| |
| |||||||
Log-Analyse und Auswertung: Bitte das ComboFix Log begutachtenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.09.2009, 10:43
| #1 |
 |  Bitte das ComboFix Log begutachten Hallo! Mein Computer war auf Grund von Virenbefall extrem langsam! Hab nun in diversen Foren nachgelesen und den ComboFix Scan durchgeführt! Momentan läuft das System wieder recht stabil! Vieleicht könnte doch jemand das logfile durchsehen und mir noch Hinweise geben!! Besten Dank an alle Antwortgeber!! ComboFix 09-09-13.05 - Wolfgang 14.09.2009 10:47.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.2718.1881 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . Überschreibung abgebrochen ... Bitte führe Combofix erneut aus (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-3766238475-1870540741-3891466012-500 c:\$recycle.bin\S-1-5-21-4166659471-477811567-471052203-500 c:\windows\emMON.exe c:\windows\run.log c:\windows\system32\acovcnt.exe c:\windows\system32\drivers\kbiwkmfdfqmnat.sys c:\windows\system32\drivers\str.sys . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmpyemwcfj ((((((((((((((((((((((( Dateien erstellt von 2009-08-14 bis 2009-09-14 )))))))))))))))))))))))))))))) . 2009-09-14 09:17 . 2003-07-30 02:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys 2009-09-14 09:10 . 2009-09-14 09:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-11 15:09 . 2009-09-11 15:38 -------- d-----w- c:\program files\BsPlayer 2009-09-10 08:05 . 2009-06-09 15:29 1177600 ----a-w- c:\windows\system32\drivers\athr.sys 2009-08-23 13:21 . 2009-08-23 13:23 -------- d-----w- c:\program files\PersonalAV 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Geogrid 2009-08-19 15:57 . 2009-08-19 15:57 -------- d-----w- c:\program files\Austrian Map Fly 2009-08-19 15:42 . 2009-08-19 15:47 -------- d-----w- c:\program files\Amap Fly . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 09:18 . 2007-09-23 13:57 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\Skype 2009-09-14 09:16 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-14 08:21 . 2008-03-30 18:19 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\skypePM 2009-09-14 08:02 . 2007-04-18 09:14 621940 ----a-w- c:\windows\system32\perfh007.dat 2009-09-14 08:02 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat 2009-09-13 17:04 . 2007-09-23 12:57 -------- d-----w- c:\program files\Firefox 2009-09-11 15:02 . 2009-03-05 17:08 -------- d-----w- c:\program files\Koordinatentransformation 2009-09-10 08:05 . 2007-09-06 21:54 -------- d-----w- c:\program files\Atheros 2009-08-27 11:29 . 2007-09-23 13:57 -------- d-----w- c:\program files\Google 2009-08-23 13:28 . 2009-01-21 19:53 -------- d-----w- c:\programdata\SecTaskMan 2009-08-19 15:42 . 2007-12-31 15:05 -------- d-----w- c:\program files\Daemon Tools 2009-08-06 16:43 . 2009-08-06 16:43 -------- d-----w- c:\programdata\Avira 2009-08-06 16:43 . 2007-09-23 13:19 -------- d-----w- c:\program files\Avira 2009-07-28 14:33 . 2009-08-06 16:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-22 13:47 . 2008-01-23 15:00 -------- d-----w- c:\users\Wolfgang\AppData\Roaming\LimeWire 2009-07-22 13:38 . 2008-01-23 14:58 -------- d-----w- c:\program files\LimeWire 2009-01-30 14:29 . 2009-01-30 14:26 10724584 ----a-w- c:\program files\bsplayer_setup.exe 2007-12-09 20:47 . 2007-12-09 20:47 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 1997-06-23 02:00 . 1997-06-23 02:00 123664 --sha-w- c:\windows\System32\Msjint35.dll 1997-06-23 11:06 . 1997-06-23 11:06 24848 --sha-w- c:\windows\System32\Msjter35.dll 1997-06-23 11:06 . 1997-06-23 11:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll 1997-06-23 11:06 . 1997-06-23 11:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408] "DAEMON Tools Lite"="c:\program files\Daemon Tools\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2008-06-17 1249280] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-09-06 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-09-06 33136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "hpqSRMon"="c:\program files\Drucker\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] AutoCAD-Startbeschleuniger.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CFC1F61E-E161-46C3-A02D-9998C0FA2A6E}"= UDP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{4F669F32-08B8-40BC-A42C-4852A33B4698}"= TCP:c:\spiele\FIFI08\FIFA08.exe:FIFA 08 "{692D0822-7870-4B13-B0F2-2D3E0A3E4CA8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{BE77DEB0-A74D-4B76-AB27-312592D17148}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F692DE8E-43A8-4799-A2B9-62AA5909EDB8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9B037490-0262-4A5D-AF8E-1E3AAC831645}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A9E06124-19BD-44BA-8196-33CBF03FBD54}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2C887DB1-CBBD-4165-8B69-A95286F4D03B}"= UDP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{310BE0CB-D06C-4DC5-A990-6C1FE3A140A9}"= TCP:c:\programme\Matlab\bin\win32\matlab.exe:MATLAB 6.5 "{B60F3575-9A94-4D12-BC38-7C9221B65F85}"= UDP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{AA74888E-06E0-40D3-A523-8B1E3372EF61}"= TCP:c:\spiele\CallOfDuty\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{4E0F5FA6-8C47-43D2-A770-3FC600387095}c:\\spiele\\flat out 2\\flatout2.exe"= UDP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "UDP Query User{7AB11537-1AE7-4586-B150-86CD80C59ED4}c:\\spiele\\flat out 2\\flatout2.exe"= TCP:c:\spiele\flat out 2\flatout2.exe:FlatOut2 "{77C37AFC-E9FF-4822-8DE3-58A15E9184A2}"= Disabled:UDP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{67FCB941-DB82-4B38-B6DF-132098D33944}"= Disabled:TCP:c:\program files\Autodesk