Trojaner-Board - Trojaner durch Mahnung ( Trojan.Ransomlock.AJ) Norton Anzeige

Code:
ComboFix 14-07-17.03 - Linh 20.07.2014  15:01:42.2.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1031.18.8144.5104 [GMT 2:00]

Running from: c:\users\Linh\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\cflog\CrashLog_20130501.txt

c:\cflog\CrashLog_20130514.txt

c:\cflog\CrashLog_20130617.txt

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_TESSAFE

-------\Service_TesSafe

.

.

(((((((((((((((((((((((((   Files Created from 2014-06-20 to 2014-07-20  )))))))))))))))))))))))))))))))

.

.

2014-07-20 13:11 . 2014-07-20 13:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-07-19 20:14 . 2014-07-19 20:14        --------        d-----w-        c:\program files (x86)\Google

2014-07-17 14:20 . 2014-07-19 18:03        --------        d-----w-        c:\program files (x86)\Riotgames

2014-07-17 14:01 . 2014-07-17 14:01        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin

2014-07-17 13:58 . 2014-07-17 14:01        --------        d-----w-        c:\users\Linh\AppData\Roaming\Riot Games

2014-07-17 12:18 . 2014-07-17 13:07        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-07-17 11:41 . 2014-07-17 12:02        --------        d-----w-        C:\FRST

2014-07-17 10:27 . 2014-07-17 10:32        --------        d-----w-        c:\programdata\pbcoysu

2014-07-16 13:56 . 2014-07-16 13:56        --------        d--h--w-        c:\windows\PIF

2014-07-16 10:55 . 2014-07-16 10:55        --------        d-----w-        c:\programdata\Riot Games

2014-07-15 16:10 . 2014-07-17 13:04        --------        d-----w-        C:\wow

2014-07-12 12:49 . 2014-07-12 12:49        --------        d-----w-        c:\users\Linh\AppData\Local\The Witcher 2

2014-07-12 12:03 . 2014-07-12 12:03        --------        d-----w-        c:\program files (x86)\GOG.com

2014-07-09 09:00 . 2014-07-09 09:00        5659136        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-07-09 07:26 . 2014-05-30 06:45        497152        ----a-w-        c:\windows\system32\drivers\afd.sys

2014-06-30 20:35 . 2014-06-30 20:35        --------        d-----w-        c:\users\Linh\AppData\Local\Macromedia

2014-06-22 18:07 . 2014-06-22 18:07        --------        d-----w-        c:\programdata\ATI

2014-06-22 18:06 . 2014-07-17 13:08        --------        d-----w-        c:\program files (x86)\Raptr

2014-06-22 18:06 . 2014-07-17 13:06        --------        d-----w-        c:\users\Linh\AppData\Roaming\Raptr

2014-06-22 18:06 . 2014-06-22 18:06        --------        d-----w-        c:\program files (x86)\AMD AVT

2014-06-22 13:24 . 2014-06-22 13:24        --------        d-----w-        c:\program files\AMD

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-09 09:00 . 2013-11-15 18:41        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-09 09:00 . 2013-11-15 18:41        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-06-18 15:23 . 2013-08-31 09:33        291496        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-06-18 15:23 . 2013-08-31 09:33        291496        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2014-06-18 15:23 . 2013-08-31 09:33        76152        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2014-05-23 02:28 . 2014-05-23 02:28        127872        ----a-w-        c:\windows\system32\amdhcp64.dll

2014-05-23 02:28 . 2014-05-23 02:28        117560        ----a-w-        c:\windows\SysWow64\amdhcp32.dll

2014-05-23 02:28 . 2014-05-23 02:28        78432        ----a-w-        c:\windows\system32\atimpc64.dll

2014-05-23 02:28 . 2014-05-23 02:28        78432        ----a-w-        c:\windows\system32\amdpcom64.dll

2014-05-23 02:28 . 2014-05-23 02:28        71704        ----a-w-        c:\windows\SysWow64\atimpc32.dll

2014-05-23 02:28 . 2014-05-23 02:28        71704        ----a-w-        c:\windows\SysWow64\amdpcom32.dll

2014-05-23 02:28 . 2012-12-19 19:31        143304        ----a-w-        c:\windows\system32\atiuxp64.dll

2014-05-23 02:28 . 2014-05-23 02:28        126336        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2014-05-23 02:28 . 2014-05-23 02:28        117584        ----a-w-        c:\windows\system32\atiu9p64.dll

2014-05-23 02:28 . 2012-12-19 20:08        1328352        ----a-w-        c:\windows\system32\aticfx64.dll

