Trojaner-Board - C:\Windows\System32\services.exe Infiziert!

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - C:\Windows\System32\services.exe Infiziert! (https://www.trojaner-board.de/135366-c-windows-system32-services-exe-infiziert.html)

Hier bitte

Code:

 Volume in Laufwerk C: hat keine Bezeichnung.

 Volumeseriennummer: 4AE8-60DA
 

 Verzeichnis von C:\
 

14.07.2009  07:08    <VERBINDUNG>   Documents and Settings [C:\Users]

08.11.2012  17:29    <VERBINDUNG>   Dokumente und Einstellungen [C:\Users]

08.11.2012  17:29    <VERBINDUNG>   Programme [C:\Program Files]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Program Files
 

08.11.2012  17:29    <VERBINDUNG>   Gemeinsame Dateien [C:\Program Files\Common Files]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Program Files\Windows NT
 

08.11.2012  17:29    <VERBINDUNG>   Zubeh”r [C:\Program Files\Windows NT\Accessories]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\ProgramData
 

08.11.2012  17:29    <VERBINDUNG>   Anwendungsdaten [C:\ProgramData]

14.07.2009  07:08    <VERBINDUNG>   Application Data [C:\ProgramData]

14.07.2009  07:08    <VERBINDUNG>   Desktop [C:\Users\Public\Desktop]

14.07.2009  07:08    <VERBINDUNG>   Documents [C:\Users\Public\Documents]

08.11.2012  17:29    <VERBINDUNG>   Dokumente [C:\Users\Public\Documents]

08.11.2012  17:29    <VERBINDUNG>   Favoriten [C:\Users\Public\Favorites]

14.07.2009  07:08    <VERBINDUNG>   Favorites [C:\Users\Public\Favorites]

14.07.2009  07:08    <VERBINDUNG>   Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

08.11.2012  17:29    <VERBINDUNG>   Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]

14.07.2009  07:08    <VERBINDUNG>   Templates [C:\ProgramData\Microsoft\Windows\Templates]

08.11.2012  17:29    <VERBINDUNG>   Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
 

08.11.2012  17:29    <VERBINDUNG>   Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users
 

14.07.2009  07:08    <SYMLINKD>     All Users [C:\ProgramData]

14.07.2009  07:08    <VERBINDUNG>   Default User [C:\Users\Default]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\All Users
 

08.11.2012  17:29    <VERBINDUNG>   Anwendungsdaten [C:\ProgramData]

14.07.2009  07:08    <VERBINDUNG>   Application Data [C:\ProgramData]

14.07.2009  07:08    <VERBINDUNG>   Desktop [C:\Users\Public\Desktop]

14.07.2009  07:08    <VERBINDUNG>   Documents [C:\Users\Public\Documents]

08.11.2012  17:29    <VERBINDUNG>   Dokumente [C:\Users\Public\Documents]

08.11.2012  17:29    <VERBINDUNG>   Favoriten [C:\Users\Public\Favorites]

14.07.2009  07:08    <VERBINDUNG>   Favorites [C:\Users\Public\Favorites]

14.07.2009  07:08    <VERBINDUNG>   Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

08.11.2012  17:29    <VERBINDUNG>   Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]

14.07.2009  07:08    <VERBINDUNG>   Templates [C:\ProgramData\Microsoft\Windows\Templates]

08.11.2012  17:29    <VERBINDUNG>   Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
 

08.11.2012  17:29    <VERBINDUNG>   Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\Default
 

08.11.2012  17:29    <VERBINDUNG>   Anwendungsdaten [C:\Users\Default\AppData\Roaming]

14.07.2009  07:08    <VERBINDUNG>   Application Data [C:\Users\Default\AppData\Roaming]

14.07.2009  07:08    <VERBINDUNG>   Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

08.11.2012  17:29    <VERBINDUNG>   Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

08.11.2012  17:29    <VERBINDUNG>   Eigene Dateien [C:\Users\Default\Documents]

14.07.2009  07:08    <VERBINDUNG>   Local Settings [C:\Users\Default\AppData\Local]

08.11.2012  17:29    <VERBINDUNG>   Lokale Einstellungen [C:\Users\Default\AppData\Local]

14.07.2009  07:08    <VERBINDUNG>   My Documents [C:\Users\Default\Documents]

