Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google leitet auf falsche Seiten weiter (https://www.trojaner-board.de/105077-google-leitet-falsche-seiten.html)

henniberlin 13.11.2011 20:08
Google leitet auf falsche Seiten weiter
 
Hallo :)

habe das wohl öfter vorkommende Problem, dass Google mich nicht auf die gewünschte sondern andere Seiten weiterleitet.

anbei die gewünschten dateien

vielen dank schon mal für die Hilfe

markusg 14.11.2011 11:58
hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
F3:64bit: - HKCU WinNT: Load - (C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe) - C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe) -C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe) - C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe ()
O4 - HKCU..\Run: [F30.exe] C:\Users\Hendrik\AppData\Roaming\Microsoft\B113\F30.exe ()
O4 - HKCU..\Run: [06D.exe] C:\Users\Hendrik\AppData\Roaming\Microsoft\E963\06D.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\Hendrik\AppData\Roaming\340CE\08DB1.exe) -C:\Users\Hendrik\AppData\Roaming\340CE\08DB1.exe ()
:Files
C:\Users\Hendrik\AppData\Roaming\CE789
C:\Users\Hendrik\AppData\Roaming\Microsoft\B113
C:\Users\Hendrik\AppData\Roaming\Microsoft\E963
C:\Users\Hendrik\AppData\Roaming\340CE
C:\Program Files (x86)\LP
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

henniberlin 14.11.2011 16:50
Code:
========== OTL ==========
C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe moved successfully.
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe deleted successfully.
File \Users\Hendrik\AppData\Roaming\CE789\lvvm.exe) -C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe deleted successfully.
File C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe not found.
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Hendrik\AppData\Roaming\CE789\lvvm.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F30.exe deleted successfully.
C:\Users\Hendrik\AppData\Roaming\Microsoft\B113\F30.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\06D.exe deleted successfully.
C:\Users\Hendrik\AppData\Roaming\Microsoft\E963\06D.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Hendrik\AppData\Roaming\340CE\08DB1.exe deleted successfully.
File \Users\Hendrik\AppData\Roaming\340CE\08DB1.exe) -C:\Users\Hendrik\AppData\Roaming\340CE\08DB1.exe not found.
========== FILES ==========
C:\Users\Hendrik\AppData\Roaming\CE789 folder moved successfully.
C:\Users\Hendrik\AppData\Roaming\Microsoft\B113 folder moved successfully.
Folder move failed. C:\Users\Hendrik\AppData\Roaming\Microsoft\E963 scheduled to be moved on reboot.
C:\Users\Hendrik\AppData\Roaming\340CE folder moved successfully.
C:\Program Files (x86)\LP\E963 folder moved successfully.
C:\Program Files (x86)\LP folder moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.31.0 log created on 11142011_164131

Files\Folders moved on Reboot...
C:\Users\Hendrik\AppData\Roaming\Microsoft\E963 folder moved successfully.

Registry entries deleted on Reboot...

markusg 14.11.2011 16:59
ok weiter mit unhide und upload des moved files ordner im upload channel

henniberlin 14.11.2011 17:21
jo, hab ich

markusg 14.11.2011 17:35
ok
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

henniberlin 14.11.2011 18:44
Code:
Combofix Logfile:

       
Code:

