| |
| |||||||
Log-Analyse und Auswertung: Fehlermeldung Catalyst Control CenterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.05.2011, 20:33
| #9 |
 |  Fehlermeldung Catalyst Control Center hi, habe combofix ausgeführt: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-30.04 - user 30.05.2011 21:22:55.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3839.2565 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\users\user\AppData\Roaming\Adobe\plugs
c:\users\user\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-30 ))))))))))))))))))))))))))))))
.
.
2011-05-30 19:25 . 2011-05-30 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 18:46 . 2011-05-30 18:46 -------- d-----w- C:\_OTL
2011-05-30 17:12 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-30 17:12 . 2011-05-30 17:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-29 17:13 . 2011-05-29 17:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-29 15:57 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-29 15:57 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-29 14:58 . 2011-05-29 14:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-05-28 09:59 . 2011-05-28 09:59 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 09:59 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 05:31 . 2011-05-18 10:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{841A471E-850A-466B-8ED6-C096D4F21C7E}\mpengine.dll
2011-05-26 17:44 . 2011-05-26 17:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-05-26 17:44 . 2011-05-26 17:44 845632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-25 05:22 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 15:29 . 2011-05-24 15:29 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-24 15:29 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-24 15:28 . 2011-05-24 15:28 -------- d-----w- c:\program files (x86)\QuickTime
2011-05-24 15:28 . 2011-05-24 15:28 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-24 15:28 . 2011-05-24 15:28 -------- d-----w- c:\program files\Common Files\Apple
2011-05-24 15:27 . 2011-05-24 15:29 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-05-24 15:27 . 2011-05-24 15:27 -------- d-----w- c:\programdata\Apple
2011-05-21 14:59 . 2011-05-21 14:59 -------- d-----w- C:\pdf
2011-05-21 14:55 . 2011-05-21 14:56 -------- d-----w- C:\EUROFIBU
2011-05-21 14:11 . 2011-05-21 14:11 -------- d-----w- c:\programdata\WEBREG
2011-05-21 14:10 . 2011-05-21 14:10 -------- d-----w- c:\programdata\HP Product Assistant
2011-05-21 14:09 . 2011-05-21 14:09 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-05-21 14:08 . 2011-05-21 14:08 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-05-21 14:08 . 2011-05-21 14:10 -------- d-----w- c:\program files (x86)\HP
2011-05-21 14:07 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax7.dll
2011-05-21 14:07 . 2009-07-08 10:51 740864 ----a-w- c:\windows\system32\hpotscl6.dll
2011-05-21 14:07 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-05-21 14:07 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2011-05-21 14:07 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst15.dll
2011-05-21 13:45 . 2011-05-21 18:34 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-21 13:45 . 2011-05-21 13:45 -------- d-----w- c:\windows\SysWow64\Macromed
2011-05-21 13:44 . 2011-05-21 13:45 -------- d-----w- c:\windows\AxInstSV
2011-05-21 13:24 . 2011-05-21 13:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-05-21 13:05 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-05-21 13:00 . 2011-05-21 13:00 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-05-21 13:00 . 2011-05-29 17:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-21 13:00 . 2011-05-21 13:00 -------- d-----w- c:\program files (x86)\Java
2011-05-21 12:52 . 2011-05-21 12:52 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-21 12:35 . 2011-05-21 14:11 -------- d-----w- c:\programdata\HP
2011-05-21 12:34 . 2011-05-21 12:34 -------- d-----w- c:\programdata\Hewlett-Packard
2011-05-21 12:34 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-05-21 12:25 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-05-21 12:25 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-05-21 12:25 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-05-21 12:25 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-05-21 12:25 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-05-21 12:24 . 2011-05-21 12:24 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-05-21 12:23 . 2011-05-21 12:23 -------- d-----w- c:\windows\PCHEALTH
2011-05-21 12:21 . 2011-05-21 12:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-05-21 12:20 . 2011-05-21 12:26 -------- d-----w- c:\programdata\Microsoft Help
2011-05-21 12:20 . 2011-05-21 12:20 -------- d-----r- C:\MSOCache
2011-05-21 12:17 . 2011-05-21 12:17 -------- d-----w- c:\programdata\Avira
2011-05-21 12:17 . 2011-05-21 12:17 -------- d-----w- c:\program files (x86)\Avira
2011-05-21 12:17 . 2011-04-01 15:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-21 12:17 . 2011-04-01 15:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-21 11:54 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-21 11:54 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-21 11:54 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-05-21 11:54 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-05-21 11:54 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-21 11:54 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-05-21 11:54 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-21 11:54 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-21 11:54 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 07:49 . 2011-05-30 17:20 -------- d-----w- c:\users\user
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:19 . 2011-05-21 11:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-05-21 11:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FXDrv32;FXDrv32;D:\FXDrv64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 10944739
*Deregistered* - 10944739
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nrsrmvds.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-iTunesHelper - j:\johannes\iTunesHelper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-30 21:26:43
ComboFix-quarantined-files.txt 2011-05-30 19:26
.
Vor Suchlauf: 13 Verzeichnis(se), 217.339.572.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 217.803.595.776 Bytes frei
.
- - End Of File - - 7A79AD1219CA6AE6030FEE1A45B07D01
danach waren die verküpfungen an der taskleiste nicht mehr vorhanden (Pfad??) gruß even |
| Themen zu Fehlermeldung Catalyst Control Center |
| 64-bit, alternate, antivir, autorun, avira, bho, bonjour, c:\windows\system32\rundll32.exe, desktop, error, excel, firefox, flash player, google, helper, home, install.exe, installation, keine dateien, langs, logfile, microsoft office word, mozilla, msiinstaller, object, oldtimer, plug-in, problem, realtek, registry, scan, searchplugins, security, senden, shell32.dll, shortcut, software, start menu, syswow64, webcheck, windows |
Baum-Darstellung