14.07.2009  07:08    <VERBINDUNG>   NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

08.11.2012  17:29    <VERBINDUNG>   Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

14.07.2009  07:08    <VERBINDUNG>   PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

14.07.2009  07:08    <VERBINDUNG>   Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

14.07.2009  07:08    <VERBINDUNG>   SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

14.07.2009  07:08    <VERBINDUNG>   Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

08.11.2012  17:29    <VERBINDUNG>   Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

14.07.2009  07:08    <VERBINDUNG>   Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

08.11.2012  17:29    <VERBINDUNG>   Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\Default\AppData\Local
 

08.11.2012  17:29    <VERBINDUNG>   Anwendungsdaten [C:\Users\Default\AppData\Local]

14.07.2009  07:08    <VERBINDUNG>   Application Data [C:\Users\Default\AppData\Local]

14.07.2009  07:08    <VERBINDUNG>   History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

14.07.2009  07:08    <VERBINDUNG>   Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

08.11.2012  17:29    <VERBINDUNG>   Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
 

08.11.2012  17:29    <VERBINDUNG>   Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\Default\Documents
 

08.11.2012  17:29    <VERBINDUNG>   Eigene Bilder [C:\Users\Default\Pictures]

08.11.2012  17:29    <VERBINDUNG>   Eigene Musik [C:\Users\Default\Music]

08.11.2012  17:29    <VERBINDUNG>   Eigene Videos [C:\Users\Default\Videos]

14.07.2009  07:08    <VERBINDUNG>   My Music [C:\Users\Default\Music]

14.07.2009  07:08    <VERBINDUNG>   My Pictures [C:\Users\Default\Pictures]

14.07.2009  07:08    <VERBINDUNG>   My Videos [C:\Users\Default\Videos]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\IceShock
 

08.11.2012  17:29    <VERBINDUNG>   Anwendungsdaten [C:\Users\IceShock\AppData\Roaming]

08.11.2012  17:29    <VERBINDUNG>   Cookies [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Cookies]

08.11.2012  17:29    <VERBINDUNG>   Druckumgebung [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

08.11.2012  17:29    <VERBINDUNG>   Eigene Dateien [C:\Users\IceShock\Documents]

08.11.2012  17:29    <VERBINDUNG>   Lokale Einstellungen [C:\Users\IceShock\AppData\Local]

08.11.2012  17:29    <VERBINDUNG>   Netzwerkumgebung [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

08.11.2012  17:29    <VERBINDUNG>   Recent [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Recent]

08.11.2012  17:29    <VERBINDUNG>   SendTo [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\SendTo]

08.11.2012  17:29    <VERBINDUNG>   Startmen [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Start Menu]

08.11.2012  17:29    <VERBINDUNG>   Vorlagen [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Templates]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\IceShock\AppData\Local
 

08.11.2012  17:29    <VERBINDUNG>   Anwendungsdaten [C:\Users\IceShock\AppData\Local]

08.11.2012  17:29    <VERBINDUNG>   Temporary Internet Files [C:\Users\IceShock\AppData\Local\Microsoft\Windows\Temporary Internet Files]

08.11.2012  17:29    <VERBINDUNG>   Verlauf [C:\Users\IceShock\AppData\Local\Microsoft\Windows\History]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Start Menu
 

08.11.2012  17:29    <VERBINDUNG>   Programme [C:\Users\IceShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\IceShock\Documents
 

08.11.2012  17:29    <VERBINDUNG>   Eigene Bilder [C:\Users\IceShock\Pictures]

08.11.2012  17:29    <VERBINDUNG>   Eigene Musik [C:\Users\IceShock\Music]

08.11.2012  17:29    <VERBINDUNG>   Eigene Videos [C:\Users\IceShock\Videos]

               0 Datei(en),              0 Bytes
 

 Verzeichnis von C:\Users\Public\Documents
 

08.11.2012  17:29    <VERBINDUNG>   Eigene Bilder [C:\Users\Public\Pictures]

08.11.2012  17:29    <VERBINDUNG>   Eigene Musik [C:\Users\Public\Music]

08.11.2012  17:29    <VERBINDUNG>   Eigene Videos [C:\Users\Public\Videos]

14.07.2009  07:08    <VERBINDUNG>   My Music [C:\Users\Public\Music]