       
ComboFix 11-11-14.02 - Hendrik 14.11.2011  18:06:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2989.1794 [GMT 1:00]
ausgeführt von:: c:\users\Hendrik\Documents\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\programdata\FullRemove.exe
c:\users\Hendrik\AppData\Roaming\202A.C8B
c:\users\Hendrik\AppData\Roaming\firefox.exe
c:\users\Hendrik\AppData\Roaming\java.exe
c:\users\Hendrik\AppData\Roaming\Microsoft\lvvm.exe
c:\windows\IsUn0407.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-14 bis 2011-11-14  ))))))))))))))))))))))))))))))
.
.
2011-11-14 17:18 . 2011-11-14 17:18        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-14 16:59 . 2011-11-14 16:59        --------        d-----w-        c:\windows\de
2011-11-14 16:54 . 2011-05-13 14:37        48488        ----a-w-        c:\windows\system32\drivers\fssfltr.sys
2011-11-14 16:52 . 2009-09-04 16:44        69464        ----a-w-        c:\windows\SysWow64\XAPOFX1_3.dll
2011-11-14 16:52 . 2009-09-04 16:44        515416        ----a-w-        c:\windows\SysWow64\XAudio2_5.dll
2011-11-14 16:52 . 2009-09-04 16:29        453456        ----a-w-        c:\windows\SysWow64\d3dx10_42.dll
2011-11-14 16:52 . 2009-09-04 16:29        523088        ----a-w-        c:\windows\system32\d3dx10_42.dll
2011-11-14 16:51 . 2006-11-29 12:06        4398360        ----a-w-        c:\windows\system32\d3dx9_32.dll
2011-11-14 16:51 . 2006-11-29 12:06        3426072        ----a-w-        c:\windows\SysWow64\d3dx9_32.dll
2011-11-14 16:50 . 2011-11-14 16:50        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\7d43616d1cca2ed06\MeshBetaRemover.exe
2011-11-14 16:50 . 2011-11-14 16:50        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\79f1962b1cca2ed05\DSETUP.dll
2011-11-14 16:50 . 2011-11-14 16:50        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\79f1962b1cca2ed05\DXSETUP.exe
2011-11-14 16:50 . 2011-11-14 16:50        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\79f1962b1cca2ed05\dsetup32.dll
2011-11-14 16:50 . 2011-11-14 16:50        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\76833a661cca2ed04\DSETUP.dll
2011-11-14 16:50 . 2011-11-14 16:50        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\76833a661cca2ed04\DXSETUP.exe
2011-11-14 16:50 . 2011-11-14 16:50        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\76833a661cca2ed04\dsetup32.dll
2011-11-14 16:06 . 2011-11-14 17:00        --------        d-----w-        c:\users\Hendrik\AppData\Local\Windows Live
2011-11-14 16:01 . 2011-11-14 16:48        --------        d-----w-        c:\users\Hendrik\AppData\Roaming\ICQ
2011-11-14 16:01 . 2011-11-14 16:02        --------        d-----w-        c:\program files (x86)\ICQ7.7
2011-11-14 15:41 . 2011-11-14 15:59        --------        d-----w-        C:\_OTL
2011-11-13 18:32 . 2011-11-13 18:32        --------        d-----w-        c:\program files (x86)\7-Zip
2011-11-13 17:59 . 2011-11-13 17:59        --------        d-----w-        c:\windows\system32\SPReview
2011-11-13 17:57 . 2011-11-13 17:57        --------        d-----w-        c:\windows\system32\EventProviders
2011-11-09 15:42 . 2011-10-01 05:45        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll
2011-11-09 15:42 . 2011-10-01 04:37        708608        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:42 . 2011-09-29 16:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:42 . 2011-09-29 04:03        3144704        ----a-w-        c:\windows\system32\win32k.sys
2011-11-05 14:34 . 2011-11-05 14:34        --------        d-----w-        c:\program files (x86)\Java
2011-10-30 17:03 . 2011-11-01 08:07        283648        ----a-w-        c:\users\Hendrik\AppData\Roaming\Microsoft\3D7C\CE7.exe
2011-10-30 17:03 . 2011-10-30 17:03        283648        ----a-w-        c:\users\Hendrik\AppData\Roaming\Microsoft\E96C\CE7.exe
2011-10-26 12:37 . 2011-08-13 05:27        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
2011-10-26 12:37 . 2011-08-13 04:18        6144        ----a-w-        c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-22 13:57 . 2011-10-22 13:57        --------        d-----w-        c:\programdata\iMesh
