Bundestrojaner eingefangen! Scans im Anhang

markusg · 09.02.2012, 10:03

1. in den otl logs sehen wir unter anderem laufende prozesse, services und dienste, toolbars, zuletzt erstellte dateien, fehlermeldungen die windows ausgibt usw.
dort suchen wir dann die malware raus und löschen sie.
wir haben auch alte temp dateien, browser chache den paapierkorb etc geleert.
2. die datei zeigt mir ob das löschen geklappt hatt, sowie wie viel daten müll wir gelöscht haben
Total Files Cleaned = 364,00 mb
also bei dir rund 300 mb.
3.
denke ich nicht, aber wenn wir beim schritt Malwarebytes sind, kannst du die ja mal mit prüfen.
4.
wir machen noch 2 scans, dann zeige ich dir, wie du das system absicherst.
danke dir erst mal für den upload.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

orbit124 · 09.02.2012, 13:15

Hier die Combofix Logdatei:

Code:

ATTFilter

ComboFix 12-02-02.02 - Christoph 09.02.2012  12:58:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3884.2395 [GMT 1:00]
ausgeführt von:: c:\users\Christoph\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CHRIST~1\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Christoph\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Christoph\userdiff.sav
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-09 bis 2012-02-09  ))))))))))))))))))))))))))))))
.
.
2012-02-08 21:08 . 2012-02-08 21:14	--------	d-----w-	C:\_OTL
2012-02-08 14:34 . 2012-02-08 17:19	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-08 14:34 . 2012-02-08 17:03	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-02-03 22:02 . 2012-02-03 22:07	--------	d-----w-	c:\users\Christoph\AppData\Roaming\vlc
2012-02-03 22:01 . 2012-02-03 22:01	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-01-23 18:47 . 2012-02-06 12:49	--------	d-----w-	c:\users\Christoph\AppData\Roaming\U3
2012-01-23 18:34 . 2009-07-21 00:42	78872	----a-w-	c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-01-23 18:34 . 2009-07-21 00:42	50200	----a-w-	c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-01-23 18:34 . 2009-07-21 00:42	79896	----a-w-	c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-01-23 18:34 . 2009-07-21 00:42	111640	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-01-23 18:33 . 2012-01-23 18:33	--------	d-----w-	c:\windows\system32\RsFx
2012-01-23 18:31 . 2012-01-23 18:31	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2012-01-23 18:31 . 2012-01-23 18:31	--------	d-----w-	c:\windows\SysWow64\1033
2012-01-23 18:31 . 2012-01-23 18:31	--------	d-----w-	c:\windows\system32\1033
2012-01-23 18:30 . 2012-01-23 18:30	--------	d-----w-	c:\program files\Microsoft.NET
2012-01-23 18:24 . 2012-01-23 18:33	--------	d-----w-	c:\program files\Microsoft SQL Server
2012-01-23 18:23 . 2012-01-23 18:31	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server
2012-01-23 18:22 . 2012-01-23 18:22	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2012-01-23 18:22 . 2012-01-23 18:22	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-01-23 18:22 . 2012-01-23 18:22	791888	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU\install.exe
2012-01-23 18:22 . 2012-01-23 18:22	53088	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU\install.res.1031.dll
2012-01-23 18:21 . 2012-01-23 18:21	--------	d-----w-	c:\programdata\PreEmptive Solutions
2012-01-23 18:15 . 2012-01-28 09:30	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-01-23 18:12 . 2012-01-23 18:12	--------	d-----w-	c:\program files (x86)\Microsoft ASP.NET
2012-01-23 18:12 . 2012-01-23 18:12	--------	d-----w-	c:\program files\IIS
2012-01-23 18:12 . 2012-01-23 18:12	--------	d-----w-	c:\program files (x86)\IIS
2012-01-23 18:11 . 2012-01-26 15:46	2490752	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-01-23 17:57 . 2012-01-23 18:31	--------	d-----w-	c:\windows\SysWow64\1031
2012-01-23 17:56 . 2012-01-26 15:39	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2012-01-23 17:56 . 2012-01-23 18:21	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
2012-01-23 17:56 . 2012-01-23 18:02	--------	d-----w-	c:\program files (x86)\Microsoft F#
2012-01-23 17:56 . 2012-01-23 17:59	--------	d-----w-	c:\program files (x86)\HTML Help Workshop
2012-01-23 17:51 . 2012-01-23 17:51	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 9.0
2012-01-23 17:51 . 2012-01-23 18:31	--------	d-----w-	c:\windows\system32\1031
2012-01-23 17:51 . 2012-01-23 17:51	--------	d-----w-	c:\windows\symbols
2012-01-23 17:51 . 2012-01-23 18:23	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2012-01-23 17:51 . 2012-01-23 18:23	--------	d-----w-	c:\program files (x86)\Microsoft SDKs
2012-01-23 17:51 . 2012-01-23 17:51	--------	d-----w-	c:\program files\Microsoft Help Viewer