14.07.2009  07:08    <VERBINDUNG>   My Pictures [C:\Users\Public\Pictures]

14.07.2009  07:08    <VERBINDUNG>   My Videos [C:\Users\Public\Videos]

               0 Datei(en),              0 Bytes
 

     Anzahl der angezeigten Dateien:

               0 Datei(en),              0 Bytes

              83 Verzeichnis(se), 75.090.055.168 Bytes frei

Es hat geklappt :)

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Leider scheint es auch nicht zu gehen :headbang:
Auf Desktop gespeichert, ausgeführt, eine Taste gedrückt und dann das : (Anhang)
Kurz danach schließt es sich

Eigentlich hatte ich schon befürchtet dass es bei mehrere Tools fehler geben wurde :(

Downloade dir bitte Farbar's Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Hier

Code:

Farbar Service Scanner Version: 14-04-2013

Ran by IceShock (administrator) on 23-05-2013 at 16:24:55

Running from "C:\Users\IceShock\Downloads"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.
 
 

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.
 
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.
 

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.
 
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
 

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
 
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1
 

RpcSs Service is not running. Checking service configuration:

The start type of RpcSs service is OK.

The ImagePath of RpcSs service is OK.
 
 

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Downloade dir bitte RestoreBFE.exe.

Starte das Tool mit Doppelklick.
Nach ein paar Sekunden sollte eine Nachricht mit "Done" aufpoppen.

Downloade Dir untenstehende Reg-Dateien:

http://download.bleepingcomputer.com...s/7/MpsSvc.reg
http://download.bleepingcomputer.com.../WinDefend.reg

DoppelKlicken und Änderungen ermöglichen.

Downloade dir bitte diese Tool von folgendem Link: Service Repair
Nach dem Start wird das Tool versuchen einige Standarddienste wiederherzustellen. Poste mit bitte das anfallende Logfile.

Rechner nachher neustarten.

Erneut eine Farbar Service Scanner Log-Datei erstellen und posten :)

Ich musste den Schritt mit RestoreBFE überspringen, denn dann erscheint die Meldung: "Error! This tool does not apply to you"
Den Rest habe ich gemacht, hier das Log

Code:

Farbar Service Scanner Version: 14-04-2013

Ran by IceShock (administrator) on 23-05-2013 at 16:38:47

Running from "C:\Users\IceShock\Downloads"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.
 
 

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.
 
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.
 

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.
 
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
 

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
 
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".
 
 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1
 

RpcSs Service is not running. Checking service configuration:

The start type of RpcSs service is OK.

The ImagePath of RpcSs service is OK.
 
 

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Mal sehen ob Combofix noch etwas Änderung bringt.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Nachher auch eine neue Farbar Services Scanner Log-Datei erstellen und mir posten :)

So, hat alles geklappt
Hier das Log

Code:

ComboFix 13-05-23.02 - IceShock 23.05.2013  17:01:13.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8173.6451 [GMT 2:00]

ausgeführt von:: c:\users\IceShock\Desktop\ComboFix.exe

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\system\D3DRM.DLL

c:\windows\SysWow64\frapsvid.dll

c:\windows\SysWow64\tmpA515.tmp

c:\windows\SysWow64\tmpA516.tmp

.

Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-04-23 bis 2013-05-23  ))))))))))))))))))))))))))))))

.

.

2013-05-23 15:06 . 2013-05-23 15:06        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-05-23 12:57 . 2013-05-23 12:57        121        ----a-w-        c:\windows\DeleteOnReboot.bat

2013-05-23 12:39 . 2013-05-23 12:39        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Malwarebytes

2013-05-23 12:39 . 2013-05-23 12:39        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-23 12:39 . 2013-05-23 12:39        --------        d-----w-        c:\programdata\Malwarebytes

2013-05-23 12:39 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-05-23 11:39 . 2013-05-23 11:39        --------        d-----w-        C:\TDSSKiller_Quarantine

2013-05-22 17:28 . 2013-05-22 17:28        --------        d-----w-        c:\users\IceShock\AppData\Local\Diagnostics

2013-05-22 17:15 . 2013-05-22 17:15        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2013-05-22 14:15 . 2013-05-22 14:15        --------        d-----w-        c:\programdata\Kaspersky Lab

