Windows7; SpyBot findet Win32.downloader.gen

Beatvatti · 15.09.2013, 15:22

Hallo, anbei das Combofix log. Vielen Dank!

Code:

ATTFilter

ComboFix 13-09-14.01 - Administrator 15.09.2013  15:55:44.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4061.2597 [GMT 2:00]
ausgeführt von:: c:\users\ALVARO\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
Q:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-15 bis 2013-09-15  ))))))))))))))))))))))))))))))
.
.
2013-09-15 14:07 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F85425C-8DB8-465D-9AAF-193B5A4F4350}\mpengine.dll
2013-09-15 14:05 . 2013-09-15 14:05	--------	d-----w-	c:\users\SAM\AppData\Local\temp
2013-09-15 13:48 . 2013-09-15 13:48	--------	d-----w-	c:\users\Administrator
2013-09-14 07:58 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BB39066-6A9B-45E8-81B9-C7C74912EDDB}\mpengine.dll
2013-09-13 16:29 . 2013-09-13 16:29	--------	d-----w-	C:\FRST
2013-09-13 15:59 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-13 15:18 . 2013-09-13 15:52	--------	d-----w-	C:\AdwCleaner
2013-09-12 14:24 . 2013-09-12 14:24	--------	d-----w-	c:\program files (x86)\SaalDesignSoftware
2013-09-12 11:09 . 2013-08-05 02:25	155584	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-09-12 11:08 . 2013-07-26 02:24	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-08-20 19:49 . 2013-08-20 19:50	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 13:34 . 2013-08-17 13:34	--------	d-----w-	c:\program files\iTunes
2013-08-17 13:34 . 2013-08-17 13:34	--------	d-----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 08:49 . 2012-03-29 07:13	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 08:49 . 2011-05-19 21:51	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 11:39 . 2011-04-12 18:39	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-09-06 05:02 . 2013-05-07 13:23	81112	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-06 05:02 . 2013-03-30 06:44	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-06 05:02 . 2013-03-30 06:44	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-02 01:48 . 2013-09-12 11:09	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 17:44	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 17:44	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-23 17:48 . 2013-07-23 17:48	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-23 17:48 . 2012-12-19 19:21	867240	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-07-23 17:48 . 2011-04-12 18:15	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-07-19 01:58 . 2013-08-14 17:44	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 17:44	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 17:44	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 17:44	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 17:44	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 17:44	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 17:44	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 17:44	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 17:44	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 17:44	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 17:44	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 17:44	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 17:44	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-25 16:23 . 2013-06-25 16:23	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 16:23 . 2013-06-25 16:23	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 16:23 . 2013-06-25 16:23	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-06-25 16:23 . 2013-06-25 16:23	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-06-25 16:23 . 2013-06-25 16:23	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-06-25 16:23 . 2013-06-25 16:23	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-06-25 16:23 . 2013-06-25 16:23	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-06-25 16:23 . 2013-06-25 16:23	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-06-25 16:23 . 2013-06-25 16:23	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-06-25 16:23 . 2013-06-25 16:23	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-06-25 16:23 . 2013-06-25 16:23	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-06-25 16:23 . 2013-06-25 16:23	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-06-25 16:23 . 2013-06-25 16:23	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-06-25 16:23 . 2013-06-25 16:23	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-06-25 16:23 . 2013-06-25 16:23	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 16:23 . 2013-06-25 16:23	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 16:23 . 2013-06-25 16:23	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-06-25 16:23 . 2013-06-25 16:23	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 16:23 . 2013-06-25 16:23	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-25 16:23 . 2013-06-25 16:23	81408	----a-w-	c:\windows\system32\icardie.dll
2013-06-25 16:23 . 2013-06-25 16:23	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-06-25 16:23 . 2013-06-25 16:23	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-06-25 16:23 . 2013-06-25 16:23	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-06-25 16:23 . 2013-06-25 16:23	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-06-25 16:23 . 2013-06-25 16:23	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-06-25 16:23 . 2013-06-25 16:23	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-06-25 16:23 . 2013-06-25 16:23	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-25 16:23 . 2013-06-25 16:23	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-06-25 16:23 . 2013-06-25 16:23	441856	----a-w-	c:\windows\system32\html.iec
2013-06-25 16:23 . 2013-06-25 16:23	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-06-25 16:23 . 2013-06-25 16:23	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-25 16:23 . 2013-06-25 16:23	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-06-25 16:23 . 2013-06-25 16:23	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-06-25 16:23 . 2013-06-25 16:23	235008	----a-w-	c:\windows\system32\url.dll
2013-06-25 16:23 . 2013-06-25 16:23	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-06-25 16:23 . 2013-06-25 16:23	216064	----a-w-	c:\windows\system32\msls31.dll
2013-06-25 16:23 . 2013-06-25 16:23	197120	----a-w-	c:\windows\system32\msrating.dll
2013-06-25 16:23 . 2013-06-25 16:23	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-25 16:23 . 2013-06-25 16:23	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-06-25 16:23 . 2013-06-25 16:23	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-25 16:23 . 2013-06-25 16:23	149504	----a-w-	c:\windows\system32\occache.dll
2013-06-25 16:23 . 2013-06-25 16:23	144896	----a-w-	c:\windows\system32\wextract.exe
2013-06-25 16:23 . 2013-06-25 16:23	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-06-25 16:23 . 2013-06-25 16:23	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-06-25 16:23 . 2013-06-25 16:23	13824	----a-w-	c:\windows\system32\mshta.exe
2013-06-25 16:23 . 2013-06-25 16:23	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-06-25 16:23 . 2013-06-25 16:23	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-25 16:23 . 2013-06-25 16:23	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-06-25 16:23 . 2013-06-25 16:23	102912	----a-w-	c:\windows\system32\inseng.dll
2013-06-25 16:22 . 2013-06-25 16:22	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-06-25 16:22 . 2013-06-25 16:22	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-06-25 16:22 . 2013-06-25 16:22	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-06-25 16:22 . 2013-06-25 16:22	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-06-25 16:22 . 2013-06-25 16:22	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 16:22 . 2013-06-25 16:22	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-06-25 16:22 . 2013-06-25 16:22	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-06-25 16:22 . 2013-06-25 16:22	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-06-25 16:22 . 2013-06-25 16:22	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 16:22 . 2013-06-25 16:22	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 16:22 . 2013-06-25 16:22	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-03-02 1124200]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-04 244208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-06 347192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:49]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 19:12]
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 19:12]
.
2013-01-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:52]
.
2013-09-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-08 380704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-15  16:15:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-15 14:15
.
Vor Suchlauf: 13 Verzeichnis(se), 142.829.654.016 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 142.375.616.512 Bytes frei
.
- - End Of File - - A55C5075F42B48E5D21A950483C12489
2F9BFD28B4EFC42F8304992B4B53D24C

Windows7; SpyBot findet Win32.downloader.gen

Log-Analyse und Auswertung: Windows7; SpyBot findet Win32.downloader.gen

Windows7; SpyBot findet Win32.downloader.gen

Ähnliche Themen: Windows7; SpyBot findet Win32.downloader.gen