Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 14-07-11.04 - *****11.07.2014 18:20:55.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2011.1093 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-11 bis 2014-07-11 ))))))))))))))))))))))))))))))
.
.
2014-07-11 16:33 . 2014-07-11 16:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-11 16:33 . 2014-07-11 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-11 16:33 . 2014-07-11 16:33 -------- d-----w- c:\users\*****\AppData\Local\temp
2014-07-08 09:51 . 2014-07-08 09:50 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-08 09:39 . 2014-07-09 12:14 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-07 13:39 . 2014-07-07 13:39 -------- d-----w- c:\program files\VS Revo Group
2014-07-06 23:54 . 2014-07-06 23:57 -------- d-----w- C:\FRST
2014-07-06 20:16 . 2014-07-06 20:16 103680 ----a-w- C:\fwkdrfoc.sys
2014-06-23 20:43 . 2014-06-23 20:43 -------- d-----w- c:\users\*****\AppData\Roaming\SketchUp
2014-06-23 20:40 . 2014-06-23 20:40 -------- d-----w- c:\programdata\SketchUp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 13:06 . 2012-11-12 20:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:06 . 2012-11-12 20:35 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-04 21:07 . 2013-05-29 19:12 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-08 08:48 . 2014-06-11 11:30 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-06-08 08:43 . 2014-06-11 11:30 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-03 08:41 . 2014-04-25 10:44 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-30 09:02 . 2014-06-11 11:32 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02 . 2014-06-11 11:32 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:44 . 2014-06-11 11:31 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 08:43 . 2014-06-11 11:32 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:42 . 2014-06-11 11:32 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 08:28 . 2014-06-11 11:32 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:28 . 2014-06-11 11:32 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 08:27 . 2014-06-11 11:32 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21 . 2014-06-11 11:32 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 08:10 . 2014-06-11 11:32 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 07:56 . 2014-06-11 11:31 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 07:50 . 2014-06-11 11:32 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49 . 2014-06-11 11:32 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21 . 2014-06-11 11:32 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-05-27 12:22 . 2013-05-29 19:12 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-27 07:40 . 2014-05-27 07:40 644400 ----a-w- c:\windows\system32\mscomct2.ocx
2014-04-25 02:06 . 2014-06-11 11:30 626688 ----a-w- c:\windows\system32\usp10.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2064384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2010-02-10 171104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-04 750160]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-10 527864]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2014-04-24 1810496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-08 280576]
.
c:\users\Anna Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-7-9 195248]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-12-10 92112]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-21 1343400]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-02 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-07-04 430160]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-06-18 1617080]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-10 479224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52539675
*Deregistered* - 52539675
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 22:50 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 13:06]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-20 09:53]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-20 09:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://asavpn-cluster-1.hrz.uni-bielefeld.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxp://www.digitalpublishing.de/launcher/dpLaunchPlugin.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-52539675.sys
SafeBoot-75070223.sys
SafeBoot-93925963.sys
AddRemove-?????????? ???????_is1 - c:\program files\?????????? ???????\unins000.exe
.
.
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4092)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2014-07-11 18:36:45
ComboFix-quarantined-files.txt 2014-07-11 16:36
.
Vor Suchlauf: 15 Verzeichnis(se), 401.692.495.872 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 402.075.574.272 Bytes frei
.
- - End Of File - - F9EB4F3FDFE24FD0831E47BFC52CFE9D
8A1C59E4DFEF87510470928550466632
11.07.2014, 17:50
Baum-Darstellung