PC stürzt öfters ab - blauer Bildschirm.... Virus?

fallingangel · 20.07.2010, 12:54

Logdatei Combofix:
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-07-18.05 - Melanie 20.07.2010  13:30:20.5.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.1022.300 [GMT 2:00]
ausgeführt von:: c:\users\Melanie\Documents\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-20 bis 2010-07-20  ))))))))))))))))))))))))))))))
.

2010-07-20 11:41 . 2010-07-20 11:41	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-07-20 11:41 . 2010-07-20 11:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-15 10:20 . 2008-08-26 08:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2010-07-15 10:19 . 2010-07-15 10:19	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-07-15 05:37 . 2010-07-15 05:37	12212040	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-15 05:36 . 2010-07-15 05:37	13930312	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-15 05:36 . 2010-07-15 05:36	77824	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-15 05:36 . 2010-07-15 05:36	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-15 05:36 . 2010-07-15 05:36	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-15 05:36 . 2010-07-15 05:36	50000	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-15 05:36 . 2010-07-15 05:32	103412296	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-15 05:35 . 2010-07-15 05:35	--------	d-----w-	c:\programdata\NokiaInstallerCache
2010-06-30 10:33 . 2010-06-28 20:57	38848	----a-w-	c:\windows\avastSS.scr
2010-06-24 01:01 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-24 01:01 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-24 01:01 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-24 01:01 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-24 01:01 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-23 17:23 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-23 17:23 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 19:52 . 2010-07-09 08:42	69222840	----a-w-	c:\users\Melanie\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 14:24 . 2009-08-26 15:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-18 09:28 . 2010-05-21 17:12	--------	d-----w-	c:\users\Melanie\AppData\Roaming\Azureus
2010-07-18 08:14 . 2006-12-12 00:42	643660	----a-w-	c:\windows\system32\perfh007.dat
2010-07-18 08:14 . 2006-12-12 00:42	130782	----a-w-	c:\windows\system32\perfc007.dat
2010-07-15 10:24 . 2007-04-04 17:46	--------	d-----w-	c:\program files\Common Files\Nokia
2010-07-15 05:39 . 2007-04-04 17:44	--------	d-----w-	c:\program files\Nokia
2010-07-14 08:22 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-14 08:15 . 2007-12-16 11:05	--------	d-----w-	c:\programdata\Microsoft Help
2010-06-28 20:57 . 2010-05-20 13:40	165032	----a-w-	c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-20 13:43	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-20 13:43	165456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-20 13:43	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-20 13:43	50256	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-05-20 13:43	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 10:04 . 2009-09-29 17:48	--------	d-----w-	c:\program files\Microsoft
2010-06-24 09:52 . 2007-12-16 11:09	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-16 13:15 . 2010-06-16 13:15	20330720	----a-w-	c:\users\Melanie\AppData\Roaming\TomTom\HOME\Profiles\32d1v8im.default\Updates\v2_7_4_1962_win.exe
2010-06-16 12:50 . 2009-08-25 15:22	--------	d-----w-	c:\users\Melanie\AppData\Roaming\PC Suite
2010-06-16 12:50 . 2010-04-03 11:36	--------	d-----w-	c:\users\Melanie\AppData\Roaming\Nokia
2010-06-16 12:42 . 2010-04-03 11:23	--------	d-----w-	c:\program files\DIFX
2010-06-16 12:40 . 2010-06-16 12:40	--------	d-----w-	c:\program files\Common Files\PCSuite
2010-06-16 12:36 . 2010-06-16 12:36	95232	----a-w-	c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\pcswpcsi.exe
2010-06-16 12:36 . 2010-06-16 12:36	8192	----a-w-	c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstCCD.exe
2010-06-16 12:36 . 2010-06-16 12:36	61440	----a-w-	c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-06-16 12:36 . 2010-06-16 12:36	10240	----a-w-	c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCS.exe
2010-06-16 12:36 . 2009-02-18 10:06	--------	d-----w-	c:\programdata\Installations
2010-06-16 12:36 . 2010-06-16 12:36	35596800	----a-w-	c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Nokia_PC_Suite_ger_web.exe
2010-06-16 12:11 . 2010-06-16 12:11	--------	d-----w-	c:\program files\Nsasoft
2010-06-16 11:42 . 2010-06-16 11:42	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-16 11:42 . 2010-06-16 11:42	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-16 11:35 . 2010-06-16 11:35	680	----a-w-	c:\users\Melanie\AppData\Local\d3d9caps.dat
2010-06-16 11:32 . 2010-05-20 11:36	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-06-16 11:15 . 2010-06-16 11:15	3351812	----a-w-	c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-06-16 11:15 . 2010-06-16 11:15	36864	----a-w-	c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-06-16 11:15 . 2010-06-16 11:15	3203453	----a-w-	c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-06-16 11:15 . 2010-06-16 11:18	35644808	----a-w-	c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_de[1].exe
2010-05-26 17:06 . 2010-06-16 09:07	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-16 09:07	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-22 03:45 . 2010-05-22 03:45	124360	----a-w-	c:\users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 17:56 . 2007-08-30 19:22	--------	d-----w-	c:\program files\Logitech
2010-05-21 17:53 . 2007-10-05 18:10	--------	d-----w-	c:\programdata\eMule
2010-05-21 17:11 . 2010-05-21 17:11	--------	d-----w-	c:\program files\Vuze
2010-05-21 17:11 . 2010-05-21 17:11	--------	d-----w-	c:\program files\Vuze_Remote
2010-05-21 12:14 . 2009-10-03 05:55	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-16 09:07	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-16 09:07	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-16 09:07	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-16 09:07	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-16 09:06	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2009-09-10 08:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-09-10 08:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-28 17:41 . 2009-09-03 08:30	1240	----a-w-	c:\users\Melanie\AppData\Roaming\wklnhst.dat
2010-04-23 14:13 . 2010-05-25 19:51	2048	----a-w-	c:\windows\system32\tzres.dll
2008-07-21 17:19 . 2008-07-21 17:18	48	--sha-w-	c:\windows\S502F7CC5.tmp
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33	2515552	----a-w-	c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42	65536	----a-w-	c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 15:44	61440	----a-w-	c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,23,74,02,ac,25,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2004-06-03 33792]
R3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2004-03-20 38144]
R3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2004-03-26 32768]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.sms.at/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 13:41
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-07-20  13:46:30
ComboFix-quarantined-files.txt  2010-07-20 11:46
ComboFix2.txt  2010-07-19 17:38

