Bitdefender deaktiviert sich nach Trojaner-Fund VERSUCH Nr. 2!
Hi,
tut mir leid, dass ich zum selben Thema noch einen Thread aufmache. Leider läuft da im anderen irgendwas schief. Wenn ich auf "auf Thread antworten" gehe und einen Text schreibe wird der einfach an meinen letzten Beitrag angehängt. Zusätzlich kann ich das dann auch nicht mehr editieren (auch nicht innerhalb der Karenzzeit.) "Direkt antworten" führt zum selben Ergebnis.
Ich beschreibe hier nochmal kurz das Ausgangsproblem.
Nach Bitdefrender einen TRojanerFund meldete, deaktivierte es sich regelmäßig (vor allem nach Reboots) selbst und musste manuell wieder gestartet werden.
Ich habe Scans mit Defogger, OTL, Gmer und TDSSKIller gemacht und hier (im anderen Thread) gepostet.
Nach einem weiteren Scan mit ComboFix und Neustart konnte ich mit keinem Browser mehr irgendeine Seite aufrufen (nicht gefunden und Timeout).
Ich habe die Reparaturanleitungen für die Netzverbindung aus dem CF Tutorial erfolglos durchgeführt.
Der neueste Stand der Dinge ist nun, dass sich Bitdefender überhaupt nicht mehr scharf stellen lässt.
Das wurde mir dann doch ein wenig unheimlich, so dass ich Windows nun in Ruhe lasse und dies aus Knopicilin poste, mit dem ich gerade auch einen Avira-Scan mache.
Ich bin etwas ratlos. Vielleicht bau ich die Platte mal aus und steck sie in ne Icy Box und scann sie woanders. Oder hat sonst jemand ne gute Idee?
cheers,
Steaf
hier nun nochmal das letzte CF log Code:
ComboFix 13-02-26.01 - steaf 27.02.2013 16:54:06.3.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3070.2149 [GMT 1:00]
ausgeführt von:: c:\users\steaf\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Spyware-Schutz *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\ati4irxx.sys
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-27 bis 2013-02-27 ))))))))))))))))))))))))))))))
.
.
2013-02-27 16:04 . 2013-02-27 16:12 -------- d-----w- c:\users\steaf\AppData\Local\temp
2013-02-27 16:04 . 2013-02-27 16:04 -------- d-----w- c:\users\TRAKTOR\AppData\Local\temp
2013-02-27 16:04 . 2013-02-27 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-27 16:04 . 2013-02-27 16:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-27 13:42 . 2013-02-27 13:42 -------- d-----w- c:\program files\ESET
2013-02-27 13:38 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-26 19:32 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-21 14:54 . 2010-10-12 23:10 189760 ----a-w- c:\windows\system32\bmidilib.dll
2013-02-21 14:52 . 2010-10-12 23:10 27720 ----a-w- c:\windows\system32\drivers\bomebus.sys
2013-02-21 14:52 . 2010-10-12 23:10 24136 ----a-w- c:\windows\system32\drivers\bomemidi.sys
2013-02-21 14:52 . 2013-02-21 14:52 -------- d-----w- c:\program files\Bome's Virtual MIDI Port
2013-02-21 14:52 . 2013-02-21 14:52 -------- d-----w- c:\program files\Bonjour
2013-02-21 14:51 . 2013-02-21 14:51 -------- d-----w- c:\program files\TouchOSC Bridge
2013-02-21 11:19 . 2013-02-21 16:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-20 22:35 . 2013-02-21 00:56 -------- d-----w- c:\program files\Tobias Erichsen
2013-02-20 22:34 . 2013-02-20 22:34 -------- d-----w- c:\program files\Bonjour Print Services
2013-02-19 21:20 . 2013-02-19 21:20 -------- d-----w- c:\program files\Common Files\Java
2013-02-19 21:20 . 2013-02-19 21:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-19 10:30 . 2013-02-05 16:52 821824 ----a-w- c:\windows\system32\dgderapi.dll
2013-02-17 17:13 . 2013-02-17 17:13 -------- d-----w- c:\users\steaf\AppData\Local\bdch
2013-02-17 17:12 . 2013-02-17 17:12 -------- d-----w- c:\programdata\bdch
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-13 10:02 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 09:53 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 09:53 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 09:51 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 09:51 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 09:51 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 09:51 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-07 13:46 . 2013-02-07 13:46 -------- d-----w- c:\users\steaf\AppData\Local\PDF24
2013-02-07 13:45 . 2013-02-07 13:46 -------- d-----w- c:\program files\PDF24
2013-02-06 17:33 . 2013-02-06 17:33 -------- d-----w- c:\program files\Evernote
2013-02-06 06:42 . 2013-02-06 06:42 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-02-06 06:42 . 2013-02-06 06:42 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-02-05 16:52 . 2013-02-05 16:52 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52 330240 ----a-w- c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52 30568 ----a-w- c:\windows\MusiccityDownload.exe
2013-01-31 10:24 . 2013-01-31 10:24 -------- d-----w- c:\users\TRAKTOR\AppData\Local\Macromedia
2013-01-31 10:22 . 2013-01-31 10:22 -------- d-----w- c:\users\TRAKTOR\AppData\Local\Mozilla
2013-01-31 09:21 . 2013-01-31 09:21 -------- d-----w- c:\users\TRAKTOR\AppData\Roaming\OpenOffice.org
2013-01-31 09:15 . 2013-01-31 09:15 -------- d-----w- c:\users\TRAKTOR\AppData\Roaming\Bitdefender
2013-01-29 10:48 . 2012-04-17 12:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-01-29 10:48 . 2013-01-30 20:38 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-01-29 10:48 . 2012-07-06 13:13 77192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2013-01-29 10:48 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-01-29 10:48 . 2012-11-02 12:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-01-29 10:48 . 2013-01-30 20:38 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-01-29 10:48 . 2013-01-30 20:38 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-01-29 10:47 . 2013-01-29 16:55 -------- d-----w- c:\users\steaf\AppData\Roaming\Bitdefender
2013-01-29 10:47 . 2013-01-29 10:50 -------- d-----w- c:\programdata\Bitdefender
2013-01-29 10:44 . 2012-08-29 16:24 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-01-29 10:44 . 2012-10-31 11:13 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 21:19 . 2012-06-25 05:28 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-19 21:19 . 2010-05-14 06:40 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-18 10:35 . 2011-05-19 18:30 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2013-02-10 18:49 . 2012-04-09 11:00 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 18:49 . 2011-05-21 07:50 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-05 16:53 . 2012-07-28 08:48 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-01-31 18:41 . 2012-07-24 19:16 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-01-31 18:41 . 2012-07-24 19:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-01-24 02:36 . 2012-08-04 08:39 42971 ----a-w- c:\windows\system32\pdreceive.exe
