|
Log-Analyse und Auswertung: CIBS POL. - Abg. Modus funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2013, 14:55 | #1 |
| CIBS POL. - Abg. Modus funktioniert nicht Grüezi miteinander Leider hat auch bei meinem Nachbarn obgenannter Trojaner zugeschlagen. Ich möchte ihm gerne helfen dieses Problem zu beheben, da er gesundheitlich sehr angeschlagen ist. Dabei bin ich auf dieses Forum gestoßen das bereits mehreren Usern helfen konnte. Da bereits ein Thread mit dem selben Titel existiert, habe ich schon einmal OTL heruntergeladen und die beiden Text-Dateien erstellt die ich diesem Posting anhänge. Da ich zum ersten mal in einem Forum wie diesem zugange bin, bitte ich um Verzeihung wenn ich nicht alles auf Anhieb richtig mache. Für eure Hilfe bin ich auf jeden Fall sehr dankbar. |
02.06.2013, 14:56 | #2 |
/// Malware-holic | CIBS POL. - Abg. Modus funktioniert nicht Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL O20 - HKU\S-1-5-21-3834777946-2767378379-115329810-1002 Winlogon: Shell - (C:\Users\NVH\AppData\Roaming\skype.dat) - C:\Users\NVH\AppData\Roaming\skype.dat () [2013/06/02 14:27:56 | 000,000,004 | ---- | M] () -- C:\Users\NVH\AppData\Roaming\skype.ini :files :Commands [emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
02.06.2013, 15:25 | #3 |
| CIBS POL. - Abg. Modus funktioniert nicht Hi Markus
__________________Vorerst herzlichen Dank für die Mühe mir bei diesem Problem zu helfen. Hier nun der Inhalt der Datei: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3834777946-2767378379-115329810-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\NVH\AppData\Roaming\skype.dat deleted successfully. C:\Users\NVH\AppData\Roaming\skype.dat moved successfully. C:\Users\NVH\AppData\Roaming\skype.ini moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: McAfeeMVSUser User: NH ->Temp folder emptied: 103236189 bytes ->Temporary Internet Files folder emptied: 102764973 bytes ->FireFox cache emptied: 55184918 bytes ->Flash cache emptied: 771 bytes User: NVH ->Temp folder emptied: 1716118 bytes ->Temporary Internet Files folder emptied: 1971177 bytes ->FireFox cache emptied: 87476644 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 553 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41196 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes RecycleBin emptied: 336122780 bytes Total Files Cleaned = 657.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06022013_161438 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Gruss George Markus Leider finde ich keinen Ordner _OTL |
02.06.2013, 15:34 | #4 |
/// Malware-holic | CIBS POL. - Abg. Modus funktioniert nicht lieg t auf e:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 15:48 | #5 |
| CIBS POL. - Abg. Modus funktioniert nicht Kann nicht hochladen, da Meldung: "Bitte Link zum Thread überprüfen" Eingeben: CIBS POL. - Abg. Modus funktioniert nicht |
02.06.2013, 15:50 | #6 |
/// Malware-holic | CIBS POL. - Abg. Modus funktioniert nicht link: Code:
ATTFilter http://www.trojaner-board.de/135935-cibs-pol-abg-modus-funktioniert.html
__________________ --> CIBS POL. - Abg. Modus funktioniert nicht |
02.06.2013, 15:52 | #7 |
| CIBS POL. - Abg. Modus funktioniert nicht Danke - Ist hochgeladen |
02.06.2013, 15:56 | #8 |
/// Malware-holic | CIBS POL. - Abg. Modus funktioniert nicht danke. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 16:16 | #9 |
| CIBS POL. - Abg. Modus funktioniert nicht 17:05:17.0441 6108 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:05:17.0613 6108 ============================================================ 17:05:17.0613 6108 Current date / time: 2013/06/02 17:05:17.0613 17:05:17.0613 6108 SystemInfo: 17:05:17.0613 6108 17:05:17.0613 6108 OS Version: 6.1.7601 ServicePack: 1.0 17:05:17.0613 6108 Product type: Workstation 17:05:17.0613 6108 ComputerName: NVH-HP 17:05:17.0613 6108 UserName: NVH 17:05:17.0613 6108 Windows directory: C:\windows 17:05:17.0613 6108 System windows directory: C:\windows 17:05:17.0613 6108 Running under WOW64 17:05:17.0613 6108 Processor architecture: Intel x64 17:05:17.0613 6108 