| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
18.07.2012, 14:07
| #1 |
| /// Selecta Jahrusso   |  Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Poste bitte die C:\Combofix.txt 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.07.2012, 14:51
| #2 |
| | Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei combofix log
__________________[code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-16.01 - trancer 17.07.2012 18:26:07.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.3071.1627 [GMT 2:00]
ausgeführt von:: c:\users\trancer\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 ))))))))))))))))))))))))))))))
.
.
2012-07-17 16:30 . 2012-07-17 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 16:02 . 2012-07-17 16:03 -------- d-----w- c:\program files\Google
2012-07-17 16:02 . 2012-07-17 16:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-17 16:02 . 2012-07-17 16:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-17 15:55 . 2012-07-17 16:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-17 15:54 . 2012-07-17 15:54 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 15:54 . 2012-07-17 15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-17 15:54 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 11:12 . 2012-07-17 11:12 -------- d-----w- c:\program files\WinPcap
2012-07-17 11:12 . 2012-07-17 11:12 -------- d-----w- c:\program files\Wireshark
2012-07-17 09:23 . 2012-07-17 09:21 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-17 09:23 . 2012-07-17 09:21 63488 ----a-w- c:\windows\system32\E_FD4BGJE.DLL
2012-07-17 09:22 . 2011-08-09 22:00 341504 ----a-w- c:\windows\system32\esw2ud.dll
2012-07-17 09:22 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-17 09:22 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-17 09:22 . 2012-07-17 09:22 -------- d-----w- c:\program files\epson
2012-07-17 09:16 . 2012-07-17 09:16 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-17 09:16 . 2012-07-17 09:22 -------- d-----w- c:\programdata\EPSON
2012-07-17 09:16 . 2008-11-11 16:00 93696 ----a-w- c:\windows\system32\E_FLBGJE.DLL
2012-07-17 09:12 . 2012-07-17 09:12 101248 ----a-w- c:\windows\system32\drivers\avmaudio.sys
2012-07-17 09:12 . 2012-07-17 09:12 32256 ----a-w- c:\windows\system32\MiniInstaller.dll
2012-07-17 06:44 . 2012-07-17 06:45 -------- d-----w- C:\d3
2012-07-16 18:01 . 2012-07-16 18:01 -------- d-----w- c:\program files\MSECache
2012-07-16 11:34 . 2012-04-30 18:42 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe
2012-07-16 11:34 . 2012-04-30 18:42 433264 ----a-w- c:\windows\system32\vmnat.exe
2012-07-16 11:34 . 2012-04-30 18:40 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-07-16 11:34 . 2012-04-30 18:42 783472 ----a-w- c:\windows\system32\vnetlib.dll
2012-07-16 11:34 . 2012-07-17 16:21 -------- d-----w- c:\programdata\VMware
2012-07-16 11:34 . 2012-07-16 11:34 -------- d-----w- c:\program files\VMware
2012-07-16 11:33 . 2012-07-16 11:34 -------- d-----w- c:\program files\Common Files\VMware
2012-07-16 11:11 . 2012-07-16 11:11 -------- d-----w- c:\program files\uTorrent
2012-07-15 13:32 . 2012-07-16 11:06 -------- d-----w- C:\Downloads
2012-07-15 13:30 . 2012-07-16 11:04 -------- d-----w- C:\Cryptload1.1.8
2012-07-14 21:29 . 2011-02-03 12:37 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2012-07-14 21:16 . 2012-07-14 21:16 -------- d-----w- c:\windows\WindowsMobile
2012-07-14 21:12 . 2012-01-18 13:55 922184 ----a-w- c:\windows\system32\pwNative.exe
2012-07-14 21:12 . 2012-01-18 13:55 16472 ------w- c:\windows\system32\pwdrvio.sys
2012-07-14 21:12 . 2012-01-18 13:55 11104 ------w- c:\windows\system32\pwdspio.sys
2012-07-14 21:12 . 2012-07-14 21:12 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.1
2012-07-14 21:10 . 2012-07-14 21:29 -------- d-----w- C:\nadja
2012-07-14 20:56 . 2012-07-14 21:03 -------- d-----w- c:\program files\HD2 Toolkit
2012-07-14 12:49 . 2012-07-14 12:52 -------- d-----w- C:\m3u
2012-07-14 12:45 . 2012-07-14 12:45 -------- d-----w- c:\program files\MP3 Folders
2012-07-14 12:44 . 2012-07-14 12:44 237 ----a-w- C:\user.js
2012-07-14 12:41 . 2012-07-14 12:41 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2012-07-14 12:41 . 2012-07-14 12:41 -------- d-----w- c:\program files\Optimizer Pro
2012-07-14 10:34 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-14 09:55 . 2012-07-14 09:55 -------- d-----w- c:\program files\The Skins Factory
2012-07-14 09:17 . 2012-07-14 09:17 -------- d-----w- c:\program files\Foxit Software