Vor Suchlauf: 12 Verzeichnis(se), 228.140.298.240 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 228.094.103.552 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C2F85FA447A5988FCF2C471858027E07

--- --- ---

Ausserdem hat mein PC einen Trojaner entdeckt (Antivirus hat sich nachdem Combofix durchgeführt wurde gemeldet) - TR/Trash.Gen - hab den in die Quarantäne verschoben!

markusg · 20.07.2010, 14:20

und das problem trat direkt nach wechsel des netzteils auf?

fallingangel · 20.07.2010, 17:44

ja direkt danach ;-)

PS: kann ich den trojaner in der quarantäne lassen - siehe letzte antwort

20.07.2010, 14:20	#17
markusg /// Malware-holic	PC stürzt öfters ab - blauer Bildschirm.... Virus? und das problem trat direkt nach wechsel des netzteils auf? __________________

PC stürzt öfters ab - blauer Bildschirm.... Virus?

Plagegeister aller Art und deren Bekämpfung: PC stürzt öfters ab - blauer Bildschirm.... Virus?

PC stürzt öfters ab - blauer Bildschirm.... Virus?

PC stürzt öfters ab - blauer Bildschirm.... Virus?

PC stürzt öfters ab - blauer Bildschirm.... Virus?

Ähnliche Themen: PC stürzt öfters ab - blauer Bildschirm.... Virus?

20.07.2010, 17:44	#18
fallingangel	PC stürzt öfters ab - blauer Bildschirm.... Virus? ja direkt danach ;-) PS: kann ich den trojaner in der quarantäne lassen - siehe letzte antwort __________________