2013-05-22 14:15 . 2013-05-22 14:15        --------        d-----w-        c:\program files (x86)\Kaspersky Lab

2013-05-22 13:02 . 2013-05-22 13:35        --------        d-----w-        C:\OutputFolder

2013-05-22 13:02 . 2013-05-22 13:28        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Digiarty

2013-05-22 13:01 . 2013-05-22 13:28        --------        d-----w-        c:\program files (x86)\Digiarty

2013-05-22 11:40 . 2013-05-22 11:47        --------        d-----w-        c:\program files (x86)\Lucius

2013-05-21 16:39 . 2013-05-21 16:39        --------        d-----w-        c:\program files (x86)\EA Games

2013-05-16 13:13 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 16:21 . 2013-05-15 16:46        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Audacity

2013-05-15 16:21 . 2013-05-15 16:21        --------        d-----w-        c:\program files (x86)\Audacity

2013-05-15 16:18 . 2013-05-15 16:18        --------        d-----w-        c:\programdata\YTD Video Downloader

2013-05-15 16:18 . 2013-05-15 16:18        --------        d-----w-        c:\program files (x86)\GreenTree Applications

2013-05-14 10:58 . 2013-05-14 10:58        971680        ----a-w-        c:\windows\system32\deployJava1.dll

2013-05-14 10:58 . 2013-05-14 10:58        311200        ----a-w-        c:\windows\system32\javaws.exe

2013-05-14 10:58 . 2013-05-14 10:58        1092512        ----a-w-        c:\windows\system32\npDeployJava1.dll

2013-05-14 10:58 . 2013-05-14 10:58        108448        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2013-05-14 10:58 . 2013-05-14 10:58        188832        ----a-w-        c:\windows\system32\javaw.exe

2013-05-14 10:58 . 2013-05-14 10:58        188320        ----a-w-        c:\windows\system32\java.exe

2013-05-14 10:57 . 2013-05-14 10:57        --------        d-----w-        c:\program files\Java

2013-05-13 18:07 . 2013-05-13 18:07        --------        d-----w-        c:\users\IceShock\AppData\Local\Realmware

2013-05-13 18:07 . 2013-05-13 18:07        --------        d-----w-        c:\program files\Realmware

2013-05-12 10:04 . 2013-05-19 13:01        --------        d-----w-        c:\users\IceShock\AppData\Roaming\.minecraft

2013-05-10 15:54 . 2013-05-10 15:54        --------        d-----w-        c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2013-05-10 15:54 . 2013-05-10 15:54        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard

2013-05-10 13:25 . 2013-05-10 13:25        --------        d-----w-        c:\program files (x86)\Winamp Detect

2013-05-10 13:24 . 2013-05-10 13:24        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine

2013-05-10 13:24 . 2013-05-20 09:53        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Winamp

2013-05-10 13:24 . 2013-05-10 13:26        --------        d-----w-        c:\program files (x86)\Winamp

2013-05-10 13:21 . 2013-05-10 13:21        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Meine Traffic

2013-05-10 13:21 . 2010-06-01 12:30        331136        ----a-w-        c:\windows\MTrUn.EXE

2013-05-10 13:21 . 2013-05-10 13:21        --------        d-----w-        c:\program files (x86)\MT

2013-05-10 11:17 . 2013-05-10 11:17        --------        d-----w-        c:\programdata\LogiShrd

2013-05-10 11:15 . 2013-05-10 11:15        --------        d-----w-        c:\users\IceShock\AppData\Local\Logitech

2013-05-10 11:15 . 2013-05-10 11:15        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Leadertech

2013-05-10 11:14 . 2013-05-10 11:15        --------        d-----w-        c:\program files\Logitech Gaming Software

2013-05-10 11:13 . 2013-05-10 11:13        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Logitech

2013-05-10 11:13 . 2013-05-10 11:13        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Logishrd

2013-05-09 18:10 . 2013-05-09 18:12        --------        d-----w-        C:\Twixtor5AE

2013-05-09 13:27 . 2013-05-09 13:45        --------        d-----w-        c:\programdata\PopCap Games

2013-05-06 16:13 . 2013-05-06 16:13        --------        d-----w-        c:\program files\Common Files\OFX

2013-05-03 16:15 . 2013-05-03 16:15        --------        d-----w-        c:\users\IceShock\AppData\Local\SmartTechnology

