| |
| |||||||
Log-Analyse und Auswertung: Doppelte Akzente nach Virenfund ( 'TR/Bublik.I.1')Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.02.2013, 21:22
| #1 | |
| |  Doppelte Akzente nach Virenfund ( 'TR/Bublik.I.1') Hallo, Ich war gestern Abend am surfen, als mein Antivir sich meldet: Zitat:
 )Ich dachte damit hätte sich die Sache erledigt, doch seitdem bekomme ich immer doppelte akzente, also ich drücke 1 mal auf ^ und es kommen direkt 2, genauso bei ´´. Ich hab über google immer nur gefunden es könnten Keylogger oder so sein. Auch bin ich hier auf nen anderen Thread gestoßen, indem jemand das gleiche Problem hatte, aber nach dem posten des combofix logs nicht drumrum kam den pc neu auf zu setzen. Wäre übrigens kein Problem für mich, wollte das die nächsten Tage sowieso mal machen, hauptsächlich gehts mir also auch darum, wie gefährdet meine Passwörter sind, oder ob sie überhaupt gefährdet sind - vor ca nem Monat das letzte mal Antivir komplett durchlaufen lassen 0 Funde, nichmal Warnungen oder Verdächtige Dateien. edit: gerade auch Antivir (premium) nochmal durchlaufen lassen, gleiches ergebnis, 0 funde Hier mal mein Combofix log, hoffe Ihr werdet daraus schlau und könnt mir weiterhelfen, vielen dank schonmal im voraus. Code:
ATTFilter ComboFix 13-02-24.01 - Venkx 25.02.2013 20:41:19.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16346.13028 [GMT 1:00]
ausgeführt von:: c:\users\Venkx\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Venkx\310.90-desktop-win8-win7-winvista-64bit-english-whql.exe
c:\users\Venkx\AppData\Roaming\Comoim
c:\users\Venkx\AppData\Roaming\Comoim\nuyqv.exe
c:\users\Venkx\AppData\Roaming\ie_util.exe
c:\users\Venkx\avira_antivirus_premium.exe
c:\users\Venkx\ComboFix.exe
c:\users\Venkx\jdiskreport-1_4_0-win.exe
c:\users\Venkx\qip2012.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-25 bis 2013-02-25 ))))))))))))))))))))))))))))))
.
.
2013-02-25 19:43 . 2013-02-25 19:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-25 19:43 . 2013-02-25 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-24 22:39 . 2013-02-24 23:05 -------- d-----w- c:\users\Venkx\AppData\Roaming\Ydqehe
2013-02-24 22:39 . 2013-02-24 22:39 -------- d-----w- c:\users\Venkx\AppData\Roaming\Ipespa
2013-02-13 02:01 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 02:01 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 22:38 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-12 22:38 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 22:38 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 22:37 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-12 22:37 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-12 22:37 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-12 22:37 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-12 22:37 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-12 22:37 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-12 22:37 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-12 22:37 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-12 22:37 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-10 18:22 . 2013-02-10 18:22 -------- d-----w- C:\ICQ
2013-02-09 13:56 . 2013-02-10 08:49 -------- d-----w- c:\users\Venkx\AppData\Roaming\.minecraft
2013-02-05 18:59 . 2013-02-08 21:45 -------- d-----w- C:\World of Warcraft
2013-01-29 21:17 . 2013-01-29 21:52 -------- d-----w- c:\users\Venkx\Dunkelmond
2013-01-27 09:56 . 2013-01-27 09:56 -------- d-----w- c:\users\Venkx\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 15:34 . 2012-04-30 15:10 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 15:34 . 2012-04-30 15:10 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 02:02 . 2012-04-30 10:01 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-12 22:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2013-01-07 23:29 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-12-29 10:34 . 2013-01-07 23:29 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-07 23:29 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-07 23:29 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-07 23:29 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-07 23:29 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2012-12-29 10:34 . 2013-01-07 23:29 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2012-12-29 10:34 . 2013-01-07 23:29 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-07 23:29 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2013-01-07 23:29 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-07 23:29 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-07 23:29 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-01-07 23:29 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2013-01-07 23:29 246024 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-29 10:34 . 2013-01-07 23:29 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-07 23:29 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-07 23:29 201728 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-29 10:34 . 2013-01-07 23:29 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-07 23:29 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2013-01-07 23:29 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-07 23:29 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2013-01-07 23:29 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2013-01-07 23:29 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2013-01-07 23:29 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2013-01-07 23:29 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:34 . 2012-09-14 15:34 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-09-14 15:34 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 08:40 . 2012-04-30 08:58 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2012-04-30 08:58 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-04-30 08:58 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2012-04-30 08:58 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2012-04-30 08:58 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2012-04-30 08:58 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-25 18:30 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-12-25 18:30 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-22 15:37 . 2012-12-22 15:58 380928 ----a-w- c:\windows\system32\RtlUI2.exe
2012-12-22 15:37 . 2012-12-22 15:58 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2012-12-22 15:37 . 2012-10-06 16:58 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2012-12-16 17:11 . 2012-12-22 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 15:32 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 15:32 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 15:32 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 15:32 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 15:32 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 15:32 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 15:32 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 15:32 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 15:32 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 15:32 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 15:32 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 15:32 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 15:32 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 15:32 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 15:32 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 15:32 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 15:32 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 15:32 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 15:32 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 15:32 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 15:32 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 15:32 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 15:32 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 15:32 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 15:32 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 15:32 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 15:32 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 15:32 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 15:32 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 15:32 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 15:32 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 15:32 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 15:32 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 15:32 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 15:32 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 15:32 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 15:32 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 15:32 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-30 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2012-04-30 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\qip 2012\qip.exe" [2013-01-10 8378408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"RoccatIsku"="c:\program files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE" [2011-07-12 536576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Venkx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-8-1 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Venkx\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-08-12 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-10-11 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-14 1255736]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-30 27760]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-01-11 8704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-12-20 2727936]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2011-11-15 204800]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2011-11-15 256000]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 15:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-13 331776]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Owutxuseuf - c:\users\Venkx\AppData\Roaming\Comoim\nuyqv.exe
Wow6432Node-HKCU-Run-IExplorer Util - c:\users\Venkx\AppData\Roaming\ie_util.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1844830689-1888343456-1936942990-1000\Software\SecuROM\License information*]
"datasecu"=hex:56,79,b1,ac,6a,e3,3a,5c,c6,94,ca,d4,a9,28,bf,20,1d,22,56,08,fd,
ce,a0,38,8a,8b,57,c6,7b,f3,15,35,9f,27,38,eb,3a,f5,1b,58,e2,d0,4f,4b,bd,ee,\
"rkeysecu"=hex:73,50,6e,e5,41,59,3c,fd,a8,4d,1e,5f,b2,e4,7c,1c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-25 20:44:24
ComboFix-quarantined-files.txt 2013-02-25 19:44
.
Vor Suchlauf: 13 Verzeichnis(se), 23.505.588.224 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 23.250.030.592 Bytes frei
.
- - End Of File - - 9B49E5F6B51554480DC3039D0BCB5F9C
|
| Themen zu Doppelte Akzente nach Virenfund ( 'TR/Bublik.I.1') |
| adobe, akzente, antivir, antivirus, avg, avira, blockiert, browser, combofix, defender, desktop, device driver, email, flash player, google, home, object, problem, programm, realtek, schutz, sigcheck, software, system, trojan, usb, virus, windows |
Baum-Darstellung