| |
| |||||||
Log-Analyse und Auswertung: comboscan aus wutWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.12.2010, 01:28
| #1 |
 |  comboscan aus wut weis sol man nicht machen aber der grosse rechner hat vol rumgesponnen internet geht auch nicht da er die software vür den stick nicht starten tut  hier der log code:Combofix Logfile: Code:
ATTFilter ComboFix 10-12-06.04 - Micha 08.12.2010 0:23.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4095.2884 [GMT 1:00]
ausgeführt von:: c:\users\Micha\Desktop\cd1234.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe5DB1.dll
c:\programdata\hpeFD69.dll
F:\Uninstall.exe
F:\WinRAR.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-07 bis 2010-12-07 ))))))))))))))))))))))))))))))
.
2010-11-28 20:06 . 2010-11-28 20:06 -------- d-----w- c:\users\Micha\AppData\Local\Sony Ericsson
2010-11-28 20:06 . 2010-11-28 20:06 -------- d-----w- c:\program files (x86)\Avanquest update
2010-11-28 20:06 . 2010-11-28 20:06 -------- d-----w- c:\programdata\BVRP Software
2010-11-28 20:05 . 2010-11-28 20:05 -------- d-----w- c:\program files (x86)\Sony Ericsson
2010-11-25 08:35 . 2010-11-25 08:35 -------- d-----w- c:\users\Olbesuch\AppData\Local\LogMeIn
2010-11-24 16:36 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 16:36 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-16 23:07 . 2010-11-16 23:07 -------- dc----w- C:\_OTL
2010-11-14 14:09 . 2010-11-14 14:09 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-14 14:09 . 2010-11-14 14:09 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-11-12 21:47 . 2010-11-12 21:47 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-12 21:46 . 2010-11-12 21:46 -------- d-----w- c:\program files (x86)\Alcohol Soft
2010-11-12 21:37 . 2010-10-07 11:38 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-12 21:37 . 2010-10-07 11:37 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2010-11-12 21:30 . 2010-11-12 21:31 -------- d-----w- c:\program files (x86)\CCleaner
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 20:38 . 2010-03-25 18:09 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-12 22:49 . 2010-09-20 18:57 1629 ----a-w- c:\programdata\xml5CEB.tmp
2010-11-12 22:49 . 2010-09-20 18:57 13723 ----a-w- c:\programdata\xml4C6F.tmp
2010-11-12 22:48 . 2010-09-20 18:57 5222 ----a-w- c:\programdata\xml3F4F.tmp
2010-09-15 03:50 . 2010-06-14 16:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-09-13 14:32 . 2010-10-24 10:37 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 13:56 . 2010-10-24 10:37 8147456 ----a-w- c:\windows\SysWow64\wmploc.DLL
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-26 1207312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
R0 NVStrap;NVStrap; [x]
R1 ntiomin;ntiomin; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppBoosterService;AppBooster Service;c:\program files (x86)\Common Files\2ToX Common\BoostService.exe [2010-09-08 1554120]
R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 342320]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.0 Final Release\RivaTuner64.sys [2006-12-24 11776]
R3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;c:\windows\system32\DRIVERS\Rtnic64.sys [2006-09-18 55640]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe [2009-08-10 93848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 SI3112r;SiI-3512 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-12-26 133160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-12 868848]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-07 125440]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 AODService;AODService;f:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys [2008-08-06 22216]
S2 LMIInfo;LogMeIn Kernel Information Provider;f:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2007-06-29 39424]
S3 AODDriver;AODDriver;f:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2010-12-07 c:\windows\Tasks\User_Feed_Synchronization-{31332379-6E26-4810-ADC0-A39F223E7EE1}.job
- c:\windows\system32\msfeedssync.exe [2010-10-24 04:25]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 604704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\
FF - plugin: c:\program files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\LogMeInClient@logmein.com
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3587398502-3092581287-1142296144-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,d1,6e,ee,2c,0e,1e,46,6b,46,f6,a3,8f,98,71,6e,7d,96,32,9f,5b,3e,d2,
6e,a8,4b,22,56,6f,b3,c5,8e,70,8e,83,7b,15,66,2f,f6,b9,ce,6d,da,49,b1,57,56,\
"??"=hex:4a,26,b8,ff,e6,ed,d0,b1,21,89,57,50,e9,80,c6,3f
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-12-08 00:37:11
ComboFix-quarantined-files.txt 2010-12-07 23:37
Vor Suchlauf: 3.327.807.488 Bytes frei
