[code]
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-04-16.03 - Schni 17.04.2012 15:15:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3583.2513 [GMT 2:00]
ausgeführt von:: c:\users\Schni\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-17 bis 2012-04-17 ))))))))))))))))))))))))))))))
.
.
2012-04-17 13:18 . 2012-04-17 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 09:21 . 2012-04-17 09:21 -------- d-----w- c:\program files\7-Zip
2012-04-17 07:49 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FFAAD03-53FC-4D10-AB6B-200459EED195}\mpengine.dll
2012-04-12 07:32 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:32 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 07:32 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-05 07:15 . 2012-04-12 09:17 -------- d-----w- c:\program files\World of Warcraft Beta
2012-04-05 07:14 . 2012-04-05 07:14 -------- d-----w- c:\programdata\Battle.net
2012-04-01 06:37 . 2012-04-01 06:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 05:57 . 2012-03-30 05:57 -------- d-----w- c:\programdata\ATI
2012-03-30 05:57 . 2012-03-30 05:57 -------- d-----w- c:\program files\AMD AVT
2012-03-30 05:57 . 2012-03-30 05:57 -------- d-----w- c:\program files\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 06:37 . 2012-03-02 16:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 09:07 . 2012-03-13 19:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-09 06:26 . 2012-03-09 06:26 9183232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2011-12-06 03:17 791552 ----a-w- c:\windows\system32\aticfx32.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:10 . 2012-03-09 05:10 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-03-09 05:07 . 2012-03-09 05:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 05:04 . 2011-12-06 03:06 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-03-09 04:23 . 2011-12-06 02:28 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-03-09 04:23 . 2011-12-06 02:33 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\system32\aticaldd.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-03-09 03:57 . 2012-03-09 03:57 265216 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:56 . 2011-12-06 02:11 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-03-09 03:56 . 2011-12-06 02:11 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-12-06 02:18 51200 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 23:26 . 2012-03-08 23:26 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-03-08 23:26 . 2012-03-08 23:26 54784 ----a-w- c:\windows\system32\OVDecode.dll
2012-03-08 23:25 . 2012-03-08 23:25 13238272 ----a-w- c:\windows\system32\amdocl.dll
2012-03-08 23:24 . 2012-03-08 23:24 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-07 23:38 . 2012-03-07 23:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 23:38 . 2012-03-07 23:38 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 23:38 . 2012-03-07 23:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 23:38 . 2012-03-07 23:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 23:38 . 2012-03-07 23:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 23:38 . 2012-03-07 23:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 23:38 . 2012-03-07 23:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 23:38 . 2012-03-07 23:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 23:38 . 2012-03-07 23:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 23:38 . 2012-03-07 23:38 367104 ----a-w- c:\windows\system32\html.iec
2012-03-07 23:38 . 2012-03-07 23:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 23:38 . 2012-03-07 23:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 23:38 . 2012-03-07 23:38 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 23:38 . 2012-03-07 23:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 23:38 . 2012-03-07 23:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 23:38 . 2012-03-07 23:38 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 23:38 . 2012-03-07 23:38 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-05 07:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-23 08:18 . 2012-03-02 16:03 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 08:53 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 08:53 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 08:53 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 08:54 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 08:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 07:56 . 2012-03-02 19:42 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-31 07:56 . 2012-03-02 19:42 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-01-25 05:32 . 2012-03-14 08:53 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 08:53 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 08:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 11:00 . 2012-03-02 15:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
.
c:\users\Schni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-3-6 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 291840]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:37]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Schni\AppData\Roaming\Mozilla\Firefox\Profiles\oj3e7fln.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-17 15:19:50
ComboFix-quarantined-files.txt 2012-04-17 13:19
.
Vor Suchlauf: 6 Verzeichnis(se), 420.491.747.328 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 420.858.105.856 Bytes frei
.
- - End Of File - - EE56CC71F1441214C056877341BF6F53
--- --- ---
Da steht etwas von einem Neustart. Passiert das automatisch? War kurz nicht am Rechner.
17.04.2012, 14:25
Hybrid-Darstellung