Architectural Desktop 3 Deu\pman32.exe:AutoCAD Lizenzierungsdienstprogramm "{11AD94C1-1583-4EA7-BB9C-EE4ED84AD7FB}"= Disabled:UDP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{9E21BC45-6B27-456D-BC4B-37A73E30D674}"= Disabled:TCP:c:\program files\Autodesk\Autodesk DWF Viewer\DwfViewer.exe:Autodesk DWF Viewer "{7DE9B370-59F0-4A95-A59D-8724BCC0EFE9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{21D22EB1-48DF-41C6-8A80-4D0E2614AE01}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{857ABAE5-B852-4B43-A1DD-02C3EF4C554B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{362A1C43-3D94-4ABD-A027-E1D5DB410061}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{15C1DAB2-6224-4140-8D29-6FB77F7B9B9C}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{BAF6889C-9F4B-4BD9-A06E-7E519C652F89}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{AAF2D74F-D330-48EB-A352-686F75970E45}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= UDP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "UDP Query User{ADB5FC04-74A0-4D04-8EA9-42E334D12932}c:\\program files\\mp4 player\\bsplayerpro\\bsplayer.exe"= TCP:c:\program files\mp4 player\bsplayerpro\bsplayer.exe:BS.Player "{2A47F4A9-F1CD-460C-875A-22FFB7268A96}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{E371EE85-0481-42B2-AE0F-68048FF6E589}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{C2C8E62A-2AB0-4114-802D-FCFEF7ADE31C}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{7F63666A-1E2A-477E-A9CA-217530B2B04D}"= Profile=Public|c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{8BC4E6B5-E666-49D3-A6C2-58D811CA842B}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CFC590B3-E3C7-4016-8E6B-E87CCB5974D1}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{EEFF0C91-F67B-4B8B-9CD5-227D32761CAB}"= Profile=Public|c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "TCP Query User{2E3586BE-8446-4ACE-ACAA-9A7C7A5E5E40}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "UDP Query User{D4814B7D-2007-4517-BBA4-6C2CB6F5A902}c:\\program files\\matlab\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\bin\win32\matlab.exe:MATLAB "{D9CE1BDF-220C-45CE-97C6-0A4E054ACD73}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A9F0F49A-59CF-47D0-B380-498BD866633C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{23CB0B3D-98A9-4274-8AC6-FEE7C7E6139F}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FF479D79-1E8B-4D76-B40F-1E3FDDA17BEB}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hposid01.exe:hposid01.exe "{B58430AD-C94D-4FCD-AE80-A1E5BAD0C696}"= Disabled:c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{98E397DC-498D-422F-9504-B96C5D841750}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{E0011C75-21A1-4CC1-B3AF-9B2BE06F6A50}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "{CEFCB89F-977B-4BAA-B7AB-B8D66F6F0571}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{47835FC4-41C9-46A9-AB94-A1B8B0E6866F}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CE8B893B-67A0-477A-8247-2578994BB7F7}"= Disabled:c:\program files\Drucker\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{9F3A2F2A-2247-448F-B1B0-890DFFE2468B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6282CA53-5071-422B-8D91-3115C196AE60}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D5D4543E-EA06-4A84-B2B8-C30E91FA1DB6}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A087E06B-50E1-4055-A64C-0C121F4BBE0A}"= UDP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation "{6872BC02-E46D-4A34-996F-A9B711F8DA4C}"= TCP:c:\program files\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:Breitband-Internet-Installation R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [06.08.2009 18:43 108289] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27.03.2009 15:54 165160] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [07.02.2007 12:44 24576] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [07.09.2007 00:03 45568] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [13.02.2007 06:41 1245056] S2 aawserviceADSMService;Ad-Aware 2007 Service aawserviceADSMService;c:\windows\TEMP\uflaavxnka.exe service --> c:\windows\TEMP\uflaavxnka.exe service [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Senden an &Bluetooth - c:\program files\Bluetooth\btsendto_ie_ctx.htm TCP: {12599AE3-12D1-48DE-A035-627173664419} = 192.168.1.1 FF - ProfilePath - c:\users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\g3gk2f0y.default\ FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 11:17 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(5040) kbiwkmkoiegsxb.dll 10000000 36864 \\?\globalroot\systemroot\system32\kbiwkmkoiegsxb.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\AdAware\aawservice.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\ehome\ehmsas.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\System32\WUDFHost.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-09-14 11:25 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-09-14 09:25 Vor Suchlauf: 12 Verzeichnis(se), 29.059.067.904 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 29.066.973.184 Bytes frei 249 --- E O F --- 2009-03-05 10:03 |
| Themen zu Bitte das ComboFix Log begutachten |
| $recycle.bin, 1.exe, ad-aware, antivir, avg, avgnt.exe, avira, bonjour, c.exe, c:\windows\temp, call of duty, combofix, computer, desktop, excel, explorer, extrem langsam, home, home premium, jusched.exe, langsam, laufende prozesse, logfile, malware, mozilla, programdata, recycle.bin, saver, scan, screensaver, security, senden, service pack 1, skype.exe, software, solution, start menu, suchlauf, svchost, system, tcp, udp, usb, windows, windows-defender, windows\temp |
Baum-Darstellung