| |
| |||||||
Log-Analyse und Auswertung: 6 bedrohliche Dateien im Windows Ordner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
23.09.2012, 15:54
| #1 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  6 bedrohliche Dateien im Windows Ordner gefunden Ok, dann mach mit CF weiter: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.09.2012, 12:40
| #2 |
 | 6 bedrohliche Dateien im Windows Ordner gefundenCode:
ATTFilter ComboFix 12-09-23.03 - ***24.09.2012 13:08:10.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6139.5087 [GMT 2:00]
ausgeführt von:: c:\users***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\muzapp.exe
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
--------
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-24 bis 2012-09-24 ))))))))))))))))))))))))))))))
.
.
2012-09-24 11:14 . 2012-09-24 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 19:19 . 2012-09-22 19:19 -------- d-----w- c:\program files (x86)\Free Download Manager
2012-09-22 15:57 . 2012-09-22 19:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-21 17:56 . 2012-09-21 17:56 -------- d-----w- c:\programdata\FreeHideIP
2012-09-21 17:55 . 2012-09-21 17:55 -------- d-----w- c:\program files (x86)\FreeHideIP
2012-09-21 16:11 . 2012-09-21 16:11 -------- d-----w- C:\_OTL
2012-09-17 17:52 . 2012-09-17 17:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-17 17:19 . 2012-09-17 17:19 -------- d-----w- c:\program files (x86)\ESET
2012-09-16 19:56 . 2012-09-16 19:56 -------- d-----w- c:\programdata\Malwarebytes
2012-09-16 19:56 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 19:56 . 2012-09-16 19:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-16 18:58 . 2012-09-16 19:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-16 18:58 . 2012-09-16 18:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-16 18:03 . 2012-09-16 18:03 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-09-16 17:25 . 2012-09-16 18:03 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-09-16 16:42 . 2012-09-16 16:42 -------- d-----w- c:\program files\7-Zip
2012-09-15 16:30 . 2012-09-15 16:30 -------- d-----w- c:\program files (x86)\Activision
2012-09-15 16:29 . 2012-09-15 16:29 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-09-15 16:29 . 2012-09-15 16:29 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-09-15 16:27 . 2008-05-30 12:17 25608 ----a-w- c:\windows\SysWow64\X3DAudio1_4.dll
2012-09-15 16:16 . 2012-09-15 16:16 -------- d-----w- c:\program files (x86)\Deep Silver
2012-09-15 16:14 . 2012-09-15 16:14 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-09-15 16:14 . 2012-09-15 16:14 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-09-15 16:14 . 2012-09-15 16:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-15 16:11 . 2007-05-16 14:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-09-15 15:31 . 2012-09-15 16:08 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-09-15 15:31 . 2012-09-15 16:03 -------- d-----w- c:\program files (x86)\Dragon Age
2012-09-15 14:48 . 2012-09-15 14:48 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-09-15 14:48 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-09-15 14:47 . 2012-09-15 14:47 -------- d-----w- c:\programdata\Microsoft Games
2012-09-15 13:28 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-15 13:28 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-15 13:28 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-15 13:28 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-15 13:28 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-14 22:29 . 2012-09-14 22:29 -------- d-----w- c:\program files (x86)\Foxit Software
2012-09-14 21:13 . 2012-09-14 21:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-14 21:13 . 2012-09-14 21:13 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 21:13 . 2012-09-14 21:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-14 21:13 . 2012-09-14 21:13 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 21:12 . 2012-09-14 21:11 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 21:12 . 2012-09-14 21:11 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-14 21:12 . 2012-09-14 21:11 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 21:11 . 2012-09-14 21:11 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-14 21:11 . 2012-09-14 21:11 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-14 21:11 . 2012-09-14 21:11 188904 ----a-w- c:\windows\system32\java.exe
2012-09-14 21:11 . 2012-09-14 21:11 -------- d-----w- c:\program files\Java
2012-09-14 19:46 . 2012-09-14 19:46 -------- d-----w- c:\windows\system32\SPReview
2012-09-14 19:45 . 2012-09-14 19:45 -------- d-----w- c:\windows\system32\EventProviders
2012-09-14 19:45 . 2012-09-14 19:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-14 19:45 . 2012-09-14 19:45 -------- d-----r- c:\program files (x86)\Skype
2012-09-14 10:21 . 2012-08-27 23:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D71E67BF-394D-4FAE-897A-5E5DA659DEF4}\mpengine.dll
2012-09-13 17:30 . 2012-08-28 08:05 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-09-13 17:30 . 2012-09-13 17:30 -------- d-----w- c:\program files (x86)\MarkAny
2012-09-13 17:30 . 2012-08-28 08:04 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-09-13 17:28 . 2012-09-13 17:31 -------- d-----w- c:\program files (x86)\Samsung
2012-09-13 17:28 . 2012-09-13 17:30 -------- d-----w- c:\programdata\Samsung
2012-09-13 17:16 . 2012-09-13 17:16 -------- d-----w- c:\program files (x86)\Amazon
2012-09-13 16:57 . 2012-09-13 16:57 -------- d-----w- c:\programdata\Conexant
2012-09-12 11:50 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 11:50 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 13:20 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-11 13:20 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-11 13:20 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-09 12:00 . 2010-11-20 12:17 322048 ----a-w- c:\windows\SysWow64\RMActivate.exe