2011-10-22 13:57 . 2011-10-22 13:57        --------        d-----w-        c:\program files (x86)\iMesh Applications
2011-10-22 13:57 . 2011-10-22 13:58        --------        dc----w-        c:\programdata\{D7941DA4-2EF5-4E70-8A3D-3CF7634A336B}
2011-10-22 13:57 . 2011-10-22 13:57        --------        d-----w-        c:\users\Hendrik\AppData\Local\PackageAware
2011-10-16 17:55 . 2011-10-16 17:55        18139008        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 17:00 . 2011-03-28 17:36        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-13 18:10 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-11-13 18:10 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-11-05 14:34 . 2010-10-23 14:54        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-10-07 14:24 . 2011-10-07 14:24        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25 . 2011-10-12 23:33        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 23:33        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-09-18 17:03 . 2011-09-18 17:03        21840        ----a-w-        c:\windows\SysWow64\SIntfNT.dll
2011-09-18 17:03 . 2011-09-18 17:03        17212        ----a-w-        c:\windows\SysWow64\SIntf32.dll
2011-09-18 17:03 . 2011-09-18 17:03        12067        ----a-w-        c:\windows\SysWow64\SIntf16.dll
2011-09-18 12:00 . 2011-09-18 11:55        1668        ----a-w-        c:\windows\system32\ASOROSet.bin
2011-08-29 08:00 . 2011-09-18 11:28        74752        ----a-w-        c:\windows\SysWow64\ff_vfw.dll
2011-08-27 05:37 . 2011-10-12 23:33        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 23:33        331776        ----a-w-        c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 23:33        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 23:33        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll
2011-08-20 05:37 . 2011-10-12 23:33        1188864        ----a-w-        c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-12 23:33        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-08-17 05:26 . 2011-10-12 23:33        613888        ----a-w-        c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-12 23:33        108032        ----a-w-        c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-12 23:33        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 23:33        75776        ----a-w-        c:\windows\SysWow64\psisrndr.ax
2009-04-08 17:31 . 2009-04-08 17:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-20 2429]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 07:01]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 07:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 58368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50182
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\ljmyjwac.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - kicker.de
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&clid=faf9aa620cfe4e4da105c849b2dede2a&subid=&Keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50182
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
Wow6432Node-HKLM-Run-06D.exe - c:\program files (x86)\LP\E963\06D.exe
Toolbar-Locked - (no file)
WebBrowser-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
AddRemove-DSF Fussball Manager 98 - c:\windows\IsUn0407.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-{15CD0411-2BCA-4D1D-8E3B-611900ABB53F}_is1 - d:\spiele\Call of Duty Black Ops AT UNCUT\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1026848055-2084105530-1121592593-1001\Software\SecuROM\License information*]
"datasecu"=hex:30,9e,05,f3,db,7b,09,8e,bd,44,fd,0c,1e,96,6e,88,85,0d,7f,67,79,
   6b,54,1f,cb,c9,3e,41,af,39,5e,9e,a4,89,16,3b,96,30,16,71,95,9c,cb,cf,63,d9,\
"rkeysecu"=hex:b5,33,eb,9b,af,f4,d5,94,e1,51,2a,97,17,33,3c,7b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-14  18:35:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-14 17:34
.
Vor Suchlauf: 15 Verzeichnis(se), 20.604.895.232 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 21.273.669.632 Bytes frei
.
- - End Of File - - 4DF02243ABC29F9678FCF3E5E873F588