Number of processors: 4 17:05:17.0613 6108 Page size: 0x1000 17:05:17.0613 6108 Boot type: Normal boot 17:05:17.0613 6108 ============================================================ 17:05:18.0221 6108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:05:18.0221 6108 ============================================================ 17:05:18.0221 6108 \Device\Harddisk0\DR0: 17:05:18.0221 6108 MBR partitions: 17:05:18.0221 6108 Initialize success 17:05:18.0221 6108 ============================================================ 17:10:33.0653 6380 ============================================================ 17:10:33.0653 6380 Scan started 17:10:33.0653 6380 Mode: Manual; SigCheck; TDLFS; 17:10:33.0653 6380 ============================================================ 17:10:33.0669 6380 ================ Scan system memory ======================== 17:10:33.0669 6380 System memory - ok 17:10:33.0669 6380 ================ Scan services ============================= 17:10:33.0700 6380 1394ohci - ok 17:10:33.0716 6380 Accelerometer - ok 17:10:33.0731 6380 ACDaemon - ok 17:10:33.0731 6380 ACPI - ok 17:10:33.0747 6380 AcpiPmi - ok 17:10:33.0763 6380 AdobeARMservice - ok 17:10:33.0778 6380 AdobeFlashPlayerUpdateSvc - ok 17:10:33.0778 6380 adp94xx - ok 17:10:33.0778 6380 adpahci - ok 17:10:33.0778 6380 adpu320 - ok 17:10:33.0794 6380 AeLookupSvc - ok 17:10:33.0809 6380 AESTFilters - ok 17:10:33.0809 6380 Afc - ok 17:10:33.0825 6380 AFD - ok 17:10:33.0841 6380 AgereSoftModem - ok 17:10:33.0841 6380 agp440 - ok 17:10:33.0856 6380 ALG - ok 17:10:33.0856 6380 aliide - ok 17:10:33.0856 6380 AMD External Events Utility - ok 17:10:33.0872 6380 amdide - ok 17:10:33.0872 6380 AmdK8 - ok 17:10:33.0872 6380 amdkmdag - ok 17:10:33.0887 6380 amdkmdap - ok 17:10:33.0887 6380 AmdPPM - ok 17:10:33.0903 6380 amdsata - ok 17:10:33.0903 6380 amdsbs - ok 17:10:33.0903 6380 amdxata - ok 17:10:33.0919 6380 androidusb - ok 17:10:33.0919 6380 AntiVirMailService - ok 17:10:33.0934 6380 AntiVirSchedulerService - ok 17:10:33.0934 6380 AntiVirService - ok 17:10:33.0950 6380 AntiVirWebService - ok 17:10:33.0950 6380 AppID - ok 17:10:33.0950 6380 AppIDSvc - ok 17:10:33.0965 6380 Appinfo - ok 17:10:33.0981 6380 AppMgmt - ok 17:10:33.0981 6380 arc - ok 17:10:33.0997 6380 archlp - ok 17:10:33.0997 6380 arcsas - ok 17:10:33.0997 6380 ARCVCAM - ok 17:10:34.0012 6380 AsyncMac - ok 17:10:34.0012 6380 atapi - ok 17:10:34.0012 6380 AtiHdmiService - ok 17:10:34.0028 6380 AudioEndpointBuilder - ok 17:10:34.0028 6380 AudioSrv - ok 17:10:34.0043 6380 avgntflt - ok 17:10:34.0043 6380 avipbb - ok 17:10:34.0043 6380 avkmgr - ok 17:10:34.0059 6380 AxInstSV - ok 17:10:34.0059 6380 b06bdrv - ok 17:10:34.0059 6380 b57nd60a - ok 17:10:34.0075 6380 BDESVC - ok 17:10:34.0075 6380 Beep - ok 17:10:34.0075 6380 BFE - ok 17:10:34.0090 6380 BITS - ok 17:10:34.0090 6380 blbdrive - ok 17:10:34.0106 6380 Bluetooth Device Manager - ok 17:10:34.0106 6380 Bluetooth Media Service - ok 17:10:34.0106 6380 Bluetooth OBEX Service - ok 17:10:34.0121 6380 bowser - ok 17:10:34.0121 6380 BrFiltLo - ok 17:10:34.0121 6380 BrFiltUp - ok 17:10:34.0121 6380 Browser - ok 17:10:34.0137 6380 BrSerIb - ok 17:10:34.0153 6380 Brserid - ok 17:10:34.0153 6380 BrSerWdm - ok 17:10:34.0153 6380 BrUsbMdm - ok 17:10:34.0153 6380 BrUsbSer - ok 17:10:34.0168 6380 BrUsbSIb - ok 17:10:34.0168 6380 BrYNSvc - ok 17:10:34.0184 6380 BthEnum - ok 17:10:34.0184 6380 BTHMODEM - ok 17:10:34.0184 6380 BthPan - ok 17:10:34.0184 6380 BTHPORT - ok 17:10:34.0199 6380 bthserv - ok 17:10:34.0199 6380 BTHUSB - ok 17:10:34.0215 6380 BTMCOM - ok 17:10:34.0215 6380 BTMHID - ok 17:10:34.0231 6380 BTMUSB - ok 17:10:34.0231 6380 cdfs - ok 17:10:34.0231 6380 cdrom - ok 17:10:34.0231 6380 CertPropSvc - ok 17:10:34.0246 6380 circlass - ok 17:10:34.0246 6380 CLFS - ok 17:10:34.0246 6380 clr_optimization_v2.0.50727_32 - ok 17:10:34.0262 6380 clr_optimization_v2.0.50727_64 - ok 17:10:34.0262 6380 clr_optimization_v4.0.30319_32 - ok 17:10:34.0262 6380 clr_optimization_v4.0.30319_64 - ok 17:10:34.0262 6380 CmBatt - ok 17:10:34.0277 6380 cmdide - ok 17:10:34.0277 