2012-07-14 08:54 . 2012-07-14 08:54 -------- d-----r- C:\Sandbox
2012-07-14 08:54 . 2012-07-14 08:54 -------- d-----w- c:\program files\Sandboxie
2012-07-14 08:52 . 2012-07-15 13:21 -------- d-----w- C:\auto
2012-07-14 07:13 . 2012-07-14 07:13 -------- d-----w- C:\glcd
2012-07-13 21:13 . 2012-07-13 21:13 -------- d-----w- c:\program files\Startup Sound Changer
2012-07-13 21:12 . 2012-07-13 21:12 4658750 ----a-w- c:\windows\Fusion_S.scr
2012-07-13 21:12 . 2012-07-13 21:12 345777 ----a-w- c:\windows\uninstall Fusion_S.exe
2012-07-13 21:11 . 2012-07-13 21:11 -------- d-----w- c:\windows\BACKUPSSS
2012-07-13 20:47 . 2012-07-13 20:47 -------- d-----r- c:\program files\Skype
2012-07-13 20:47 . 2012-07-13 20:47 -------- d-----w- c:\program files\Common Files\Skype
2012-07-13 20:47 . 2012-07-13 20:47 -------- d-----w- c:\programdata\Skype
2012-07-13 19:14 . 2012-07-13 19:14 -------- d-----w- c:\program files\QuickPar
2012-07-13 19:12 . 2012-07-13 19:12 -------- d-----w- c:\windows\W7SBC
2012-07-13 19:12 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2012-07-13 19:12 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2012-07-13 19:04 . 2009-07-14 01:16 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-07-13 19:04 . 2010-11-20 21:29 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2012-07-13 19:04 . 2009-07-14 01:16 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2012-07-13 17:32 . 2012-07-13 17:32 -------- d-----w- c:\programdata\Yahoo! Companion
2012-07-13 17:32 . 2012-07-13 20:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 17:32 . 2012-07-13 20:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 17:32 . 2012-07-13 17:32 -------- d-----w- c:\windows\system32\Macromed
2012-07-13 17:32 . 2012-07-13 17:32 -------- d-----w- c:\programdata\Yahoo!
2012-07-13 17:30 . 2012-07-13 17:32 -------- d-----w- c:\program files\Yahoo!
2012-07-13 17:21 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-13 17:21 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-13 17:21 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\programdata\Avira
2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\program files\Avira
2012-07-13 17:18 . 2007-04-09 14:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-07-13 17:18 . 2007-04-09 14:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2012-07-13 17:15 . 2012-07-13 17:15 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-07-13 17:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-13 17:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-13 17:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-13 17:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-13 17:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-13 17:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-13 17:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-13 17:09 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-13 17:09 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-13 17:07 . 2012-07-13 17:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-13 16:54 . 2012-07-13 16:54 -------- d-----w- c:\windows\PCHEALTH
2012-07-13 16:49 . 2012-07-13 17:15 -------- d-----w- c:\program files\WinSCP
2012-07-13 16:45 . 2012-07-13 17:04 -------- d-----w- c:\program files\Theme Resource Changer
2012-07-13 16:41 . 2012-07-14 09:50 -------- d-----w- C:\themes
2012-07-13 16:31 . 2012-07-13 17:15 -------- d-----w- c:\program files\TrueCrypt
2012-07-13 16:28 . 2012-07-13 17:04 -------- d-----w- c:\program files\F-Secure
2012-07-13 16:27 . 2012-07-13 16:30 -------- d-----w- c:\programdata\F-Secure
2012-07-13 16:24 . 2012-07-13 16:24 -------- d-----w- c:\program files\G DATA Software
2012-07-13 16:24 . 2012-07-13 16:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-07-13 16:01 . 2012-07-13 16:40 -------- d-----w- c:\programdata\G DATA
2012-07-13 16:01 . 2012-07-13 16:40 -------- d-----w- c:\program files\Common Files\G Data
2012-07-13 16:01 . 2012-07-13 16:16 -------- d-----w- c:\program files\G Data
2012-07-13 15:46 . 2012-07-13 17:08 -------- d-----w- c:\program files\MozBackup
2012-07-13 15:44 . 2012-07-13 15:44 -------- d-----w- c:\programdata\RoboForm
2012-07-13 15:43 . 2012-07-13 15:43 -------- d-----w- c:\program files\Siber Systems