2012-09-09 11:59 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-09-09 11:58 . 2010-11-20 13:25 158720 ----a-w- c:\windows\system32\aaclient.dll
2012-09-09 11:57 . 2010-11-20 13:27 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2012-09-09 11:56 . 2010-11-20 13:00 2560 ----a-w- c:\windows\system32\drivers\de-DE\rdpwd.sys.mui
2012-09-09 11:56 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2012-09-09 11:56 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2012-09-09 11:56 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2012-09-09 11:56 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-09-09 11:56 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-09-09 11:56 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-09-09 11:56 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-09-09 11:55 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-09-08 21:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-08 20:46 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-08 20:46 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-08 20:46 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-08 20:46 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-08 20:46 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-08 20:46 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-08 20:46 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-08 11:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-09-08 11:53 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-09-08 11:52 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-09-08 11:51 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-09-08 11:50 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-08 11:49 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-09-08 11:48 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-09-08 11:37 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-09-08 11:37 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-09-08 11:37 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-09-08 11:37 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-09-08 11:37 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-09-08 11:37 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-09-08 11:37 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-09-08 11:37 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-09-08 11:37 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-09-08 11:37 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-09-08 11:37 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-09-08 11:37 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-09-08 11:36 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-09-08 11:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-09-08 11:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-09-08 11:25 . 2012-09-08 11:25 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-09-08 11:25 . 2012-09-08 11:25 -------- d-----w- c:\windows\system32\wbem\en-US
2012-09-08 11:18 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-09-08 11:18 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-09-07 19:48 . 2012-09-07 19:48 -------- d-----w- c:\program files\Paint.NET
2012-09-07 19:46 . 2012-09-07 19:46 -------- d-----w- c:\program files (x86)\Songr
2012-09-07 19:41 . 2012-09-07 19:41 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-09-07 19:41 . 2012-09-07 19:41 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-09-07 19:32 . 2012-09-07 19:32 -------- d-----w- c:\program files (x86)\VideoLAN
2012-09-07 19:27 . 2012-09-09 20:56 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-07 19:27 . 2012-09-23 17:56 -------- d-----w- c:\program files (x86)\Steam
2012-09-07 19:20 . 2012-09-07 19:20 2295408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-07 19:19 . 2012-09-07 19:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-07 19:19 . 2012-09-07 19:19 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-07 19:11 . 2012-09-07 19:11 -------- d-----w- c:\program files\Microsoft Device Center
2012-09-07 18:26 . 2012-09-07 18:26 -------- d-----w- c:\windows\system32\Macromed
2012-09-07 18:19 . 2012-09-14 21:15 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 18:19 . 2012-09-14 21:15 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 19:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-14 19:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-07 15:18 . 2010-06-24 10:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-26 19:38 . 2012-06-26 19:38 827728 ----a-w- c:\windows\system32\msvcr100.dll
2012-06-26 19:38 . 2012-06-26 19:38 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-26 19:38 . 2012-06-26 19:38 607568 ----a-w- c:\windows\system32\msvcp100.dll
2012-06-26 19:38 . 2012-06-26 19:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-26 19:38 . 2012-06-26 19:38 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 250568]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [2010-03-05 720952]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - c:\users\Alexei\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alexei\AppData\Roaming\Mozilla\Firefox\Profiles\38g8y0t0.default\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-24 13:16:50
ComboFix-quarantined-files.txt 2012-09-24 11:16
.
Vor Suchlauf: 11 Verzeichnis(se), 97.958.215.680 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 97.572.175.872 Bytes frei
.
- - End Of File - - 51D8D43494AD42F19A1C99501437176E
|
|
| Themen zu 6 bedrohliche Dateien im Windows Ordner gefunden |
| adobe, adobe flash player, angezeigt, anhang, avast, befallen, blockiert, datei, dateien, dateiname, dateinamen, dropper, flash, flash player, gelöscht, löschen, malware, ordner, player, reparieren, richtig, rootkit, trojaner, virus, windows |
Hybrid-Darstellung