6380 CNG - ok 17:10:34.0277 6380 Compbatt - ok 17:10:34.0277 6380 CompositeBus - ok 17:10:34.0293 6380 COMSysApp - ok 17:10:34.0293 6380 crcdisk - ok 17:10:34.0293 6380 CryptSvc - ok 17:10:34.0309 6380 CSC - ok 17:10:34.0309 6380 CscService - ok 17:10:34.0309 6380 DAMDrv - ok 17:10:34.0324 6380 DcomLaunch - ok 17:10:34.0324 6380 DEBridge - ok 17:10:34.0324 6380 defragsvc - ok 17:10:34.0324 6380 DfsC - ok 17:10:34.0340 6380 Dhcp - ok 17:10:34.0340 6380 discache - ok 17:10:34.0340 6380 Disk - ok 17:10:34.0340 6380 Dnscache - ok 17:10:34.0355 6380 dot3svc - ok 17:10:34.0355 6380 DpHost - ok 17:10:34.0355 6380 DPS - ok 17:10:34.0371 6380 drmkaud - ok 17:10:34.0371 6380 DXGKrnl - ok 17:10:34.0371 6380 EapHost - ok 17:10:34.0371 6380 ebdrv - ok 17:10:34.0387 6380 EFS - ok 17:10:34.0387 6380 ehRecvr - ok 17:10:34.0387 6380 ehSched - ok 17:10:34.0387 6380 elxstor - ok 17:10:34.0402 6380 ErrDev - ok 17:10:34.0402 6380 EventSystem - ok 17:10:34.0402 6380 exfat - ok 17:10:34.0418 6380 fastfat - ok 17:10:34.0418 6380 Fax - ok 17:10:34.0418 6380 fdc - ok 17:10:34.0418 6380 fdPHost - ok 17:10:34.0433 6380 FDResPub - ok 17:10:34.0433 6380 FileInfo - ok 17:10:34.0433 6380 Filetrace - ok 17:10:34.0433 6380 FLCDLOCK - ok 17:10:34.0449 6380 FLEXnet Licensing Service - ok 17:10:34.0449 6380 FLEXnet Licensing Service 64 - ok 17:10:34.0449 6380 flpydisk - ok 17:10:34.0465 6380 FltMgr - ok 17:10:34.0465 6380 FontCache - ok 17:10:34.0465 6380 FontCache3.0.0.0 - ok 17:10:34.0465 6380 FsDepends - ok 17:10:34.0480 6380 Fs_Rec - ok 17:10:34.0480 6380 fvevol - ok 17:10:34.0480 6380 gagp30kx - ok 17:10:34.0480 6380 gpsvc - ok 17:10:34.0496 6380 gupdate - ok 17:10:34.0511 6380 gupdatem - ok 17:10:34.0511 6380 hcw85cir - ok 17:10:34.0511 6380 HdAudAddService - ok 17:10:34.0511 6380 HDAudBus - ok 17:10:34.0527 6380 HECIx64 - ok 17:10:34.0527 6380 HidBatt - ok 17:10:34.0527 6380 HidBth - ok 17:10:34.0527 6380 HidIr - ok 17:10:34.0543 6380 hidserv - ok 17:10:34.0543 6380 HidUsb - ok 17:10:34.0543 6380 hkmsvc - ok 17:10:34.0543 6380 HomeGroupListener - ok 17:10:34.0558 6380 HomeGroupProvider - ok 17:10:34.0574 6380 HP Health Check Service - ok 17:10:34.0574 6380 HP Power Assistant Service - ok 17:10:34.0574 6380 HP ProtectTools Service - ok 17:10:34.0589 6380 HP Wireless Assistant Service - ok 17:10:34.0605 6380 HPDayStarterService - ok 17:10:34.0605 6380 HPDrvMntSvc.exe - ok 17:10:34.0605 6380 hpdskflt - ok 17:10:34.0621 6380 HpFkCryptService - ok 17:10:34.0621 6380 HPFSService - ok 17:10:34.0621 6380 hpHotkeyMonitor - ok 17:10:34.0621 6380 HpqKbFiltr - ok 17:10:34.0636 6380 hpqwmiex - ok 17:10:34.0636 6380 HpSAMD - ok 17:10:34.0636 6380 hpsrv - ok 17:10:34.0652 6380 HTTP - ok 17:10:34.0652 6380 hwpolicy - ok 17:10:34.0652 6380 i8042prt - ok 17:10:34.0652 6380 iaStor - ok 17:10:34.0667 6380 IAStorDataMgrSvc - ok 17:10:34.0683 6380 iaStorV - ok 17:10:34.0683 6380 idsvc - ok 17:10:34.0683 6380 iirsp - ok 17:10:34.0683 6380 IKEEXT - ok 17:10:34.0699 6380 Impcd - ok 17:10:34.0699 6380 intelide - ok 17:10:34.0699 6380 intelppm - ok 17:10:34.0714 6380 IPBusEnum - ok 17:10:34.0714 6380 IpFilterDriver - ok 17:10:34.0714 6380 iphlpsvc - ok 17:10:34.0714 6380 IPMIDRV - ok 17:10:34.0730 6380 IPNAT - ok 17:10:34.0730 6380 IRENUM - ok 17:10:34.0730 6380 isapnp - ok 17:10:34.0745 6380 iScsiPrt - ok 17:10:34.0745 6380 kbdclass - ok 17:10:34.0745 6380 kbdhid - ok 17:10:34.0745 6380 KeyIso - ok 17:10:34.0745 6380 KSecDD - ok 17:10:34.0761 6380 KSecPkg - ok 17:10:34.0761 6380 ksthunk - ok 17:10:34.0761 6380 KtmRm - ok 17:10:34.0777 6380 LanmanServer - ok 17:10:34.0777 6380 LanmanWorkstation - ok 17:10:34.0777 6380 LBTServ - ok 17:10:34.0777 6380 LHidFilt - ok 17:10:34.0792 6380 LightScribeService - ok 17:10:34.0792 6380 lltdio - ok 17:10:34.0792 6380 lltdsvc - ok 17:10:34.0792 6380 lmhosts - ok 17:10:34.0808 6380 LMouFilt - ok 17:10:34.0808 6380 LMS - ok 17:10:34.0808 6380 LSI_FC - ok 17:10:34.0823 6380 LSI_SAS - ok 17:10:34.0823 6380 LSI_SAS2 - ok 17:10:34.0839 6380 LSI_SCSI - ok 17:10:34.0839 6380 luafv - ok 17:10:34.0855 6380 McComponentHostService - ok 