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 19:04 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-07-13 19:04 . 2010-11-20 21:29 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-07-13 19:04 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-06-02 13:57 . 2012-06-02 13:57 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-02 13:57 . 2012-06-02 13:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-02 13:57 . 2012-06-02 13:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-02 13:57 . 2012-06-02 13:57 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-06-02 13:57 . 2012-06-02 13:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-02 13:57 . 2012-06-02 13:57 367104 ----a-w- c:\windows\system32\html.iec
2012-06-02 13:57 . 2012-06-02 13:57 161792 ----a-w- c:\windows\system32\msls31.dll
2012-06-02 13:57 . 2012-06-02 13:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-02 13:57 . 2012-06-02 13:57 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-06-02 13:57 . 2012-06-02 13:57 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-02 13:57 . 2012-06-02 13:57 152064 ----a-w- c:\windows\system32\wextract.exe
2012-06-02 13:57 . 2012-06-02 13:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-06-02 13:57 . 2012-06-02 13:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-02 13:57 . 2012-06-02 13:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-06-02 13:57 . 2012-06-02 13:57 11776 ----a-w- c:\windows\system32\mshta.exe
2012-06-02 13:57 . 2012-06-02 13:57 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-14 23:43 . 2012-06-12 17:05 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03875BE7-95D6-4878-8E5D-AD13B66E0AD0}\mpengine.dll
2012-05-04 09:59 . 2012-06-12 17:05 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-01 04:44 . 2012-06-12 17:05 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-30 18:42 . 2012-04-30 18:42 55664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-04-30 16:26 . 2012-04-30 16:26 252016 ----a-w- c:\windows\system32\vmnc.dll
2012-04-30 15:22 . 2012-04-30 15:22 55408 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-04-30 15:22 . 2012-04-30 15:22 49776 ----a-w- c:\windows\system32\vnetinst.dll
2012-04-30 15:22 . 2012-04-30 15:22 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 15:22 . 2012-04-30 15:22 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-04-30 15:22 . 2012-04-30 15:22 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-04-28 04:41 . 2012-06-12 17:05 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-12 17:05 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-12 17:05 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-12 17:05 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-12 17:05 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-12 17:05 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 17:05 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 17:05 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 22:19 . 2012-07-13 17:07 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-13 109336]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 466704]
"Optimizer Pro"="c:\program files\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
"AVMUSBFernanschluss"="c:\users\trancer\AppData\Local\Apps\2.0\35Q8LEAK.MRY\KB481W7G.B5W\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-07-17 147456]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2012-04-30 103536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-12 91136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI4A8.tmp [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 20:04]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 16:02]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-17 16:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{BBEF4F6B-4277-469E-84E1-569596CE249C}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\trancer\AppData\Roaming\Mozilla\Firefox\Profiles\bp19d5zo.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI4A8.tmp\" -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5768)
c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
.
Zeit der Fertigstellung: 2012-07-17 18:32:13
ComboFix-quarantined-files.txt 2012-07-17 16:32
.
Vor Suchlauf: 14 Verzeichnis(se), 25.815.445.504 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 25.462.226.944 Bytes frei
.
- - End Of File - - D771D041D3487328F756216599BA42F7
|
|
| Themen zu Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei |
| antivir, application/pdf:, autorun, avira, bho, combofix, desktop, error, excel, firefox, flash player, format, google, helper, heuristiks/extra, heuristiks/shuriken, homepage, installation, langs, logfile, mozilla, mp3, nodrives, optimizer pro, registry, rundll, scan, searchscopes, security, svchost.exe, taskhost.exe, usb, windows |
Hybrid-Darstellung