2012-01-23 17:35 . 2012-01-23 17:35	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-23 17:35 . 2012-01-23 17:35	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-01-23 17:34 . 2012-02-01 08:10	--------	d-----w-	c:\users\Christoph\AppData\Roaming\DAEMON Tools Lite
2012-01-23 17:34 . 2012-01-23 17:34	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2012-01-21 19:27 . 2012-01-21 19:27	--------	d-----w-	c:\users\Christoph\AppData\Local\Apple Computer
2012-01-21 19:27 . 2012-01-21 19:27	--------	d-----w-	c:\users\Christoph\AppData\Roaming\Apple Computer
2012-01-21 19:26 . 2012-01-21 19:26	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-01-21 19:26 . 2009-05-18 12:17	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-21 19:23 . 2012-01-21 19:24	--------	d-----w-	c:\programdata\Apple
2012-01-17 16:55 . 2011-08-13 05:27	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2012-01-17 16:55 . 2011-08-13 04:18	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2012-01-16 20:58 . 2012-01-16 20:58	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2012-01-16 20:57 . 2012-01-16 20:57	--------	d-----w-	c:\windows\PCHEALTH
2012-01-16 20:57 . 2012-01-16 20:57	--------	d-----w-	c:\program files\Microsoft Sync Framework
2012-01-16 20:57 . 2012-01-16 20:57	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-01-16 20:55 . 2012-01-16 20:55	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2012-01-16 20:54 . 2012-01-16 20:54	--------	d-----w-	c:\program files\Microsoft Analysis Services
2012-01-16 20:54 . 2012-01-16 20:54	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2012-01-16 20:52 . 2012-01-16 20:52	--------	d-----w-	c:\users\Christoph\AppData\Local\Microsoft Help
2012-01-16 20:51 . 2012-01-31 07:58	--------	d-----w-	c:\programdata\Microsoft Help
2012-01-16 20:50 . 2012-01-16 20:50	--------	d-----r-	C:\MSOCache
2012-01-16 17:00 . 2009-02-24 17:35	255552	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2012-01-16 15:43 . 2012-01-16 20:21	--------	d-----w-	c:\program files (x86)\Elaborate Bytes
2012-01-15 11:06 . 2012-01-15 11:06	--------	d-----w-	c:\users\Christoph\AppData\Local\Winamp Toolbar
2012-01-15 10:46 . 2012-01-15 10:46	--------	d-----w-	c:\users\Christoph\AppData\Roaming\e-academy Inc
2012-01-15 10:46 . 2012-01-15 10:46	--------	d-----w-	c:\users\Christoph\AppData\Local\e-academy Inc
2012-01-11 13:21 . 2012-01-11 13:25	--------	d-----w-	C:\CSS
2012-01-11 13:21 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 13:21 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 13:21 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 13:21 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 13:21 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 13:21 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-11 13:21 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 13:21 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 14:13 . 2012-02-08 14:13	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7F9ADC5-98FA-4899-96A4-38A02392BC18}\offreg.dll
2012-01-26 23:52 . 2011-06-09 18:59	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2012-02-08 13:42	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7F9ADC5-98FA-4899-96A4-38A02392BC18}\mpengine.dll
2011-11-24 04:52 . 2011-12-14 16:45	3145216	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2011-06-29 1937736]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-09 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-09 20880]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-24 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-12 21504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AiCharger;AiCharger; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-09-05 1620584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-20 77312]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74cabc1b-4473-11e1-a71f-74f06dc3558b}]
\shell\AutoRun\command - E:\SETUP.EXE
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\yv4tyts8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110717160614112&tb_oid=17-07-2011&tb_mrud=17-07-2011&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-GeoGebra 4 - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ASUS Ai Charger (NB edition)\AiCharger.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\AsScrPro.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-09  13:13:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-09 12:13
.
Vor Suchlauf: 12 Verzeichnis(se), 80.926.449.664 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 80.671.731.712 Bytes frei
.
- - End Of File - - ADC18B555D869E47CE44DB159A3892DA

Bundestrojaner eingefangen! Scans im Anhang

Log-Analyse und Auswertung: Bundestrojaner eingefangen! Scans im Anhang

Bundestrojaner eingefangen! Scans im Anhang

Bundestrojaner eingefangen! Scans im Anhang

Ähnliche Themen: Bundestrojaner eingefangen! Scans im Anhang