Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-12-02.01 - *** 04.12.2012 17:32:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2477 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-04 bis 2012-12-04 ))))))))))))))))))))))))))))))
.
.
2012-12-04 16:36 . 2012-12-04 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 18:34 . 2012-12-03 18:34 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-12-03 18:34 . 2012-12-03 18:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-03 18:34 . 2012-12-03 18:34 -------- d-----w- c:\programdata\Malwarebytes
2012-12-03 18:34 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-03 18:30 . 2012-12-03 18:30 -------- d-----w- c:\users\***\AppData\Roaming\LavasoftStatistics
2012-12-03 18:30 . 2012-12-03 18:30 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-12-03 18:24 . 2012-12-03 18:38 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-12-03 18:24 . 2012-12-03 18:24 47496 ----a-w- c:\windows\system32\sbbd.exe
2012-12-03 18:24 . 2012-12-03 18:24 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-03 18:24 . 2012-12-03 18:24 -------- d-----w- c:\users\***\AppData\Local\adawarebp
2012-12-03 18:24 . 2012-12-03 18:24 -------- d-----w- c:\programdata\blekko toolbars
2012-12-03 18:23 . 2012-12-03 18:24 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-12-03 18:23 . 2012-12-03 18:23 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-12-03 18:23 . 2012-12-03 18:24 -------- d-----w- c:\program files (x86)\adawaretb
2012-12-03 18:23 . 2012-12-03 18:39 -------- d-----w- c:\users\***\AppData\Roaming\Ad-Aware Antivirus
2012-11-17 09:46 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-17 09:46 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 09:46 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 09:46 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 09:39 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 09:39 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 09:39 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 09:39 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 09:39 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 09:39 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 09:39 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-11 17:29 . 2012-11-11 17:29 -------- d-----w- c:\programdata\Remedy
2012-11-11 09:43 . 2012-11-11 09:43 -------- d-----w- c:\users\***\AppData\Local\My Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 09:39 . 2011-01-22 10:52 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 17:13 . 2012-11-03 11:53 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-14 17:13 . 2012-11-03 11:53 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-29 18:53 . 2012-10-29 18:53 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-27 21:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 19:57 . 2012-10-13 19:50 967 ----a-w- c:\windows\ScUnin.pif
2012-10-13 19:57 . 2012-10-13 19:50 69632 ----a-w- c:\windows\ScUnin.exe
2012-10-12 07:19 . 2012-11-03 11:08 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB308BB8-A8BB-4B4F-BD76-60CBE8CBF94A}\mpengine.dll
2012-09-24 22:16 . 2012-07-02 15:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-24 22:16 . 2011-01-25 20:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-24 08:58 . 2012-11-03 11:53 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-14 19:19 . 2012-10-09 18:13 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 18:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-12-03 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-01-22 2252800]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-27 384800]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-21 1236368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-18 868848]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-03 14456]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-27 85280]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-04 90112]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-01-22 1235968]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 15:16]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 15:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\
FF - ExtSQL: 2012-10-14 13:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-03 19:23; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-12-03 19:23; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-4StoryPrePatch - d:\4story_de\PrePatch.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-366956087-2911594179-3411153771-1000\Software\SecuROM\License information*]
"datasecu"=hex:44,f4,b3,80,e9,5f,d6,52,fe,0b,82,33,d5,81,ae,55,9b,cd,e2,34,f5,
d7,12,b7,1e,32,4b,94,d6,6b,ac,ed,8b,3f,6e,a9,ef,27,55,25,d6,86,4f,80,a3,31,\
"rkeysecu"=hex:e8,e5,e1,c0,9c,d2,46,57,c9,ac,c8,da,66,a9,9c,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-04 17:38:29
ComboFix-quarantined-files.txt 2012-12-04 16:38
.
Vor Suchlauf: 8 Verzeichnis(se), 422.213.017.600 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 421.883.322.368 Bytes frei
.
- - End Of File - - EF15E26674568580F68AE1844698D38F
04.12.2012, 17:41
Baum-Darstellung