| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AVG erkennt andauernd potentielle Bedrohungen. z.B. C:\Windows\System32\Drivers\spgc.sys";"Infiziert"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
17.09.2013, 20:23
| #1 | |
| /// the machine /// TB-Ausbilder    |  AVG erkennt andauernd potentielle Bedrohungen. z.B. C:\Windows\System32\Drivers\spgc.sys";"Infiziert"Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2013, 15:26
| #2 |
| | AVG erkennt andauernd potentielle Bedrohungen. z.B. C:\Windows\System32\Drivers\spgc.sys";"Infiziert" Moin Moin.
__________________Hier die Combofix Log: Code:
ATTFilter ComboFix 13-09-17.01 - Shadow2o14 18.09.2013 16:18:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2412 [GMT 2:00]
ausgeführt von:: c:\users\Shadow2o14\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-18 bis 2013-09-18 ))))))))))))))))))))))))))))))
.
.
2013-09-18 14:22 . 2013-09-18 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 11:47 . 2013-09-18 11:47 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-09-18 11:47 . 2013-09-18 11:47 -------- d-----w- c:\windows\system32\wbem\en-US
2013-09-17 22:38 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-09-17 22:38 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-17 22:38 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-17 22:38 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-17 22:30 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-09-17 22:19 . 2013-09-17 22:19 -------- d-----w- c:\windows\system32\SPReview
2013-09-17 22:19 . 2013-09-17 22:19 -------- d-----w- c:\windows\system32\EventProviders
2013-09-17 22:15 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-09-17 22:15 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-09-17 22:15 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-09-17 22:15 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-09-17 22:15 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-09-17 22:15 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-09-17 22:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-17 22:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-17 22:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-17 22:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-17 22:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-17 22:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-17 22:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-17 22:11 . 2013-09-17 22:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-09-17 22:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-09-17 22:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-09-17 22:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-09-17 22:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-09-17 22:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-09-17 18:25 . 2010-11-20 13:27 47104 ----a-w- c:\windows\system32\wshbth.dll
2013-09-17 17:37 . 2013-09-17 17:37 -------- d-----w- C:\FRST
2013-09-17 12:06 . 2013-09-17 12:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-17 12:06 . 2013-09-17 12:06 -------- d-----w- c:\programdata\Malwarebytes
2013-09-17 12:06 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-15 15:08 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-09-15 15:08 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2013-09-15 15:08 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-09-15 15:08 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-09-15 15:08 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2013-09-15 15:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2013-09-15 15:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2013-09-15 15:08 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2013-09-15 15:08 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2013-09-15 15:08 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-09-15 15:08 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-09-15 15:08 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-09-15 15:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-09-15 15:06 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-09-15 15:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2013-09-14 20:09 . 2013-09-14 20:09 -------- d-----w- c:\programdata\Steam
2013-09-14 17:46 . 2013-09-14 19:42 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-09-14 17:46 . 2013-09-14 17:46 -------- d-----w- c:\programdata\McAfee
2013-09-14 17:46 . 2013-09-14 17:46 -------- d-----w- c:\programdata\McAfee Security Scan
2013-09-14 17:46 . 2013-09-14 17:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 17:46 . 2013-09-14 17:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 17:46 . 2013-09-14 17:46 -------- d-----w- c:\windows\system32\Macromed
2013-09-14 16:53 . 2000-05-22 14:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx
2013-09-14 16:53 . 2006-10-06 12:17 53248 ------w- c:\windows\Ctregrun.exe
2013-09-14 15:47 . 2013-09-14 15:47 -------- d-----w- c:\programdata\CyberLink
2013-09-14 15:41 . 2013-09-14 15:41 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2013-09-14 15:41 . 2013-09-14 15:41 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-14 15:41 . 2013-09-14 15:41 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-09-14 15:37 . 2013-09-14 15:37 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-09-14 15:31 . 2013-09-14 16:54 -------- d-----w- c:\windows\system32\Data
2013-09-14 15:31 . 2013-09-14 15:32 -------- d-----w- c:\windows\SysWow64\Data
2013-09-14 15:31 . 2006-06-09 13:20 3072 ----a-w- c:\windows\SysWow64\CTXFIGER.DLL
2013-09-14 15:31 . 2006-06-09 13:20 3072 ----a-w- c:\windows\system32\CTXFIGER.DLL