17:10:34.0855 6380 Mcx2Svc - ok 17:10:34.0870 6380 MDM - ok 17:10:34.0870 6380 megasas - ok 17:10:34.0870 6380 MegaSR - ok 17:10:34.0886 6380 MMCSS - ok 17:10:34.0886 6380 Modem - ok 17:10:34.0886 6380 monitor - ok 17:10:34.0886 6380 mouclass - ok 17:10:34.0901 6380 mouhid - ok 17:10:34.0901 6380 mountmgr - ok 17:10:34.0901 6380 MozillaMaintenance - ok 17:10:34.0917 6380 mpio - ok 17:10:34.0917 6380 mpsdrv - ok 17:10:34.0917 6380 MpsSvc - ok 17:10:34.0933 6380 MRxDAV - ok 17:10:34.0933 6380 mrxsmb - ok 17:10:34.0933 6380 mrxsmb10 - ok 17:10:34.0933 6380 mrxsmb20 - ok 17:10:34.0948 6380 msahci - ok 17:10:34.0948 6380 msdsm - ok 17:10:34.0948 6380 MSDTC - ok 17:10:34.0964 6380 Msfs - ok 17:10:34.0964 6380 mshidkmdf - ok 17:10:34.0979 6380 msisadrv - ok 17:10:34.0979 6380 MSiSCSI - ok 17:10:34.0979 6380 msiserver - ok 17:10:34.0979 6380 MSKSSRV - ok 17:10:34.0995 6380 MSPCLOCK - ok 17:10:34.0995 6380 MSPQM - ok 17:10:34.0995 6380 MsRPC - ok 17:10:35.0011 6380 mssmbios - ok 17:10:35.0011 6380 MSTEE - ok 17:10:35.0011 6380 MTConfig - ok 17:10:35.0011 6380 Mup - ok 17:10:35.0026 6380 napagent - ok 17:10:35.0026 6380 NativeWifiP - ok 17:10:35.0026 6380 NDIS - ok 17:10:35.0026 6380 NdisCap - ok 17:10:35.0042 6380 NdisTapi - ok 17:10:35.0042 6380 Ndisuio - ok 17:10:35.0042 6380 NdisWan - ok 17:10:35.0042 6380 NDProxy - ok 17:10:35.0073 6380 NetBIOS - ok 17:10:35.0073 6380 NetBT - ok 17:10:35.0073 6380 Netlogon - ok 17:10:35.0073 6380 Netman - ok 17:10:35.0089 6380 netprofm - ok 17:10:35.0089 6380 netr28x - ok 17:10:35.0089 6380 NetTcpPortSharing - ok 17:10:35.0089 6380 nfrd960 - ok 17:10:35.0104 6380 NlaSvc - ok 17:10:35.0104 6380 Npfs - ok 17:10:35.0104 6380 nsi - ok 17:10:35.0104 6380 nsiproxy - ok 17:10:35.0120 6380 Ntfs - ok 17:10:35.0120 6380 Null - ok 17:10:35.0120 6380 nvraid - ok 17:10:35.0135 6380 nvstor - ok 17:10:35.0135 6380 nv_agp - ok 17:10:35.0135 6380 ohci1394 - ok 17:10:35.0135 6380 p2pimsvc - ok 17:10:35.0151 6380 p2psvc - ok 17:10:35.0151 6380 Parport - ok 17:10:35.0151 6380 partmgr - ok 17:10:35.0151 6380 PcaSvc - ok 17:10:35.0167 6380 pci - ok 17:10:35.0167 6380 pciide - ok 17:10:35.0167 6380 pcmcia - ok 17:10:35.0182 6380 pcw - ok 17:10:35.0182 6380 PEAUTH - ok 17:10:35.0182 6380 PeerDistSvc - ok 17:10:35.0182 6380 PerfHost - ok 17:10:35.0198 6380 pla - ok 17:10:35.0213 6380 PlugPlay - ok 17:10:35.0213 6380 PNRPAutoReg - ok 17:10:35.0213 6380 PNRPsvc - ok 17:10:35.0213 6380 PolicyAgent - ok 17:10:35.0229 6380 Power - ok 17:10:35.0229 6380 PptpMiniport - ok 17:10:35.0229 6380 Processor - ok 17:10:35.0245 6380 ProfSvc - ok 17:10:35.0245 6380 ProtectedStorage - ok 17:10:35.0245 6380 Psched - ok 17:10:35.0245 6380 ql2300 - ok 17:10:35.0260 6380 ql40xx - ok 17:10:35.0260 6380 QWAVE - ok 17:10:35.0260 6380 QWAVEdrv - ok 17:10:35.0260 6380 RasAcd - ok 17:10:35.0276 6380 RasAgileVpn - ok 17:10:35.0276 6380 RasAuto - ok 17:10:35.0276 6380 Rasl2tp - ok 17:10:35.0276 6380 RasMan - ok 17:10:35.0291 6380 RasPppoe - ok 17:10:35.0291 6380 RasSstp - ok 17:10:35.0291 6380 rdbss - ok 17:10:35.0307 6380 rdpbus - ok 17:10:35.0307 6380 RDPCDD - ok 17:10:35.0307 6380 RDPDR - ok 17:10:35.0307 6380 RDPENCDD - ok 17:10:35.0323 6380 RDPREFMP - ok 17:10:35.0323 6380 RDPWD - ok 17:10:35.0323 6380 rdyboost - ok 17:10:35.0338 6380 RemoteAccess - ok 17:10:35.0338 6380 RemoteRegistry - ok 17:10:35.0338 6380 RFCOMM - ok 17:10:35.0354 6380 RpcEptMapper - ok 17:10:35.0354 6380 RpcLocator - ok 17:10:35.0369 6380 RpcSs - ok 17:10:35.0369 6380 rspndr - ok 17:10:35.0369 6380 RSUSBSTOR - ok 17:10:35.0369 6380 RsvLock - ok 17:10:35.0385 6380 RTL8167 - ok 17:10:35.0385 6380 rtsuvc - ok 17:10:35.0385 6380 s3cap - ok 17:10:35.0385 6380 SafeBoot - ok 17:10:35.0401 6380 SamSs - ok 17:10:35.0401 6380 SbAlg - ok 17:10:35.0401 6380 SbFsLock - ok 17:10:35.0401 6380 sbp2port - ok 17:10:35.0416 6380 SCardSvr - ok 17:10:35.0416 6380 scfilter - ok 17:10:35.0416 6380 Schedule - ok 17:10:35.0432 6380 SCPolicySvc - ok 17:10:35.0432 6380 sdbus - ok 17:10:35.0432 6380 SDRSVC - ok 17:10:35.0432 6380 secdrv - ok 17:10:35.0447 6380 seclogon - ok 17:10:35.0447 6380 SENS - ok 17:10:35.0463 6380 SensrSvc - ok 17:10:35.0463 6380 Serenum - ok 17:10:35.0463 6380 Serial - ok 17:10:35.0479 6380 sermouse - ok 17:10:35.0479 6380 SessionEnv - ok 17:10:35.0494 6380 sffdisk - ok 17:10:35.0494 6380 sffp_mmc - ok 17:10:35.0494 6380 sffp_sd - ok 17:10:35.0494 6380 sfloppy - ok 17:10:35.0510 6380 SharedAccess - ok 17:10:35.0510 6380 ShellHWDetection - ok 17:10:35.0510 6380 SiSRaid2 - ok 17:10:35.0510 6380 SiSRaid4 - ok 17:10:35.0525 6380 SkypeUpdate - ok 17:10:35.0525 6380 Smb - ok 17:10:35.0525 6380 SNMPTRAP - ok 17:10:35.0541 6380 spldr - ok 17:10:35.0541 6380 Spooler - ok 17:10:35.0541 6380 sppsvc - ok 17:10:35.0541 6380 sppuinotify - ok 17:10:35.0557 6380 srv - ok 17:10:35.0557 6380 srv2 - ok 17:10:35.0557 6380 srvnet - ok 17:10:35.0572 6380 ssadbus - ok 17:10:35.0572 6380 ssadmdfl - ok 17:10:35.0572 6380 ssadmdm - ok 17:10:35.0588 6380 ssadserd - ok 17:10:35.0588 6380 SSDPSRV - ok 17:10:35.0603 6380 SSPORT - ok 17:10:35.0603 6380 SstpSvc - ok 17:10:35.0603 6380 STacSV - ok 17:10:35.0619 6380 stexstor - ok 17:10:35.0619 6380 STHDA - ok 17:10:35.0619 6380 StillCam - ok 17:10:35.0619 6380 stisvc - ok 17:10:35.0635 6380 storflt - ok 17:10:35.0635 6380 StorSvc - ok 17:10:35.0635 6380 storvsc - ok 17:10:35.0635 6380 swenum - ok 17:10:35.0650 6380 swprv - ok 17:10:35.0650 6380 SynTP - ok 17:10:35.0650 6380 SysMain - ok 17:10:35.0650 6380 TabletInputService - ok 17:10:35.0666 6380 TapiSrv - ok 17:10:35.0666 6380 TBS - ok 17:10:35.0666 6380 Tcpip - ok 17:10:35.0666 6380 TCPIP6 - ok 17:10:35.0681 6380 tcpipreg - ok 17:10:35.0681 6380 TDPIPE - ok 17:10:35.0681 6380 TDTCP - ok 17:10:35.0697 6380 tdx - ok 17:10:35.0713 6380 TermDD - ok 17:10:35.0713 6380 TermService - ok 17:10:35.0713 6380 Themes - ok 17:10:35.0713 6380 THREADORDER - ok 17:10:35.0728 6380 TPM - ok 17:10:35.0728 6380 TrkWks - ok 17:10:35.0728 6380 TrustedInstaller - ok 17:10:35.0728 6380 tssecsrv - ok 17:10:35.0744 6380 TsUsbFlt - ok 17:10:35.0744 6380 tunnel - ok 17:10:35.0744 6380 uagp35 - ok 17:10:35.0744 6380 uArcCapture - ok 17:10:35.0759 6380 udfs - ok 17:10:35.0759 6380 UI0Detect - ok 17:10:35.0775 6380 uliagpkx - ok 17:10:35.0775 6380 umbus - ok 17:10:35.0775 6380 UmPass - ok 17:10:35.0775 6380 UmRdpService - ok 17:10:35.0775 6380 UNS - ok 17:10:35.0791 6380 upnphost - ok 17:10:35.0791 6380 usbccgp - ok 17:10:35.0791 6380 usbcir - ok 17:10:35.0806 6380 usbehci - ok 17:10:35.0806 6380 usbhub - ok 17:10:35.0806 6380 usbohci - ok 17:10:35.0806 6380 usbprint - ok 17:10:35.0822 6380 usbscan - ok 17:10:35.0822 6380 USBSTOR - ok 17:10:35.0822 6380 usbuhci - ok 17:10:35.0837 6380 usbvideo - ok 17:10:35.0853 6380 usb_rndisx - ok 17:10:35.0853 6380 UxSms - ok 17:10:35.0853 6380 VaultSvc - ok 17:10:35.0869 6380 vcsFPService - ok 17:10:35.0869 6380 vdrvroot - ok 17:10:35.0884 6380 vds - ok 17:10:35.0884 6380 vga - ok 17:10:35.0884 6380 VgaSave - ok 17:10:35.0884 6380 vhdmp - ok 17:10:35.0900 6380 viaide - ok 17:10:35.0900 6380 vmbus - ok 17:10:35.0900 6380 VMBusHID - ok 17:10:35.0900 6380 volmgr - ok 17:10:35.0915 6380 volmgrx - ok 17:10:35.0915 6380 volsnap - ok 17:10:35.0915 6380 vpcbus - ok 17:10:35.0915 6380 vpcnfltr - ok 17:10:35.0931 6380 vpcusb - ok 17:10:35.0931 6380 vpcvmm - ok 17:10:35.0931 6380 vsmraid - ok 17:10:35.0947 6380 VSS - ok 17:10:35.0947 6380 vwifibus - ok 17:10:35.0962 6380 vwififlt - ok 17:10:35.0962 6380 vwifimp - ok 17:10:35.0962 6380 W32Time - ok 17:10:35.0978 6380 WacomPen - ok 17:10:35.0978 6380 WANARP - ok 17:10:35.0978 6380 Wanarpv6 - ok 17:10:35.0993 6380 WatAdminSvc - ok 17:10:35.0993 6380 wbengine - ok 17:10:35.0993 6380 WbioSrvc - ok 17:10:36.0009 6380 wcncsvc - ok 17:10:36.0009 6380 WcsPlugInService - ok 17:10:36.0009 6380 Wd - ok 17:10:36.0009 6380 Wdf01000 - ok 17:10:36.0025 6380 WdiServiceHost - ok 17:10:36.0025 6380 WdiSystemHost - ok 17:10:36.0025 6380 WebClient - ok 17:10:36.0025 6380 Wecsvc - ok 17:10:36.0040 6380 wercplsupport - ok 17:10:36.0040 6380 WerSvc - ok 17:10:36.0040 6380 WfpLwf - ok 17:10:36.0056 6380 WIMMount - ok 17:10:36.0056 6380 WinDefend - ok 17:10:36.0056 6380 WinHttpAutoProxySvc - ok 17:10:36.0071 6380 Winmgmt - ok 17:10:36.0071 6380 WinRM - ok 17:10:36.0071 6380 WinUSB - ok 17:10:36.0087 6380 Wlansvc - ok 17:10:36.0087 6380 wlidsvc - ok 17:10:36.0087 6380 WmiAcpi - ok 17:10:36.0103 6380 wmiApSrv - ok 17:10:36.0103 6380 WMPNetworkSvc - ok 17:10:36.0103 6380 WPCSvc - ok 17:10:36.0103 6380 WPDBusEnum - ok 17:10:36.0118 6380 ws2ifsl - ok 17:10:36.0118 6380 wscsvc - ok 17:10:36.0134 6380 WSDPrintDevice - ok 17:10:36.0134 6380 WSearch - ok 17:10:36.0134 6380 wuauserv - ok 17:10:36.0149 6380 WudfPf - ok 17:10:36.0149 6380 WUDFRd - ok 17:10:36.0149 6380 wudfsvc - ok 17:10:36.0149 6380 WwanSvc - ok 17:10:36.0181 6380 ================ Scan global =============================== 17:10:36.0181 6380 [Global] - ok 17:10:36.0181 6380 ================ Scan MBR ================================== 17:10:36.0196 6380 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:10:36.0586 6380 \Device\Harddisk0\DR0 - ok 17:10:36.0586 6380 ================ Scan VBR ================================== 17:10:36.0586 6380 ============================================================ 17:10:36.0586 6380 Scan finished 17:10:36.0586 6380 ============================================================ 17:10:36.0602 5516 Detected object count: 0 17:10:36.0602 5516 Actual detected object count: 0 |
02.06.2013, 16:56 | #10 |
/// Malware-holic | CIBS POL. - Abg. Modus funktioniert nicht Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 17:12 | #11 |
| CIBS POL. - Abg. Modus funktioniert nicht Markus ComboFix läuft gerade auf dem infizierten Computer. Ich möchte mich schon mal recht herzlich für die aufwändige Hilfe bedanken. Ich werde meinen Nachbarn dazu verpflichten euch eine Spende zukommen zu lassen. Die Log-Datei folgt in kürze... Code:
ATTFilter ComboFix 13-06-02.02 - NVH 02.06.2013 18:04:27.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.3951.1626 [GMT 2:00] ausgeführt von:: c:\users\NVH\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\C53167FCF9.sys C:\Thumbs.db c:\users\NH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\CbsProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\CbsProvider.dll.mui c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\DismProv.dll.mui c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\LogProvider.dll.mui c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\OSProvider.dll.mui c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DismCorePS.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DismHost.exe c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DismProv.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DmiProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\IntlProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\LogProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\MsiProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\OSProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\SmiProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\TransmogProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\UnattendProvider.dll c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\wdscore.dll c:\users\NVH\AppData\Roaming\Microsoft\Windows\Recent\PDFCreator.url c:\users\NVH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\pt c:\windows\SysWow64\pt\DPCont32.dll.mui c:\windows\SysWow64\pt\DPCrProv.dll.mui c:\windows\SysWow64\pt\DPFPApiUI.dll.mui c:\windows\SysWow64\pt\DPPassFilter.dll.mui c:\windows\SysWow64\System32\MASetupCleaner.exe c:\windows\SysWow64\System32\muzapp.exe c:\windows\TEMP\IE1FEBA.tmp\IE10-support\ienrcore.exe c:\windows\TEMP\IE1FEBA.tmp\SQMAPI.DLL D:\autorun.inf . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-02 bis 2013-06-02 )))))))))))))))))))))))))))))) . . 2013-06-02 15:19 . 2013-06-02 15:19 2155344 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-06-01 11:08 . 2013-06-01 11:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2013-05-31 15:23 . 2013-06-02 15:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2013-05-31 15:22 . 2013-05-31 15:22 2155344 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-05-31 14:49 . 