cpt. subtext | 07.08.2013 13:24 | Combofix Logfile: Code:
ComboFix 13-08-07.01 - Erik 07.08.2013 14:09:45.2.6 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.49.1031.18.8190.6598 [GMT 2:00]
ausgeführt von:: c:\users\Erik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Erik\AppData\Roaming\Microsoft\~DFKb1849f4.tmp
c:\users\Erik\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Erik\AppData\Roaming\Microsoft\bass.dll
c:\users\Erik\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Erik\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Erik\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Erik\msdata
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-07 bis 2013-08-07 ))))))))))))))))))))))))))))))
.
.
2013-08-07 12:19 . 2013-08-07 12:19 -------- d-----w- c:\users\Erik\AppData\Local\temp
2013-08-07 12:19 . 2013-08-07 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-07 08:58 . 2013-08-07 08:58 -------- d-----w- C:\FRST
2013-08-06 17:00 . 2013-08-06 17:00 -------- d-----w- c:\users\Erik\AppData\Local\Mozilla
2013-08-05 19:27 . 2013-08-05 19:27 -------- d-----w- c:\users\Erik\AppData\Roaming\Malwarebytes
2013-08-05 19:26 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-05 19:26 . 2013-08-05 19:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-05 18:07 . 2013-08-05 18:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-08-05 17:47 . 2013-08-05 17:59 -------- d-----w- c:\users\Erik\AppData\Roaming\SM2
2013-08-05 17:47 . 2013-08-05 17:47 -------- d-----w- c:\program files\ShaderMap 2 DEMO
2013-08-05 17:36 . 2013-08-05 17:36 -------- d-----w- c:\programdata\CrazyBump
2013-08-05 17:36 . 2013-08-05 17:36 -------- d-----w- c:\users\Erik\AppData\Local\CrazyBump
2013-08-05 17:34 . 2013-08-05 17:34 -------- d-----w- c:\programdata\Malwarebytes
2013-07-24 15:49 . 2013-07-24 15:49 -------- d-----w- c:\users\Erik\AppData\Roaming\com.studio-fizbin.InnerWorld
2013-07-21 15:53 . 2013-08-06 16:23 -------- d-----w- c:\users\Erik\AppData\Local\LogMeIn Hamachi
2013-07-21 15:13 . 2013-07-21 15:16 -------- d-----w- c:\users\Erik\AppData\Roaming\ftblauncher
2013-07-19 20:25 . 2013-07-19 20:25 -------- d-----w- c:\users\Erik\AppData\Roaming\.mono
2013-07-19 20:25 . 2013-07-19 20:25 -------- d-----w- c:\users\Erik\AppData\Local\UWebKit
2013-07-19 11:16 . 2013-07-19 11:18 -------- d-----w- c:\windows\system32\MRT
2013-07-11 13:03 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E41C4BC-7682-4674-9C5C-9278A25C03CF}\mpengine.dll
2013-07-11 12:08 . 2013-07-11 12:08 -------- d-----w- c:\users\Erik\AppData\Roaming\RealNetworks
2013-07-11 12:07 . 2013-07-11 12:07 -------- d-----w- c:\program files (x86)\RealNetworks
2013-07-11 12:07 . 2013-07-11 12:07 -------- d-----w- c:\programdata\RealNetworks
2013-07-11 12:07 . 2013-07-11 12:07 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-07-10 07:43 . 2013-07-10 07:43 -------- d-----w- c:\programdata\REVOLT
2013-07-10 07:30 . 2013-07-10 07:30 -------- d-----w- c:\users\Erik\Neuer Ordner
2013-07-10 05:42 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 05:42 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-22 18:40 . 2012-11-30 17:45 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-22 18:40 . 2012-09-05 14:07 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-19 19:50 . 2012-09-04 12:28 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-07-16 19:25 . 2012-07-26 00:38 312832 ----a-w- c:\windows\system32\LocationApi.dll
2013-07-11 12:07 . 2012-12-28 19:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-07-11 12:07 . 2012-12-28 19:31 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-26 19:06 . 2013-06-26 19:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 19:06 . 2012-09-05 22:13 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 19:06 . 2012-09-05 22:13 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2012-11-15 15:34 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 17:50 . 2012-11-30 17:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-09 01:44 . 2013-03-13 10:34 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-06 20:29 . 2013-06-06 20:29 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2013-06-06 20:29 . 2013-06-06 20:29 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2013-05-30 23:24 . 2013-06-17 11:02 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-23 23:01 . 2013-06-17 11:02 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-17 11:02 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-05-15 22:37 . 2013-06-12 05:43 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-12 05:43 53760 ----a-w- c:\windows\system32\UXInit.dll
2013-05-15 22:35 . 2013-07-05 12:19 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-05-15 02:25 . 2013-06-17 11:02 888320 ----a-w- c:\windows\system32\autochk.exe
2013-05-15 02:25 . 2013-06-17 11:02 542208 ----a-w- c:\windows\system32\untfs.dll
2013-05-15 02:24 . 2013-06-17 11:02 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-05-15 02:24 . 2013-06-17 11:02 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-05-14 13:14 . 2013-06-12 05:43 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 09:23 . 2013-06-12 05:43 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-01-10 1475952]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-01-10 844144]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-01-10 310128]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-07-11 295512]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - German 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 sthid;Splashtop Virtual Hid;c:\windows\System32\drivers\sthid.sys;c:\windows\SYSNATIVE\drivers\sthid.sys [x]
R3 TabletFilter;Tablet Driver;c:\windows\System32\drivers\TabletFilter.sys;c:\windows\SYSNATIVE\drivers\TabletFilter.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 xusb22;Treiberdienst 22 für Xbox 360 Wireless Receiver;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-12-18 19:08 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\4xzzp7q7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2013-07-11 14:07; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2757179658-3383392886-2677204389-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,5d,59,58,52,91,8d,71,86,96,0c,e3,13,47,63,ff,ea,51,45,00,e6,36,76,
b5,81,2e,69,c0,4b,0f,10,d0,23,9e,65,37,de,b9,8f,74,11,85,33,f1,55,10,78,13,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-2757179658-3383392886-2677204389-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:6f,c0,65,b6,2c,59,4d,3d,6b,dd,85,94,5b,aa,59,95,87,3c,7c,68,b2,
22,94,2d,9a,6a,55,53,53,c0,f7,f7,49,22,84,89,1f,df,43,dc,7b,ae,eb,3b,b7,93,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-08-07 14:22:33
ComboFix-quarantined-files.txt 2013-08-07 12:22
.
Vor Suchlauf: 7 Verzeichnis(se), 115.841.683.456 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 115.430.551.552 Bytes frei
.
- - End Of File - - 794ABB1CCDC484A1DE86FB2E1CFA35A2 --- --- ---
8CEE196473CB7D9C8D19B01CCD723C4F
Danke für die schnelle Antwort! |