2013-09-14 15:31 . 2004-07-30 12:46 20480 ----a-w- c:\windows\SysWow64\INRESGER.DLL
2013-09-14 15:31 . 2004-07-30 12:46 20480 ----a-w- c:\windows\system32\INRESGER.DLL
2013-09-14 15:31 . 2009-05-18 12:34 22691984 ----a-w- c:\windows\SysWow64\AppSetup.exe
2013-09-14 15:26 . 2013-09-14 15:26 -------- d-----w- c:\windows\SysWow64\Macromed
2013-09-14 14:46 . 2013-09-14 14:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-09-14 14:43 . 2013-09-14 15:47 -------- d-----w- c:\program files (x86)\CyberLink
2013-09-14 14:43 . 2013-09-14 15:31 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-09-14 14:39 . 2013-09-14 13:46 -------- d-----w- c:\windows\Panther
2013-09-14 14:36 . 2013-09-14 16:58 -------- d-----w- C:\Temp
2013-09-14 14:28 . 2013-09-14 14:28 -------- d-----w- c:\program files (x86)\Microsoft
2013-09-14 14:28 . 2013-09-14 14:28 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2013-09-14 14:28 . 2013-09-14 14:28 -------- d-----w- c:\program files (x86)\Windows Live
2013-09-14 14:28 . 2013-09-14 14:28 -------- d-----w- c:\windows\PCHEALTH
2013-09-14 14:27 . 2013-09-17 22:11 -------- d-----w- c:\programdata\Skype
2013-09-14 14:26 . 2013-09-14 14:26 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-09-14 14:21 . 2013-09-14 14:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-09-14 14:15 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-09-14 14:15 . 2013-08-20 13:32 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-09-14 14:15 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-14 14:09 . 2013-09-14 14:09 -------- d-----w- c:\users\UpdatusUser
2013-09-14 14:08 . 2013-09-14 14:08 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-09-14 14:08 . 2013-09-18 11:59 -------- d-----w- c:\programdata\NVIDIA
2013-09-14 14:08 . 2013-06-21 10:23 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-14 14:08 . 2013-06-21 10:23 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-14 14:08 . 2013-06-21 10:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-14 14:08 . 2013-06-21 10:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-14 14:08 . 2013-06-21 10:23 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-14 14:08 . 2013-06-21 10:23 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-14 14:08 . 2013-06-20 04:17 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-14 14:08 . 2013-06-21 12:06 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-14 14:08 . 2013-06-21 12:06 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-14 13:58 . 2013-09-17 11:46 -------- d-----w- c:\programdata\AVG2013
2013-09-14 13:58 . 2013-09-14 13:58 -------- d-----w- C:\$AVG
2013-09-14 13:57 . 2013-09-14 13:57 -------- d-----w- c:\program files (x86)\AVG
2013-09-14 13:56 . 2013-09-17 23:00 -------- d-sh--w- c:\windows\Installer
2013-09-14 13:56 . 2013-09-18 12:05 -------- d-----w- c:\programdata\MFAData
2013-09-14 13:56 . 2013-09-14 13:56 -------- d--h--w- c:\programdata\Common Files
2013-09-14 13:52 . 2013-09-14 16:55 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-09-14 13:52 . 2013-09-14 14:14 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-09-14 13:52 . 2013-09-14 14:16 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-09-14 13:51 . 2013-02-25 22:32 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-09-14 13:51 . 2012-05-15 10:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2013-09-14 13:51 . 2012-05-15 10:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2013-09-14 13:51 . 2012-05-15 10:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2013-09-14 13:51 . 2013-09-14 14:15 -------- d-----w- c:\program files\NVIDIA Corporation
2013-09-14 13:50 . 2013-09-14 13:50 -------- d-----w- C:\NVIDIA
2013-09-14 13:49 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-09-14 13:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-09-14 13:49 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-09-04 23:43 . 2013-09-04 23:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 11:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-09-18 11:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-07-19 23:51 . 2013-07-19 23:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-06-30 23:45 . 2013-06-30 23:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-21 12:06 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify"="c:\users\Shadow2o14\AppData\Roaming\Spotify\Spotify.exe" [2013-09-14 4640768]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Spotify Web Helper"="c:\users\Shadow2o14\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-09-14 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"RemoteControl"="e:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-05 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;e:\program files (x86)\Skype\Updater\Updater.exe;e:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 17:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Mozilla Firefox 23.0.1 (x86 de) - e:\program files (x86)\uninstall\helper.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-18 16:23:28
ComboFix-quarantined-files.txt 2013-09-18 14:23
.
Vor Suchlauf: 9 Verzeichnis(se), 13.663.784.960 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 14.492.594.176 Bytes frei
.
- - End Of File - - 9EF1DC4AD6FE5918C131EAC1E0583FEC
A36C5E4F47E84449FF07ED3517B43A31
|
|
| Themen zu AVG erkennt andauernd potentielle Bedrohungen. z.B. C:\Windows\System32\Drivers\spgc.sys";"Infiziert" |
| administrator, autostart, dateien, down, explorer, forum, gelöscht, generic, infiziert, inline-hook, microsoft, ntoskrnl.exe, programm, pup.optional.amonetize.a, riskware.tool.ck, security, shutdown, system, system32, temp, viren, win32/adware.cidhelp, windows |
Hybrid-Darstellung