2013-05-31 14:49 -------- d---a-w- c:\program files (x86)\UtilityChest_49EI 2013-05-31 13:03 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DBD7CB5-ECDC-4138-97C7-36B9C56B60BD}\mpengine.dll 2013-05-25 10:21 . 2013-06-01 10:09 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-05-24 15:35 . 2013-05-24 15:35 -------- d-----w- c:\users\NVH\AppData\Roaming\pdfforge 2013-05-24 15:35 . 2012-10-28 16:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll 2013-05-24 15:35 . 2012-05-05 08:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2013-05-24 15:35 . 2012-05-05 08:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2013-05-24 15:35 . 2013-05-31 14:53 -------- d-----w- c:\program files (x86)\PDFCreator 2013-05-24 15:35 . 2012-05-05 08:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2013-05-24 15:35 . 1998-07-06 15:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL 2013-05-24 15:35 . 1998-07-06 15:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL 2013-05-24 15:35 . 1998-07-06 15:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL 2013-05-24 15:24 . 2013-05-24 15:24 -------- d-----w- c:\users\NVH\AppData\Roaming\PDF Architect 2013-05-24 15:13 . 2013-05-24 15:13 -------- d-----w- c:\users\NVH\AppData\Local\Programs 2013-05-16 06:17 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-16 06:17 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-16 06:17 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-15 08:48 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-22 14:25 . 2011-01-21 17:36 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2013-05-16 06:20 . 2011-01-26 20:04 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 08:33 . 2012-04-26 15:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 08:33 . 2011-08-16 12:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 00:06 . 2011-08-10 08:14 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 08:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 08:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 08:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 08:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 08:48 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 08:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 10:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-19 06:04 . 2013-04-11 08:49 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-11 08:49 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-11 08:49 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-11 08:49 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-11 08:49 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-11 08:49 112640 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536] "DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-20 348664] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440] . c:\users\NH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-10-5 1207312] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 2019120] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328] R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552] R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592] R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-04-10 52736] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-17 362040] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-26 1255736] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-01-13 142848] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-08-20 27760] S1 RsvLock;RsvLock; [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 204288] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-08-20 375760] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-20 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-08-20 465360] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128] S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-18 103992] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992] S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984] S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-12-12 