2014-05-23 02:28 . 2012-12-19 19:30        99520        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2014-05-23 02:28 . 2012-12-19 20:09        1108432        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2014-05-23 02:27 . 2012-12-19 19:49        10516488        ----a-w-        c:\windows\system32\atidxx64.dll

2014-05-23 02:27 . 2014-05-23 02:27        9015224        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2014-05-23 02:27 . 2012-12-19 19:44        7102496        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2014-05-23 02:27 . 2012-12-19 20:50        6879016        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2014-05-23 02:27 . 2014-05-23 02:27        7892000        ----a-w-        c:\windows\system32\atiumd6a.dll

2014-05-23 02:27 . 2014-05-23 02:27        8108312        ----a-w-        c:\windows\system32\atiumd64.dll

2014-05-23 02:24 . 2014-05-23 02:24        276192        ----a-w-        c:\windows\system32\drivers\amdacpksd.sys

2014-05-23 02:22 . 2014-05-23 02:22        15950336        ----a-w-        c:\windows\system32\drivers\atikmdag.sys

2014-05-23 01:55 . 2014-05-23 01:55        27529216        ----a-w-        c:\windows\system32\atio6axx.dll

2014-05-23 01:47 . 2014-05-23 01:47        231424        ----a-w-        c:\windows\system32\clinfo.exe

2014-05-23 01:47 . 2014-05-23 01:47        98816        ----a-w-        c:\windows\system32\OpenVideo64.dll

2014-05-23 01:47 . 2014-05-23 01:47        83456        ----a-w-        c:\windows\SysWow64\OpenVideo.dll

2014-05-23 01:47 . 2014-05-23 01:47        86528        ----a-w-        c:\windows\system32\OVDecode64.dll

2014-05-23 01:47 . 2014-05-23 01:47        73216        ----a-w-        c:\windows\SysWow64\OVDecode.dll

2014-05-23 01:47 . 2014-05-23 01:47        32874496        ----a-w-        c:\windows\system32\amdocl64.dll

2014-05-23 01:46 . 2014-05-23 01:46        127488        ----a-w-        c:\windows\system32\mantle64.dll

2014-05-23 01:45 . 2014-05-23 01:45        113664        ----a-w-        c:\windows\SysWow64\mantle32.dll

2014-05-23 01:45 . 2014-05-23 01:45        5224960        ----a-w-        c:\windows\system32\amdmantle64.dll

2014-05-23 01:45 . 2014-05-23 01:45        27841024        ----a-w-        c:\windows\SysWow64\amdocl.dll

2014-05-23 01:43 . 2014-05-23 01:43        65024        ----a-w-        c:\windows\system32\OpenCL.dll

2014-05-23 01:43 . 2014-05-23 01:43        58880        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2014-05-23 01:40 . 2014-05-23 01:40        23028224        ----a-w-        c:\windows\SysWow64\atioglxx.dll

2014-05-23 01:38 . 2014-05-23 01:38        366592        ----a-w-        c:\windows\system32\atiapfxx.exe

2014-05-23 01:38 . 2014-05-23 01:38        62464        ----a-w-        c:\windows\system32\aticalrt64.dll

2014-05-23 01:38 . 2014-05-23 01:38        52224        ----a-w-        c:\windows\SysWow64\aticalrt.dll

2014-05-23 01:37 . 2014-05-23 01:37        55808        ----a-w-        c:\windows\system32\aticalcl64.dll

2014-05-23 01:37 . 2014-05-23 01:37        49152        ----a-w-        c:\windows\SysWow64\aticalcl.dll

2014-05-23 01:37 . 2014-05-23 01:37        4180992        ----a-w-        c:\windows\SysWow64\amdmantle32.dll

2014-05-23 01:37 . 2014-05-23 01:37        15716352        ----a-w-        c:\windows\system32\aticaldd64.dll

2014-05-23 01:35 . 2014-05-23 01:35        14302208        ----a-w-        c:\windows\SysWow64\aticaldd.dll

2014-05-23 01:31 . 2014-05-23 01:31        91648        ----a-w-        c:\windows\system32\mantleaxl64.dll

2014-05-23 01:30 . 2014-05-23 01:30        85504        ----a-w-        c:\windows\SysWow64\mantleaxl32.dll

2014-05-23 01:27 . 2014-05-23 01:27        48128        ----a-w-        c:\windows\system32\amdmmcl6.dll

2014-05-23 01:27 . 2014-05-23 01:27        37888        ----a-w-        c:\windows\SysWow64\amdmmcl.dll

2014-05-23 01:25 . 2014-05-23 01:25        442368        ----a-w-        c:\windows\system32\atidemgy.dll