Nach Suchlauf: 3.996.909.568 Bytes frei
- - End Of File - - 4C0C5BC7A10D6008B5ECAE59E8CA707D
code: die wächter waren off der kleine lappi das ergebniss von mbr da ist auch was am rumfuhrwerken ist als jpg bild geht nicht mehr werde zwei wählen! # datei ist gedumpt könte sie hochladen code: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Starter Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK Computer INC. System Product Name: 1005P Logical Drives Mask: 0x0000000c Kernel Drivers (total 199): 0x82056000 \SystemRoot\system32\ntkrnlpa.exe 0x8201F000 \SystemRoot\system32\halmacpi.dll 0x81F6B000 \SystemRoot\system32\kdcom.dll 0x8262D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x826A5000 \SystemRoot\system32\PSHED.dll 0x826B6000 \SystemRoot\system32\BOOTVID.dll 0x826BE000 \SystemRoot\system32\CLFS.SYS 0x82700000 \SystemRoot\system32\CI.dll 0x8683F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x868B0000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x868BE000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x86906000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8690F000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x86917000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x86922000 \SystemRoot\system32\DRIVERS\pci.sys 0x8694C000 \SystemRoot\System32\drivers\partmgr.sys 0x8695D000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x86965000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x86970000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x86980000 \SystemRoot\System32\drivers\volmgrx.sys 0x869CB000 \SystemRoot\System32\drivers\mountmgr.sys 0x86A34000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x86B0E000 \SystemRoot\system32\DRIVERS\atapi.sys 0x86B17000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x86B3A000 \SystemRoot\system32\DRIVERS\msahci.sys 0x86B44000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x86B52000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x86B5B000 \SystemRoot\system32\drivers\fltmgr.sys 0x86B8F000 \SystemRoot\system32\drivers\fileinfo.sys 0x86C19000 \SystemRoot\System32\Drivers\Ntfs.sys 0x86D48000 \SystemRoot\System32\Drivers\msrpc.sys 0x86D73000 \SystemRoot\System32\Drivers\ksecdd.sys 0x86D86000 \SystemRoot\System32\Drivers\cng.sys 0x86DE3000 \SystemRoot\System32\drivers\pcw.sys 0x86DF1000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x86E27000 \SystemRoot\system32\drivers\ndis.sys 0x86EDE000 \SystemRoot\system32\drivers\NETIO.SYS 0x86F1C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x87024000 \SystemRoot\System32\drivers\tcpip.sys 0x8716D000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8719E000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x871DD000 \SystemRoot\System32\Drivers\spldr.sys 0x86F41000 \SystemRoot\System32\drivers\rdyboost.sys 0x871E5000 \SystemRoot\System32\Drivers\mup.sys 0x871F5000 \SystemRoot\System32\drivers\hwpolicy.sys 0x86F6E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x87000000 \SystemRoot\system32\DRIVERS\disk.sys 0x86FA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8A30A000 \SystemRoot\System32\Drivers\Null.SYS 0x8A311000 \SystemRoot\System32\Drivers\Beep.SYS 0x8A318000 \SystemRoot\System32\drivers\vga.sys 0x8A324000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8A345000 \SystemRoot\System32\drivers\watchdog.sys 0x8A352000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8A35A000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8A362000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8A36A000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8A375000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8A383000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8A39A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8A3A5000 \SystemRoot\system32\drivers\afd.sys 0x86FC5000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8A2EB000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x86E00000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8A2F2000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x86C00000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8A303000 \SystemRoot\System32\Drivers\ntiomin.SYS 0x86E1F000 \SystemRoot\System32\Drivers\ntiopnp.SYS 0x86BA0000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x86BB3000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8701E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x827AB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x86C0E000 \SystemRoot\system32\drivers\nsiproxy.sys 0x86BC3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x86BCD000 \SystemRoot\System32\drivers\discache.sys 0x86BD9000 \SystemRoot\System32\Drivers\dfsc.sys 0x86BF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x86A00000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8A306000 \SystemRoot\system32\drivers\AsUpIO.sys 0x86800000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x86821000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8D22D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8D735000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D824000 \SystemRoot\System32\drivers\dxgmms1.sys 0x8D85D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8D87C000 \SystemRoot\system32\DRIVERS\athr.sys 0x8D9A9000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x8D9B3000 \SystemRoot\system32\DRIVERS\L1C62x86.sys 0x8D9C3000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8C629000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8C674000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8C683000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8C69B000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0x8C6A3000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8C6B0000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8C6E3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8C6E5000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8C6F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8C6F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8C6FF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x8C70C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8C71E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8C736000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8C741000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8C763000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8C77B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8C792000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8C7A9000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8C7AB000 \SystemRoot\system32\DRIVERS\ks.sys 0x8C7DF000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8C81B000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8C85F000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8CC3B000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8CEE0000 \SystemRoot\system32\drivers\portcls.sys 0x8CF0F000 \SystemRoot\system32\drivers\drmk.sys 0x8CF28000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8C870000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x8CF35000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x8ED40000 \SystemRoot\System32\win32k.sys 0x8CF46000 \SystemRoot\System32\drivers\Dxapi.sys 0x8CF50000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8CF67000 \SystemRoot\System32\Drivers\usbvideo.sys 0x8CF8B000 \SystemRoot\system32\DRIVERS\monitor.sys 0x8EFA0000 \SystemRoot\System32\TSDDD.dll 0x8EFD0000 \SystemRoot\System32\cdd.dll 0x8CF96000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x8CFAD000 \SystemRoot\system32\DRIVERS\s0016bus.sys 0x8CFC2000 \SystemRoot\system32\DRIVERS\s0016wh.sys 0x8CFC4000 \SystemRoot\system32\DRIVERS\s0016mdm.sys 0x8CFE0000 \SystemRoot\system32\DRIVERS\s0016cm.sys 0x8CFE2000 \SystemRoot\system32\drivers\modem.sys 0x8CFEF000 \SystemRoot\system32\DRIVERS\s0016mdfl.sys 0x8CC00000 \SystemRoot\system32\DRIVERS\s0016obex.sys 0x8CC1A000 \SystemRoot\system32\DRIVERS\s0016mgmt.sys 0x8C94A000 \SystemRoot\system32\DRIVERS\s0016unic.sys 0x8CC35000 \SystemRoot\system32\DRIVERS\s0016cr.sys 0x8CC36000 \SystemRoot\system32\DRIVERS\s0016nd5.sys 0x8C965000 \SystemRoot\system32\drivers\luafv.sys 0x8C980000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8C995000 \SystemRoot\system32\drivers\WudfPf.sys 0x8C9AF000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8A200000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8C9BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8C9CF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8D9CE000 \SystemRoot\System32\Drivers\fastfat.SYS 0x8A246000 \SystemRoot\system32\drivers\HTTP.sys 0x8C9E2000 \SystemRoot\system32\DRIVERS\bowser.sys 0x8C800000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8C600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA4238000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA4273000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA42A6000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xA42E9000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA42EE000 \SystemRoot\system32\drivers\peauth.sys 0xA4385000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA438F000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA43B0000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA4A23000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA4A72000 \SystemRoot\System32\DRIVERS\srv.sys 0xA4AC3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x77250000 \Windows\System32\ntdll.dll 0x47680000 \Windows\System32\smss.exe 0x77490000 \Windows\System32\apisetschema.dll 0x004D0000 \Windows\System32\autochk.exe 0x773D0000 \Windows\System32\rpcrt4.dll 0x77390000 \Windows\System32\ws2_32.dll 0x77230000 \Windows\System32\imm32.dll 0x77220000 \Windows\System32\nsi.dll 0x771D0000 \Windows\System32\gdi32.dll 0x77130000 \Windows\System32\usp10.dll 0x770B0000 \Windows\System32\comdlg32.dll 0x77010000 \Windows\System32\advapi32.dll 0x76FF0000 \Windows\System32\sechost.dll 0x76F90000 \Windows\System32\shlwapi.dll 0x76EE0000 \Windows\System32\msvcrt.dll 0x76ED0000 \Windows\System32\normaliz.dll 0x76D70000 \Windows\System32\ole32.dll 0x76B70000 \Windows\System32\iertutil.dll 0x76B20000 \Windows\System32\Wldap32.dll 0x76A90000 \Windows\System32\oleaut32.dll 0x75E40000 \Windows\System32\shell32.dll 0x75DB0000 \Windows\System32\clbcatq.dll 0x75D80000 \Windows\System32\imagehlp.dll 0x75D20000 \Windows\System32\difxapi.dll 0x75D10000 \Windows\System32\psapi.dll 0x75C10000 \Windows\System32\wininet.dll 0x75A70000 \Windows\System32\setupapi.dll 0x75990000 \Windows\System32\kernel32.dll 0x758C0000 \Windows\System32\msctf.dll 0x757F0000 \Windows\System32\user32.dll 0x756B0000 \Windows\System32\urlmon.dll 0x756A0000 \Windows\System32\lpk.dll 0x75670000 \Windows\System32\cfgmgr32.dll 0x75650000 \Windows\System32\devobj.dll 0x755C0000 \Windows\System32\comctl32.dll 0x75590000 \Windows\System32\wintrust.dll 0x75470000 \Windows\System32\crypt32.dll 0x75420000 \Windows\System32\KernelBase.dll 0x75410000 \Windows\System32\msasn1.dll Processes (total 63): 0 System Idle Process 4 System 248 C:\Windows\System32\smss.exe 372 csrss.exe 428 csrss.exe 436 C:\Windows\System32\wininit.exe 472 C:\Windows\System32\winlogon.exe 532 C:\Windows\System32\services.exe 552 C:\Windows\System32\lsass.exe 560 C:\Windows\System32\lsm.exe 660 C:\Windows\System32\svchost.exe 756 C:\Windows\System32\svchost.exe 856 C:\Windows\System32\svchost.exe 900 C:\Windows\System32\svchost.exe 928 C:\Windows\System32\svchost.exe 1028 C:\Windows\System32\audiodg.exe 1072 C:\Windows\System32\svchost.exe 1268 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\taskeng.exe 1424 C:\Windows\System32\spoolsv.exe 1464 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1496 C:\Windows\System32\svchost.exe 1620 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1664 C:\Windows\System32\AsusService.exe 1684 C:\Program Files\CPUCooL\CooLSRV.exe 1732 C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe 1788 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1796 C:\Windows\System32\conhost.exe 1896 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe 1964 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 1996 C:\Windows\System32\svchost.exe 280 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 544 C:\Windows\System32\taskhost.exe 2112 C:\Windows\System32\dwm.exe 2124 C:\Windows\explorer.exe 2396 WUDFHost.exe 2460 C:\Windows\servicing\TrustedInstaller.exe 2744 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2752 C:\Program Files\ASUS\Eee Docking\Eee Docking.exe 2800 C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe 2824 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 2852 C:\Program Files\EeePC\HotkeyService\HotkeyService.exe 2904 C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe 2916 C:\Program Files\EeePC\SHE\SuperHybridEngine.exe 2940 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3024 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3044 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 3072 WmiPrvSE.exe 3080 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3132 C:\Windows\System32\igfxtray.exe 3236 C:\Windows\System32\hkcmd.exe 3260 C:\Windows\System32\igfxpers.exe 3268 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe 3324 C:\Windows\System32\igfxsrvc.exe 3364 C:\Program Files\CPUCooL\CPUCooL.exe 3436 C:\Windows\System32\svchost.exe 3576 C:\Windows\System32\SearchIndexer.exe 3796 C:\Windows\System32\svchost.exe 3828 C:\Program Files\Windows Media Player\wmpnetwk.exe 3836 C:\Windows\System32\SearchProtocolHost.exe 3984 C:\Windows\System32\SearchFilterHost.exe 2976 D:\daten\MBRCheck.exe 2136 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: D:/Error opening output file (0)! Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: baeckupDumped successfully! Enter the physical disk number to dump (0-99, -1 to exit): code: |
|
| Themen zu comboscan aus wut |
| adblock, adobe, antivir, avg, avira, dateien, defender, desktop, device driver, excel, explorer, firefox, home, home premium, internet explorer, jusched.exe, microsoft fix it, mozilla, nicht starten, nvidia, programdata, realtek, remote access, richtlinie, scan, security, security scan, software, start menu, starten, stick, superantispyware, svchost, system, syswow64, unknown mbr, windows, windows 7 starter, yahoo |
Linear-Darstellung
