Pc hängt.Navilog versucht.BERICHT!

SweetStuff · 20.03.2010, 14:30

ComboFix 10-03-19.08 - M.Kirchhof 20.03.2010 13:50:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2038.1101 [GMT 1:00]
ausgeführt von:: c:\users\M.Kirchhof\Desktop\Cofi.exe
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
PEV Error: LocalSettingsFile

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2029856189-510318292-3794614491-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3801753830-2145054293-2301001567-500
c:\$recycle.bin\S-1-5-21-712159895-3329921557-1417873802-500
c:\windows\system32\Connect.dll

Infizierte Kopie von c:\windows\MSAgent\AgentSvr.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-agentsvr_31bf3856ad364e35_6.0.6000.16386_none_31188d362f02982e\AgentSvr.exe wurde wiederhergestellt

.
((((((((((((((((((((((( Dateien erstellt von 2010-02-20 bis 2010-03-20 ))))))))))))))))))))))))))))))
.

2010-03-20 12:57 . 2010-03-20 13:05 -------- d-----w- c:\users\M.Kirchhof\AppData\Local\temp
2010-03-20 12:57 . 2010-03-20 12:57 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-03-20 12:57 . 2010-03-20 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-20 12:24 . 2010-03-20 12:24 -------- d-----w- c:\windows\system32\EventProviders
2010-03-18 14:37 . 2010-03-18 14:37 -------- d-----w- c:\program files\trend micro
2010-03-18 14:37 . 2010-03-18 15:43 -------- d-----w- C:\rsit
2010-03-18 11:46 . 2010-03-18 11:46 -------- d-----w- c:\users\M.Kirchhof\AppData\Roaming\Malwarebytes
2010-03-18 11:46 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 11:46 . 2010-03-18 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 11:46 . 2010-03-18 11:46 -------- d-----w- c:\programdata\Malwarebytes
2010-03-18 11:46 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 21:13 . 2010-03-16 21:26 -------- d---a-w- C:\Navilog1
2010-03-16 21:13 . 2010-03-16 21:13 -------- d-----w- c:\program files\navilog1
2010-03-16 14:29 . 2010-03-16 14:29 -------- d-----w- c:\program files\CCleaner
2010-03-11 00:16 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 00:16 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 00:16 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 21:33 . 2010-03-10 21:46 -------- d-----w- c:\users\M.Kirchhof\AppData\Roaming\GlarySoft
2010-03-06 21:29 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-03 15:30 . 2010-03-16 21:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-24 08:51 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:51 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 08:51 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 08:51 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 08:51 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 08:51 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 08:51 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 08:51 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 08:51 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 08:51 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 21:23 . 2007-08-14 08:24 -------- d-----w- c:\program files\DivX
2010-03-14 12:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-14 12:11 . 2007-08-14 08:17 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 18:51 . 2007-08-13 13:30 -------- d-----w- c:\program files\Google
2010-03-10 18:40 . 2009-10-28 15:55 -------- d-----w- c:\program files\QuickTime
2010-03-10 18:40 . 2008-05-16 17:32 -------- d-----w- c:\programdata\Apple Computer
2010-03-10 18:28 . 2010-01-05 15:18 -------- d-----w- c:\program files\Apple Software Update
2010-03-10 18:13 . 2010-01-05 15:18 -------- d-----w- c:\program files\Common Files\Apple
2010-03-05 14:43 . 2006-11-02 15:33 633836 ----a-w- c:\windows\system32\perfh007.dat
2010-03-05 14:43 . 2006-11-02 15:33 127582 ----a-w- c:\windows\system32\perfc007.dat
2010-03-05 12:35 . 2007-08-13 14:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-03 15:31 . 2007-08-14 08:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-25 17:58 . 2008-02-10 17:44 77528 ----a-w- c:\users\M.Kirchhof\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-03 10:24 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 20:56 . 2010-02-18 20:56 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-02 15:00 . 2010-01-02 14:59 76960 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-02 06:38 . 2010-03-16 18:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-16 18:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-03-16 18:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-03-16 18:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 08:04 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 08:04 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 08:04 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 08:04 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 08:04 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 08:04 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 08:04 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 08:04 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 08:04 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 08:04 65024 ----a-w- c:\windows\system32\avicap32.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-04-20 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-04-20 43904]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]

.
Inhalt des "geplante Tasks" Ordners

2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{6610FC8D-0263-4C0B-9926-F27A78846E29}.job
- c:\windows\system32\msfeedssync.exe [2010-03-16 04:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunApp.exe
FF - ProfilePath - c:\users\M.Kirchhof\AppData\Roaming\Mozilla\Firefox\Profiles\k6icxkwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\M.Kirchhof\AppData\Roaming\Mozilla\Firefox\Profiles\k6icxkwb.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-03-20 14:12:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-03-20 13:11

Vor Suchlauf: 13 Verzeichnis(se), 113.008.566.272 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 112.818.147.328 Bytes frei

- - End Of File - - 5BB049C59DE16DCF6548D71C9F6951B3

Pc hängt.Navilog versucht.BERICHT!

Plagegeister aller Art und deren Bekämpfung: Pc hängt.Navilog versucht.BERICHT!

Pc hängt.Navilog versucht.BERICHT!

Ähnliche Themen: Pc hängt.Navilog versucht.BERICHT!