Jump to content

Trojan or something worst?


Recommended Posts

Hi,


 


Since my computer is lately working badly (no sound, problems with internet connection, no possible diagnose modus...), I suspect I got infected by a trojan or anything similar.


 


Please find here my DDS log:


 


DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 10.0.9200.16720

Run by Luis at 22:38:33 on 2013-11-07

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.43.1031.18.3007.1474 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Program Files\Soluto\SolutoLauncherService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe

C:\Program Files\Soluto\Soluto.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Canon\ImageBrowser EX\MFManager.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.





BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun

uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload

uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [starter] c:\program files\driver-soft\drivergenius\StarterW3i.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [soluto] c:\program files\soluto\soluto.exe /init

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imageb~1.lnk - c:\program files\canon\imagebrowser ex\MFManager.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

TCP: NameServer = 195.34.133.21 212.186.211.21

TCP: Interfaces\{EDF01445-80BF-47F3-BF3A-EF7CAD19CB2F} : DHCPNameServer = 195.34.133.21 212.186.211.21

TCP: Interfaces\{EDF01445-80BF-47F3-BF3A-EF7CAD19CB2F}\55053413338353433313 : DHCPNameServer = 195.34.133.21 212.186.211.21

TCP: Interfaces\{EDF01445-80BF-47F3-BF3A-EF7CAD19CB2F}\7416C61687970235F523337353 : DHCPNameServer = 192.168.16.1

TCP: Interfaces\{EDF01445-80BF-47F3-BF3A-EF7CAD19CB2F}\F456354714D274163747 : DHCPNameServer = 213.33.99.70 80.120.17.70

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-13 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-13 175176]

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2013-4-14 51144]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-13 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-13 369584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-13 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-13 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-29 46808]

R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328]

R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\soluto\SolutoLauncherService.exe [2013-4-9 166976]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2013-4-9 720448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]

S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\google\google desktop search\GoogleDesktop.exe [2013-4-14 30192]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-22 14848]

S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-4-14 1103392]

S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-4-14 1369624]

S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-4-14 168384]

S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]

S3 SolutoRemoteService;Soluto Remote Service;c:\program files\soluto\SolutoRemoteService.exe [2013-4-9 1245248]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-8-22 24064]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-22 49664]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-8-22 27136]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-13 1343400]

.

=============== Created Last 30 ================

.

2013-11-07 21:37:22 -------- d-s---w- C:\ComboFix

2013-11-07 21:36:17 98816 ----a-w- c:\windows\sed.exe

2013-11-07 21:36:17 256000 ----a-w- c:\windows\PEV.exe

2013-11-07 21:36:17 208896 ----a-w- c:\windows\MBR.exe

2013-11-07 21:22:26 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{34767f88-05f6-4284-b8e6-ab25e6690b35}\offreg.dll

2013-11-05 18:12:28 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{34767f88-05f6-4284-b8e6-ab25e6690b35}\mpengine.dll

2013-10-26 22:45:44 -------- d-----w- c:\users\luis\appdata\local\Microsoft_Corporation

2013-10-17 17:32:22 -------- d-----w- C:\6d29d88b64c4a3b08637648a9b73

2013-10-16 17:20:35 -------- d-----w- c:\windows\system32\Soluto

2013-10-16 17:01:31 -------- d-----w- c:\program files\Core Temp

2013-10-16 17:01:26 -------- d-----w- c:\program files\Driver-Soft

2013-10-16 16:59:58 -------- d-----w- c:\programdata\APN

2013-10-09 19:50:59 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-10-09 19:50:59 10240 ----a-w- c:\windows\system32\dciman32.dll

2013-10-09 19:50:58 70656 ----a-w- c:\windows\system32\fontsub.dll

2013-10-09 19:50:58 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-10-09 19:50:58 26112 ----a-w- c:\windows\system32\lpk.dll

2013-10-09 19:50:36 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-10-09 19:50:24 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-10-09 19:50:06 205824 ----a-w- c:\windows\system32\WebClnt.dll

2013-10-09 19:50:05 81920 ----a-w- c:\windows\system32\davclnt.dll

2013-10-09 19:50:05 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2013-10-09 19:49:53 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-09 19:49:53 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2013-10-09 19:49:46 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

.

==================== Find3M  ====================

.

2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-09-03 12:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-08-05 14:30:49 2743640 ----a-w- c:\program files\vstor40_x86.exe

2011-12-06 10:28:28 1343488 ----a-w- c:\program files\wcwdes10.dll

2010-10-15 15:27:13 143360 ----a-w- c:\program files\Updatewcwdes10.exe

2010-02-08 19:50:08 225280 ----a-w- c:\program files\wcwdes05.wll

.