--- --- ---

markusg 14.11.2011 19:00
start programme zubehör editor reinkopieren:

Killall::
Rootkit::
Folder::
c:\users\Hendrik\AppData\Roaming\Microsoft\3D7C
c:\users\Hendrik\AppData\Roaming\Microsoft\E96C

datei speichern unter, ort, dort wo sich combofix.exe befindet, typ, alle dateien.
name:
cfscript.txt

schalte jetzt alles an laufenden programmen aus, auch antivirus.
dann ziehe cfscript auf combofix, programm startet log posten

henniberlin 14.11.2011 19:57
Code:
Combofix Logfile:

       
Code:

       
ComboFix 11-11-14.02 - Hendrik 14.11.2011  19:23:16.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2989.1741 [GMT 1:00]
ausgeführt von:: c:\users\Hendrik\Documents\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Hendrik\Documents\Desktop\cfscript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hendrik\AppData\Roaming\Microsoft\3D7C
c:\users\Hendrik\AppData\Roaming\Microsoft\3D7C\CE7.exe
c:\users\Hendrik\AppData\Roaming\Microsoft\E96C
c:\users\Hendrik\AppData\Roaming\Microsoft\E96C\CE7.exe
c:\users\Hendrik\AppData\Roaming\Microsoft\E96C\F519.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-14 bis 2011-11-14  ))))))))))))))))))))))))))))))
.
.
2011-11-14 18:28 . 2011-11-14 18:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-14 16:59 . 2011-11-14 16:59        --------        d-----w-        c:\windows\de
2011-11-14 16:54 . 2011-05-13 14:37        48488        ----a-w-        c:\windows\system32\drivers\fssfltr.sys
2011-11-14 16:52 . 2009-09-04 16:44        69464        ----a-w-        c:\windows\SysWow64\XAPOFX1_3.dll
2011-11-14 16:52 . 2009-09-04 16:44        515416        ----a-w-        c:\windows\SysWow64\XAudio2_5.dll
2011-11-14 16:52 . 2009-09-04 16:29        453456        ----a-w-        c:\windows\SysWow64\d3dx10_42.dll
2011-11-14 16:52 . 2009-09-04 16:29        523088        ----a-w-        c:\windows\system32\d3dx10_42.dll
2011-11-14 16:51 . 2006-11-29 12:06        4398360        ----a-w-        c:\windows\system32\d3dx9_32.dll
2011-11-14 16:51 . 2006-11-29 12:06        3426072        ----a-w-        c:\windows\SysWow64\d3dx9_32.dll
2011-11-14 16:50 . 2011-11-14 16:50        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\7d43616d1cca2ed06\MeshBetaRemover.exe
2011-11-14 16:50 . 2011-11-14 16:50        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\79f1962b1cca2ed05\DSETUP.dll
2011-11-14 16:50 . 2011-11-14 16:50        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\79f1962b1cca2ed05\DXSETUP.exe
2011-11-14 16:50 . 2011-11-14 16:50        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\79f1962b1cca2ed05\dsetup32.dll
2011-11-14 16:50 . 2011-11-14 16:50        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\76833a661cca2ed04\DSETUP.dll
2011-11-14 16:50 . 2011-11-14 16:50        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\76833a661cca2ed04\DXSETUP.exe
2011-11-14 16:50 . 2011-11-14 16:50        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\76833a661cca2ed04\dsetup32.dll
2011-11-14 16:06 . 2011-11-14 18:20        --------        d-----w-        c:\users\Hendrik\AppData\Local\Windows Live
2011-11-14 16:01 . 2011-11-14 18:20        --------        d-----w-        c:\users\Hendrik\AppData\Roaming\ICQ
2011-11-14 16:01 . 2011-11-14 16:02        --------        d-----w-        c:\program files (x86)\ICQ7.7
2011-11-14 15:41 . 2011-11-14 15:59        --------        d-----w-        C:\_OTL
2011-11-13 18:32 . 2011-11-13 18:32        --------        d-----w-        c:\program files (x86)\7-Zip
2011-11-13 17:59 . 2011-11-13 17:59        --------        d-----w-        c:\windows\system32\SPReview
2011-11-13 17:57 . 2011-11-13 17:57        --------        d-----w-        c:\windows\system32\EventProviders
2011-11-09 15:42 . 2011-10-01 05:45        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll
2011-11-09 15:42 . 2011-10-01 04:37        708608        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:42 . 2011-09-29 16:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:42 . 2011-09-29 04:03        3144704        ----a-w-        c:\windows\system32\win32k.sys
2011-11-05 14:34 . 2011-11-05 14:34        --------        d-----w-        c:\program files (x86)\Java
2011-10-26 12:37 . 2011-08-13 05:27        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
2011-10-26 12:37 . 2011-08-13 04:18        6144        ----a-w-        c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-22 13:57 . 2011-10-22 13:57        --------        d-----w-        c:\programdata\iMesh
2011-10-22 13:57 . 2011-10-22 13:57        --------        d-----w-        c:\program files (x86)\iMesh Applications
2011-10-22 13:57 . 2011-10-22 13:58        --------        dc----w-        c:\programdata\{D7941DA4-2EF5-4E70-8A3D-3CF7634A336B}
2011-10-22 13:57 . 2011-10-22 13:57        --------        d-----w-        c:\users\Hendrik\AppData\Local\PackageAware
2011-10-16 17:55 . 2011-10-16 17:55        18139008        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 17:00 . 2011-03-28 17:36        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-13 18:10 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-11-13 18:10 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-11-05 14:34 . 2010-10-23 14:54        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-10-07 14:24 . 2011-10-07 14:24        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25 . 2011-10-12 23:33        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 23:33        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-09-18 17:03 . 2011-09-18 17:03        21840        ----a-w-        c:\windows\SysWow64\SIntfNT.dll
2011-09-18 17:03 . 2011-09-18 17:03        17212        ----a-w-        c:\windows\SysWow64\SIntf32.dll
2011-09-18 17:03 . 2011-09-18 17:03        12067        ----a-w-        c:\windows\SysWow64\SIntf16.dll
2011-09-18 12:00 . 2011-09-18 11:55        1668        ----a-w-        c:\windows\system32\ASOROSet.bin
2011-08-29 08:00 . 2011-09-18 11:28        74752        ----a-w-        c:\windows\SysWow64\ff_vfw.dll
2011-08-27 05:37 . 2011-10-12 23:33        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 23:33        331776        ----a-w-        c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 23:33        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 23:33        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll
2011-08-20 05:37 . 2011-10-12 23:33        1188864        ----a-w-        c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-12 23:33        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-08-17 05:26 . 2011-10-12 23:33        613888        ----a-w-        c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-12 23:33        108032        ----a-w-        c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-12 23:33        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 23:33        75776        ----a-w-        c:\windows\SysWow64\psisrndr.ax
2009-04-08 17:31 . 2009-04-08 17:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-14_17.21.26   )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-14 17:19 . 2011-11-14 17:19        13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-11-14 18:28 . 2011-11-14 18:28        13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-11-14 17:20        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-14 18:30        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-14 17:20        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-14 18:30        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-14 17:20        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-14 18:30        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-20 07:17 . 2011-11-14 18:31        50004              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-14 16:48        32748              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-14 18:31        32748              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-23 11:35 . 2011-11-14 18:31        12600              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1026848055-2084105530-1121592593-1001_UserData.bin
- 2010-10-24 02:24 . 2011-11-14 17:20        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-24 02:24 . 2011-11-14 18:30        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-24 02:24 . 2011-11-14 17:20        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-24 02:24 . 2011-11-14 18:30        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-14 18:30        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-14 17:20        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-23 11:42 . 2011-11-14 17:41        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-23 11:42 . 2011-11-14 16:47        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-14 17:48        91888              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-10-23 11:42 . 2011-11-14 17:41        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-23 11:42 . 2011-11-14 16:47        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-23 11:42 . 2011-11-14 17:41        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-23 11:42 . 2011-11-14 16:47        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-23 11:36 . 2011-11-14 17:00        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-23 11:36 . 2011-11-14 17:41        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-23 11:36 . 2011-11-14 17:41        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-23 11:36 . 2011-11-14 17:00        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-14 17:20 . 2011-11-14 17:20        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-14 18:29 . 2011-11-14 18:29        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-14 18:29 . 2011-11-14 18:29        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-14 17:20 . 2011-11-14 17:20        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-11-14 16:52        616452              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-14 17:44        616452              c:\windows\system32\perfh009.dat
+ 2009-08-04 09:51 . 2011-11-14 17:44        654610              c:\windows\system32\perfh007.dat
- 2009-08-04 09:51 . 2011-11-14 16:52        654610              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-11-14 17:44        106574              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-14 16:52        106574              c:\windows\system32\perfc009.dat
+ 2009-08-04 09:51 . 2011-11-14 17:44        130192              c:\windows\system32\perfc007.dat
- 2009-08-04 09:51 . 2011-11-14 16:52        130192              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:12 . 2011-11-14 18:30        262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-11-14 17:20        262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-11-14 18:28        329944              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-14 17:19        329944              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-11-14 16:50        7112398              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-14 17:22        7112398              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-07-19 16:35 . 2011-11-14 18:28        1843112              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-07-19 16:35 . 2011-11-14 17:19        1843112              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-05-09 08:09 . 2011-11-14 17:19        1398393              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1026848055-2084105530-1121592593-1001-8192.dat
+ 2011-05-09 08:09 . 2011-11-14 18:28        1398393              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1026848055-2084105530-1121592593-1001-8192.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-20 2429]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 07:01]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 07:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 58368]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50182
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\ljmyjwac.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - kicker.de
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&clid=faf9aa620cfe4e4da105c849b2dede2a&subid=&Keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50182
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1026848055-2084105530-1121592593-1001\Software\SecuROM\License information*]
"datasecu"=hex:30,9e,05,f3,db,7b,09,8e,bd,44,fd,0c,1e,96,6e,88,85,0d,7f,67,79,
   6b,54,1f,cb,c9,3e,41,af,39,5e,9e,a4,89,16,3b,96,30,16,71,95,9c,cb,cf,63,d9,\
"rkeysecu"=hex:b5,33,eb,9b,af,f4,d5,94,e1,51,2a,97,17,33,3c,7b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-14  19:35:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-14 18:35
ComboFix2.txt  2011-11-14 17:35
.
Vor Suchlauf: 18 Verzeichnis(se), 21.402.353.664 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 21.329.977.344 Bytes frei
.
- - End Of File - - 18DF8850B5511390BE5C42ED54C8E53C