11576] S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640] S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] S3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [2010-03-23 34048] S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-06-29 3232768] S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-29 1028096] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176] S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:41 89216] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 45667197 *Deregistered* - 45667197 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-24 09:29 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 08:33] . 2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 06:29] . 2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 06:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-18 1691192] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192] "BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 456704] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.babylon.com/?affID=110824&tt=4312_5&babsrc=HP_ss&mntrId=f0e77527000000000000e02a82555069 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000 IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.bluewin.ch/ FF - prefs.js: keyword.URL - hxxp://go.web.de/tb/mff_keyurl_search/?su= FF - user.js: general.useragent.extra.brc - . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-02 18:12:55 ComboFix-quarantined-files.txt 2013-06-02 16:12 . Vor Suchlauf: 17 Verzeichnis(se), 203'440'762'880 Bytes frei Nach Suchlauf: 25 Verzeichnis(se), 202'949'603'328 Bytes frei . - - End Of File - - 46291095CBFC3B59C3191D0424FD78BB |
02.06.2013, 17:23 | #12 |
/// Malware-holic | CIBS POL. - Abg. Modus funktioniert nicht Kein Prob, und danke. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 18:38 | #13 |
| CIBS POL. - Abg. Modus funktioniert nichtCode:
ATTFilter 2013/06/02 18:30:33 +0200 NVH-HP NVH MESSAGE Starting protection 2013/06/02 18:30:33 +0200 NVH-HP NVH MESSAGE Protection started successfully 2013/06/02 18:30:33 +0200 NVH-HP NVH MESSAGE Starting IP protection 2013/06/02 18:31:01 +0200 NVH-HP NVH MESSAGE IP Protection started successfully 2013/06/02 18:31:07 +0200 NVH-HP NVH MESSAGE Starting database refresh 2013/06/02 18:31:07 +0200 NVH-HP NVH MESSAGE Stopping IP protection 2013/06/02 18:31:12 +0200 NVH-HP NVH MESSAGE IP Protection stopped successfully 2013/06/02 18:31:15 +0200 NVH-HP NVH MESSAGE Database refreshed successfully 2013/06/02 18:31:15 +0200 NVH-HP NVH MESSAGE Starting IP protection 2013/06/02 18:31:18 +0200 NVH-HP NVH MESSAGE IP Protection started successfully 2013/06/02 18:36:35 +0200 NVH-HP NVH MESSAGE Executing scheduled update: Daily 2013/06/02 18:36:37 +0200 NVH-HP NVH MESSAGE Database already up-to-date 2013/06/02 19:21:10 +0200 NVH-HP (null) MESSAGE Starting protection 2013/06/02 19:21:10 +0200 NVH-HP (null) MESSAGE Protection started successfully 2013/06/02 19:21:10 +0200 NVH-HP (null) MESSAGE Starting IP protection 2013/06/02 19:21:14 +0200 NVH-HP (null) MESSAGE IP Protection started successfully 2013/06/02 19:31:23 +0200 NVH-HP (null) MESSAGE Starting protection 2013/06/02 19:31:23 +0200 NVH-HP (null) MESSAGE Protection started successfully 2013/06/02 19:31:23 +0200 NVH-HP (null) MESSAGE Starting IP protection 2013/06/02 19:31:28 +0200 NVH-HP (null) MESSAGE IP Protection started successfully |
02.06.2013, 18:41 | #14 |
/// Malware-holic | CIBS POL. - Abg. Modus funktioniert nicht das ist nicht das Richtige, schau mal obs noch weitere Logs gibt, das ist das Protection log, nicht das vom Scan
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 18:57 | #15 |
| CIBS POL. - Abg. Modus funktioniert nicht unter Log Dateien im Programm Malwarebytes hatte es nur dieses Log. Ich scanne nun nochmals. Dauert aber wieder eine weile. Danke für die Geduld... |
Themen zu CIBS POL. - Abg. Modus funktioniert nicht |
beheben, bereits, erstell, erstellt, forum, funktionier, funktioniert, funktioniert nicht, mehreren, modus, nachbar, posting, problem, richtig, thread, titel, troja, trojaner, usern |