============= FINISH: 22:39:42,46 ===============

 

 

Thank you in advance!

 

Best regards

 

Link to post
Share on other sites

Hi, here another log, from ComboFIx:

 

ComboFix 13-11-04.01 - Luis 07.11.2013  22:55:07.1.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.43.1031.18.3007.1472 [GMT 1:00]
ausgeführt von:: c:\users\Luis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Luis\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-07 bis 2013-11-07  ))))))))))))))))))))))))))))))
.
.
2013-11-07 22:14 . 2013-11-07 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-07 22:07 . 2013-11-07 22:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34767F88-05F6-4284-B8E6-AB25E6690B35}\offreg.dll
2013-11-05 18:12 . 2013-10-15 23:20 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34767F88-05F6-4284-B8E6-AB25E6690B35}\mpengine.dll
2013-10-26 22:45 . 2013-10-26 22:45 -------- d-----w- c:\users\Luis\AppData\Local\Microsoft_Corporation
2013-10-17 17:32 . 2013-10-25 15:53 -------- d-----w- C:\6d29d88b64c4a3b08637648a9b73
2013-10-16 17:20 . 2013-10-16 17:20 -------- d-----w- c:\windows\system32\Soluto
2013-10-16 17:01 . 2013-10-25 15:54 -------- d-----w- c:\program files\Core Temp
2013-10-16 17:01 . 2013-10-25 15:54 -------- d-----w- c:\program files\Driver-Soft
2013-10-16 16:59 . 2013-10-16 16:59 -------- d-----w- c:\programdata\APN
2013-10-09 19:50 . 2013-06-06 04:50 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-09 19:50 . 2013-06-06 03:01 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-09 19:50 . 2013-06-06 04:52 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-09 19:50 . 2013-06-06 04:51 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-09 19:50 . 2013-06-06 03:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-09 19:50 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-09 19:50 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-09 19:50 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-09 19:50 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-09 19:50 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-09 19:49 . 2013-07-12 10:08 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-09 19:49 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-09 19:49 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-05 21:34 . 2013-10-05 21:34 73728 ----a-r- c:\users\Luis\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-10-05 21:34 . 2013-10-05 21:34 73728 ----a-r- c:\users\Luis\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-10-05 21:34 . 2013-10-05 21:34 73728 ----a-r- c:\users\Luis\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-09-03 12:35 . 2013-04-13 13:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 14:30 . 2013-08-05 14:30 2743640 ----a-w- c:\program files\vstor40_x86.exe
2011-12-06 10:28 . 2013-08-05 14:28 1343488 ----a-w- c:\program files\wcwdes10.dll
2010-10-15 15:27 . 2013-08-05 14:28 143360 ----a-w- c:\program files\Updatewcwdes10.exe
2010-02-08 19:50 . 2013-08-05 14:28 225280 ----a-w- c:\program files\wcwdes05.wll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-03 5706480]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-09-04 1564528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Starter"="c:\program files\Driver-Soft\DriverGenius\StarterW3i.exe" [2012-02-14 79728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-09-04 311152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-04-09 1285184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2013-6-9 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 2C3E7EAE7;2C3E7EAE7;c:\users\Luis\AppData\Local\Temp\2C3E7EAE7.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2013-04-14 30192]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [2013-04-09 1245248]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-13 1343400]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [2013-04-09 51144]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-07 202328]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2013-04-09 166976]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2013-04-09 720448]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x32.sys [x]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 18:05 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-07 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-09-15 07:00]
.
2013-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 13:27]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 13:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-33366037.sys
SafeBoot-72059481.sys
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5204)
c:\progra~1\MICROS~1\Office14\1031\GrooveIntlResource.dll
c:\windows\System32\ieframe.dll
c:\program files\Spybot - Search & Destroy 2\SDHelper.dll
c:\program files\Spybot - Search & Destroy 2\snlBase150.bpl
c:\program files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
c:\program files\Spybot - Search & Destroy 2\DEC150.bpl
c:\program files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
c:\program files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
c:\program files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
c:\windows\System32\NLSLexicons0007.dll
.
Zeit der Fertigstellung: 2013-11-07  23:18:46
ComboFix-quarantined-files.txt  2013-11-07 22:18
.
Vor Suchlauf: 10 Verzeichnis(se), 86.949.208.064 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 88.744.910.848 Bytes frei
.
- - End Of File - - A0B764F6DF4866FA171B9E347DD5612B
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

  • Root Admin

You will need to post in the other forum for malware detection and removal.  This forum is for general issues and issues with our program.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.


Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.