2013-05-03 15:45 . 2013-05-03 15:45        --------        d-----w-        c:\programdata\SmartTechnology

2013-05-03 15:45 . 2013-05-03 15:45        --------        d-----w-        c:\program files\SmartTechnology

2013-05-03 15:38 . 2013-05-03 15:38        --------        d-----w-        c:\programdata\Sentinel

2013-05-03 15:38 . 2013-05-03 15:38        --------        d-----w-        c:\program files (x86)\Mad Catz

2013-05-03 15:18 . 2013-05-03 15:18        --------        d-----w-        c:\program files (x86)\MonitorDriver

2013-05-03 15:17 . 2013-05-03 15:17        --------        d-----w-        c:\users\IceShock\AppData\Roaming\InstallShield

2013-05-01 09:48 . 2013-05-01 08:38        122904        ----a-w-        c:\windows\system\OpenAL32.dll

2013-04-28 09:45 . 2013-04-28 09:46        --------        d-----w-        c:\users\IceShock\AppData\Local\Divinity 2

2013-04-28 08:18 . 2013-04-28 08:18        --------        d-----w-        c:\programdata\Divinity 2

2013-04-28 08:07 . 2013-04-28 08:21        --------        d-----w-        c:\program files (x86)\Divinity II - Ego Draconis

2013-04-24 21:56 . 2013-04-24 21:56        77592        ----a-w-        c:\windows\system32\ladfGSRCoinst_amd64.dll

2013-04-24 21:56 . 2013-04-24 21:56        410008        ----a-w-        c:\windows\system32\drivers\ladfGSCamd64.sys

2013-04-24 21:56 . 2013-04-24 21:56        102808        ----a-w-        c:\windows\system32\drivers\ladfGSRamd64.sys

2013-04-24 15:21 . 2013-04-24 18:18        --------        d-----w-        c:\program files (x86)\Thief - Deadly Shadows

2013-04-24 11:39 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-22 17:52 . 2012-11-21 17:31        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-22 17:52 . 2012-11-21 17:31        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-20 17:42 . 2012-11-09 14:50        45856        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys

2013-05-16 17:31 . 2012-11-08 17:00        75016696        ----a-w-        c:\windows\system32\MRT.exe

2013-05-16 16:54 . 2012-11-10 12:38        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-05-16 16:54 . 2012-11-09 16:17        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-05-16 16:45 . 2012-11-09 16:17        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-05-01 08:38 . 2012-12-21 16:42        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2013-05-01 08:38 . 2012-12-21 16:42        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2013-05-01 08:38 . 2012-12-21 16:42        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2013-04-15 15:09 . 2012-11-18 13:42        802136        ----a-w-        c:\program files\uTorrent.exe

2013-04-13 05:49 . 2013-05-16 13:13        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-16 13:13        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-16 13:13        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-16 13:13        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-16 13:13        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-16 13:13        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll

2013-04-04 03:35 . 2013-04-18 15:24        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-01 18:22 . 2012-11-09 16:17        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2013-03-19 06:04 . 2013-04-10 14:48        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 14:48        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 14:48        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 14:48        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 14:48        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 14:48        112640        ----a-w-        c:\windows\system32\smss.exe

2013-03-13 11:36 . 2012-11-08 16:23        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2013-03-13 11:36 . 2012-11-08 16:23        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-03-09 16:53 . 2013-03-09 16:53        4608        ----a-w-        c:\windows\SysWow64\w95inf32.dll

2013-03-09 16:53 . 2013-03-09 16:53        2272        ----a-w-        c:\windows\SysWow64\w95inf16.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-04-09 15:27        158224        ----a-w-        c:\windows\SysWOW64\CbFsMntNtf3.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\IceShock\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-09-14 393216]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]

"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-07-06 303104]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2013-04-24 410008]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2013-04-24 102808]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-02 36448]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-24 283200]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664]

S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-07-06 2656536]

S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]

S3 Said1109;Said1109;c:\windows\system32\DRIVERS\Said1109.sys [2012-10-15 25920]

S3 SaiK1109;SaiK1109;c:\windows\system32\DRIVERS\SaiK1109.sys [2012-10-15 180544]

S3 SaiK1713;SaiK1713;c:\windows\system32\DRIVERS\SaiK1713.sys [2012-09-20 180544]

S3 SaiU1713;SaiU1713;c:\windows\system32\DRIVERS\SaiU1713.sys [2012-09-20 47168]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 11:28        1642448        ----a-w-        c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 17:52]

.