2013-01-24 02:36 . 2012-08-04 08:39 35836 ----a-w- c:\windows\system32\pdsend.exe
2012-12-28 09:01 . 2012-08-04 08:39 37587 ----a-w- c:\windows\system32\cyclist.exe
2012-12-16 14:13 . 2012-12-27 11:33 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-27 11:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 11:26 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 11:26 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 11:26 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 11:26 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 11:26 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 11:26 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 11:26 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 11:26 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 11:26 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 11:26 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 11:26 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 11:26 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 11:26 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 11:26 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 11:26 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 11:26 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 11:27 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 11:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 11:27 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 11:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 11:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 11:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 11:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-02-20 16:14 . 2013-02-20 16:13 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Kryptografiedienst Fehler !!
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\steaf\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\steaf\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\steaf\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-10-18 16:25 240920 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-10-18 16:25 240920 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-10-18 16:25 240920 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-10-18 16:25 240920 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-06 451856]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 10996368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-30 1615368]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\steaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\steaf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-1-29 1078624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 894240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]
2011-08-30 21:43 925960 ----a-w- c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2012-08-03 19:52 685048 ----a-w- c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 20:51 138096 ----atw- c:\users\steaf\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2010-09-05 08:30 1655296 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2013-02-13 18:38 844144 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-02-13 18:38 1509232 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-02-13 18:38 310128 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 00:33 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 09:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 09:52 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:49]
.
2013-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3663126332-4148620046-1305769861-1001Core.job
- c:\users\steaf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-08 20:51]
.
2013-02-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3663126332-4148620046-1305769861-1001UA.job
- c:\users\steaf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-08 20:51]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 19:31]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 19:31]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663126332-4148620046-1305769861-1001Core.job
- c:\users\steaf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 14:37]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663126332-4148620046-1305769861-1001UA.job
- c:\users\steaf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 14:37]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\steaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\steaf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Neue Notiz - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Zu Evernote 4 hinzufügen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html
Trusted Zone: uni-frankfurt.de\vpn-einwahl
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{13F2E3EC-45EA-41E7-A5AC-5EB6C31FD282}\75C414E4D2030313144364136413035433: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\steaf\AppData\Roaming\Mozilla\Firefox\Profiles\q7w4xs56.default\
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ALBATTTOOL - c:\program files\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-AllShareAgent - c:\program files\Samsung\AllShare\AllShareAgent.exe
MSConfigStartUp-DriverMax_RESTART - c:\program files\Innovative Solutions\DriverMax\devices.exe
MSConfigStartUp-GMX MediaCenter Syncmanager - c:\users\steaf\AppData\Roaming\GMX\GMX MediaCenter Syncmanager\SmartDriveSync.exe
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-MWS Reader 4 - c:\program files\MWS Reader 4\mwsr4.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4776)
c:\users\steaf\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
c:\windows\system32\SAMLIB.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\MPR.dll
c:\windows\System32\nlaapi.dll
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
c:\windows\system32\dhcpcsvc.DLL
c:\windows\system32\dhcpcsvc6.DLL
c:\windows\system32\Wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\System32\netprofm.dll
c:\windows\system32\wkscli.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Bitdefender\Bitdefender 2013\vsserv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ABBYY FineReader 11\NetworkLicenseServer.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
c:\program files\Notebook Hardware Control\nhcservice.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe
c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-27 17:18:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-27 16:18
.
Vor Suchlauf: 4.899.651.584 Bytes frei
Nach Suchlauf: 4.598.808.576 Bytes frei
.
- - End Of File - - 2B15A719F2787DCA81DB2B901287E899
| 