Windows Security Center: Computer gesperrt! Virus, Trojaner ?

creatix · 12.02.2012, 15:31

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-11.03 - creatix 12.02.2012  14:49:26.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.8190.6892 [GMT 1:00]
ausgeführt von:: c:\users\creatix\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-12 bis 2012-02-12  ))))))))))))))))))))))))))))))
.
.
2012-02-12 13:56 . 2012-02-12 13:56	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-02-10 18:24 . 2012-02-10 18:24	--------	d-----w-	C:\_OTL
2012-02-10 12:25 . 2012-02-10 12:25	--------	d-----w-	c:\users\creatix\AppData\Roaming\Avira
2012-02-10 12:24 . 2011-12-15 14:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-02-10 12:24 . 2011-12-15 13:59	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-02-10 12:24 . 2011-12-15 13:59	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-10 12:24 . 2012-02-10 12:24	--------	d-----w-	c:\programdata\Avira
2012-02-10 12:24 . 2012-02-10 12:24	--------	d-----w-	c:\program files (x86)\Avira
2012-02-06 21:10 . 2012-02-06 21:10	--------	d-----w-	c:\program files (x86)\ESET
2012-02-06 20:05 . 2012-02-06 20:05	--------	d-----w-	c:\users\creatix\AppData\Roaming\Malwarebytes
2012-02-06 20:05 . 2012-02-06 20:05	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-06 20:05 . 2012-02-06 20:05	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-06 20:05 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-06 19:50 . 2012-02-09 08:40	--------	d-----w-	c:\users\Gaeste
2012-02-03 06:52 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC0D5EAA-0582-48A9-B188-F770F2017274}\mpengine.dll
2012-02-02 08:32 . 2012-02-06 09:50	--------	d-----w-	c:\users\Gast.creatix-PC\.jordan
2012-01-28 07:58 . 2011-02-19 06:37	1135104	----a-w-	c:\windows\system32\FntCache.dll
2012-01-28 07:58 . 2011-02-19 06:37	1540608	----a-w-	c:\windows\system32\DWrite.dll
2012-01-28 07:58 . 2011-02-19 06:36	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-01-28 07:58 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-01-28 07:58 . 2011-02-19 05:32	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-01-18 20:01 . 1999-05-28 09:15	86016	----a-w-	c:\windows\unvise32qt.exe
2012-01-18 20:01 . 2012-01-18 20:01	40960	----a-w-	c:\program files (x86)\Internet Explorer\plugins\npqtplugin3.dll
2012-01-18 20:01 . 2012-01-18 20:01	40960	----a-w-	c:\program files (x86)\Internet Explorer\plugins\npqtplugin2.dll
2012-01-18 20:01 . 2012-01-18 20:01	40960	----a-w-	c:\program files (x86)\Internet Explorer\plugins\npqtplugin.dll
2012-01-18 20:01 . 2012-01-18 20:01	--------	d-----w-	c:\windows\SysWow64\QuickTime
2012-01-18 20:01 . 2012-01-18 20:01	--------	d-----w-	c:\program files (x86)\QuickTime
2012-01-18 20:01 . 2012-01-18 20:01	--------	d-----w-	c:\program files (x86)\Red Orb
2012-01-18 18:23 . 2012-01-18 18:23	--------	d-----w-	c:\programdata\SplitMediaLabs
2012-01-18 18:23 . 2012-01-18 18:23	--------	d-----w-	c:\program files (x86)\SplitMediaLabs
2012-01-18 18:23 . 2012-01-18 18:23	--------	d-----w-	c:\users\creatix\AppData\Roaming\SplitMediaLabs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-09-08 13:12	279656	------w-	c:\windows\system32\MpSigStub.exe
2011-12-17 16:42 . 2011-12-17 16:42	281200	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-12-17 16:42 . 2011-12-17 16:38	281200	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-12-17 16:38 . 2011-12-17 16:38	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-12-17 16:38 . 2011-12-17 16:38	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-11-24 05:00 . 2011-12-15 10:16	3141632	----a-w-	c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-11 12:48	77312	----a-w-	c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 12:48	67072	----a-w-	c:\windows\SysWow64\packager.dll
2011-11-17 07:14 . 2012-01-11 12:48	1739160	----a-w-	c:\windows\system32\ntdll.dll
2011-11-17 05:41 . 2012-01-11 12:48	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-16 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
c:\users\Gast.creatix-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\creatix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} -
TCP: DhcpNameServer = 192.168.220.1
FF - ProfilePath - c:\users\creatix\AppData\Roaming\Mozilla\Firefox\Profiles\lr8zugrf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Myst Masterpiece Edition - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-12  15:30:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-12 14:30
.
Vor Suchlauf: 13 Verzeichnis(se), 707.380.199.424 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 706.832.760.832 Bytes frei
.
- - End Of File - - F2E61B591DC87E9E0B2A759AFFB05C7A

--- --- ---

Windows Security Center: Computer gesperrt! Virus, Trojaner ?

Log-Analyse und Auswertung: Windows Security Center: Computer gesperrt! Virus, Trojaner ?

Windows Security Center: Computer gesperrt! Virus, Trojaner ?

Ähnliche Themen: Windows Security Center: Computer gesperrt! Virus, Trojaner ?