2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 16:14]

.

2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 16:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-04-09 15:27        190480        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7466600]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-01-24 477600]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-10-15 454144]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-10-15 158208]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: Free YouTube to iPod Converter - c:\users\IceShock\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm

Trusted Zone: aeriagames.com

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\

FF - prefs.js: network.proxy.http - www-proxy.t-online.de

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-04-08 19:11; m2k@m2kdownloader.com; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\m2k@m2kdownloader.com.xpi

FF - ExtSQL: 2013-04-28 17:28; info@maltegoetz.de; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\info@maltegoetz.de.xpi

FF - ExtSQL: 2013-04-28 18:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-05-09 17:23; ich@maltegoetz.de; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\ich@maltegoetz.de

.

.

------- Dateityp-Verknüpfung -------

.

JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

SafeBoot-55593187.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-LEGO Stunt Rally - c:\allespiele\lego stunt rally\Uninst.isu

AddRemove-{9B8C0E34-8323-43D9-AD5B-771ECCD1453A}_is1 - c:\allespiele\Arcuz\Arcuz Behind The Darck\unins000.exe

AddRemove-ApplicationUpdater - c:\users\IceShock\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-623712556-1154303772-162369497-1000\Software\SecuROM\License information*]

"datasecu"=hex:e3,51,4e,f5,e1,0f,1e,e7,8b,48,50,8c,b8,76,9b,d4,34,7f,13,e7,f3,

   6a,30,39,77,aa,2b,75,16,61,cb,67,51,78,7f,27,cd,b4,a3,91,9b,26,9e,bb,55,a8,\

"rkeysecu"=hex:9b,57,2d,36,6a,15,ae,c6,c5,1d,8a,96,64,58,d5,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-05-23  17:14:31 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-05-23 15:14

.

Vor Suchlauf: 19 Verzeichnis(se), 74.641.661.952 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 78.684.983.296 Bytes frei

.

- - End Of File - - DD29AAD3D171454BD45EE2BFB2FAFF56

Zitat:

Zitat von smeenk (Beitrag 1068278)

Nachher auch eine neue Farbar Services Scanner Log-Datei erstellen und mir posten

Log kommt noch? :)

Oh, tut mir leid habe ich übersehen :balla:

Code:

Farbar Service Scanner Version: 14-04-2013

Ran by IceShock (administrator) on 23-05-2013 at 17:52:56

Running from "C:\Users\IceShock\Downloads"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0
 
 

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.
 

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.
 
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 

Windows Update:

============

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.
 
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.
 
 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1
 

RpcSs Service is not running. Checking service configuration:

The start type of RpcSs service is OK.

The ImagePath of RpcSs service is OK.
 
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Zitat:

Zitat von Florian_Ice (Beitrag 1068361)

Oh, tut mir leid habe ich übersehen :balla:

Kann jeder passieren ;)

Bleibt nur diese uberig:

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.

http://i1224.photobucket.com/albums/...3/Capture3.gif
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

http://i1224.photobucket.com/albums/...y3/Capture.gif
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

http://i1224.photobucket.com/albums/...3/Capture1.gif
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

http://i1238.photobucket.com/albums/...eakingtool.jpg

Alles klar, Schritt 3 ist nun abgeschlossen, aber bei "Start Repairs" gibt es keine Modi zur Auswahl nur "Start" und "Back". Soll der ich einfach starten ?

Und irgendwie sind da fast doppelt so viele Anhakmöglichkeiten. Liegt bestimmt daran, dass ich Version 1.9.14 habe und im Bild ist 1.4.3 gezeigt.

Lieber frage ich nochmal nach als etwas falsches zu machen.

Windows Repair wird ständig weiterentwikkelt und es ist möglich dass einige Bilder nicht mehr der Aktualität entsprechen ;)

Wahle start und guck mal ob du herausfindest wie es weiter soll zur Reparatur.

Ok das dauert jetzt noch ziemlich lange ich Poste die Ergebnisse dann Morgen.