--- --- ---

markusg 14.11.2011 20:03
öffne mal internet explorer, extras internet optionen verbindung, lanverbindung.
nun gehe zu proxy server, lösche adresse + port
und nimm den haken bei proxy server verwenden raus.
übernehmen ok klicken.
öffne firefox, extras einstellungen erweitert netzwerk, keinen proxy verwenden auswählen, übernehmen ok.


malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

henniberlin 14.11.2011 21:34
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8162

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.11.2011 21:32:31
mbam-log-2011-11-14 (21-32-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 366986
Laufzeit: 35 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\Users\Hendrik\AppData\Roaming\firefox.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Hendrik\AppData\Roaming\java.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Hendrik\AppData\Roaming\microsoft\lvvm.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Hendrik\AppData\Roaming\microsoft\3D7C\ce7.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Hendrik\AppData\Roaming\microsoft\E96C\ce7.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Hendrik\AppData\Roaming\B202A\lvvm.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Hendrik\AppData\Roaming\CC8B2\89A11.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11142011_164131\c_program files (x86)\LP\E963\06D.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11142011_164131\C_Users\Hendrik\AppData\Roaming\340CE\08DB1.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11142011_164131\C_Users\Hendrik\AppData\Roaming\340CE\75CE9.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11142011_164131\C_Users\Hendrik\AppData\Roaming\CE789\lvvm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11142011_164131\C_Users\Hendrik\AppData\Roaming\microsoft\B113\F30.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11142011_164131\C_Users\Hendrik\AppData\Roaming\microsoft\E963\06D.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

markusg 14.11.2011 21:41
hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
:Files
c:\Users\Hendrik\AppData\Roaming\B202A
c:\Users\Hendrik\AppData\Roaming\CC8B2
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

henniberlin 14.11.2011 21:57
Code:
All processes killed
========== OTL ==========
========== FILES ==========
c:\Users\Hendrik\AppData\Roaming\B202A folder moved successfully.
c:\Users\Hendrik\AppData\Roaming\CC8B2 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Hendrik
->Flash cache emptied: 4218 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hendrik
->Temp folder emptied: 443059 bytes
->Temporary Internet Files folder emptied: 48045574 bytes
->Java cache emptied: 15763061 bytes
->FireFox cache emptied: 191470122 bytes
->Google Chrome cache emptied: 25370779 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72939 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 268,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 11142011_215242

Files\Folders moved on Reboot...
C:\Users\Hendrik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

markusg 15.11.2011 12:17
kurzer zwischenstand, wie läuft das system?

henniberlin 15.11.2011 16:45
bisher is das problem mit den falschen seiten nicht mehr aufgetreten :)

also alles gereinigt?


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131