen. Auch die Verschlüsselung kann ich nicht aufheben.

markusg 17.06.2013 18:12
weis nicht ob du mir das beantwortet hast, denn ich denke nicht das sie verschlüsselt sind.
wenn du eine textdatei oder bild auf dem destkop speicherst, und sie dann woanders hinkopierst, kannst du die dann immernoch nicht öffnen?

gigio1 17.06.2013 18:35
Nun, die Dateinamen sind alle grün und unter Eigenschaften könnte ich sie entschlüsseln, wenn es denn funktionieren würde.

Ich habe eine TXT- und eine PNG-Datei auf den Desktop kopiert. Übliche Geschichte, es wird nach Adminrechten gefragt. Dort kann ich sie nicht öffnen (Zugriff verweigert).
Wieder zurück in den Ursprungsordner ist der Dateiname grün, ich kann sie aber öffnen. Auch die Entschlüsselung über Eigenschaften klappt.

Die alten Dateien vom Desktop kann ich aber nicht verschieben oder kopieren, mir würden die Berechtigungen fehlen.

markusg 18.06.2013 16:53
also nicht verschlüsselt.
HitmanPro - Download - Filepony

Hitmanpro laden, doppelklicken, scan klicken.
Nichts löschen.
Auf weiter klicken, log speichern und Posten, bzw als xml exportieren, packen und anhängen

gigio1 19.06.2013 16:26
Here it comes

markusg 19.06.2013 18:48
bitte alle Hitmanpro funde löschen, neues otl log

gigio1 19.06.2013 19:52
Anbei

schrauber 21.06.2013 10:49
Hi,

Markus ist im Urlaub. Gibt es noch irgendwelche Probleme mit dem System?


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:08 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130