2014-05-23 01:25 . 2014-05-23 01:25        31232        ----a-w-        c:\windows\system32\atimuixx.dll

2014-05-23 01:25 . 2014-05-23 01:25        588800        ----a-w-        c:\windows\system32\atieclxx.exe

2014-05-23 01:25 . 2014-05-23 01:25        239616        ----a-w-        c:\windows\system32\atiesrxx.exe

2014-05-23 01:24 . 2014-05-23 01:24        190976        ----a-w-        c:\windows\system32\atitmm64.dll

2014-05-23 01:18 . 2014-05-23 01:18        826368        ----a-w-        c:\windows\system32\coinst_14.200.dll

2014-05-23 01:12 . 2012-12-19 19:33        1207296        ----a-w-        c:\windows\system32\atiadlxx.dll

2014-05-23 01:12 . 2014-05-23 01:12        898560        ----a-w-        c:\windows\SysWow64\atiadlxy.dll

2014-05-23 01:12 . 2014-05-23 01:12        75264        ----a-w-        c:\windows\system32\atig6pxx.dll

2014-05-23 01:12 . 2014-05-23 01:12        69632        ----a-w-        c:\windows\SysWow64\atiglpxx.dll

2014-05-23 01:12 . 2014-05-23 01:12        69632        ----a-w-        c:\windows\system32\atiglpxx.dll

2014-05-23 01:12 . 2014-05-23 01:12        146944        ----a-w-        c:\windows\system32\atig6txx.dll

2014-05-23 01:12 . 2014-05-23 01:12        133632        ----a-w-        c:\windows\SysWow64\atigktxx.dll

2014-05-23 01:11 . 2014-05-23 01:11        557056        ----a-w-        c:\windows\system32\drivers\atikmpag.sys

2014-05-23 01:11 . 2014-05-23 01:11        95744        ----a-w-        c:\windows\system32\amdave64.dll

2014-05-23 01:11 . 2013-10-24 21:28        90112        ----a-w-        c:\windows\SysWow64\amdave32.dll

2014-05-23 01:11 . 2014-05-23 01:11        89088        ----a-w-        c:\windows\system32\atisamu64.dll

2014-05-23 01:11 . 2014-05-23 01:11        80896        ----a-w-        c:\windows\SysWow64\atisamu32.dll

2014-05-23 01:05 . 2014-05-23 01:05        43520        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2014-05-22 19:56 . 2014-05-22 19:56        51200        ----a-w-        c:\windows\system32\kdbsdk64.dll

2014-05-22 19:52 . 2014-05-22 19:52        38912        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll

2014-05-08 09:32 . 2014-06-12 07:32        1112064        ----a-w-        c:\windows\system32\rdpcorets.dll

2014-04-25 02:34 . 2014-06-12 07:32        801280        ----a-w-        c:\windows\system32\usp10.dll

2014-04-25 02:06 . 2014-06-12 07:32        626688        ----a-w-        c:\windows\SysWow64\usp10.dll

2014-04-25 00:16 . 2014-04-25 00:16        1070232        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]

2014-04-23 10:43        73728        ----a-w-        c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-06-10 11:19        1730264        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-06-10 11:19        1730264        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-06-10 11:19        1730264        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-12-19 393216]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]

"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-06-24 55360]

"GoogleChromeAutoLaunch_939536525BDF0779F99B09D2F241B6A9"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-07-15 860488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-12-06 5021296]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-04-17 585048]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"V0770Mon.exe"="c:\windows\V0770Mon.exe" [2012-06-01 32884]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"ROCCAT Savu Gaming Mouse"="c:\program files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe" [2012-09-10 872048]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-04-15 3814736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-05-22 767200]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]

R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140718.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140718.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1405000.01C\SYMNETS.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x]

S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0069.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0069.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]

S3 tapqqvipacc;TAP-Win32 Adapter V9-QQvipacc;c:\windows\system32\DRIVERS\tapqqvipacc.sys;c:\windows\SYSNATIVE\DRIVERS\tapqqvipacc.sys [x]

S3 V0770Vid;Live! Cam Sync HD VF0770 Driver;c:\windows\system32\DRIVERS\V0770Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0770Vid.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-07-19 20:14        1104200        ----a-w-        c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15 09:00]

.

2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-19 20:14]

.

2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-19 20:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-06-10 11:24        2335960        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-06-10 11:24        2335960        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-06-10 11:24        2335960        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07        23496        ----a-w-        c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105

IE: Client auf Monitor & offnen1 - c:\windows\web\AOpenClient.htm

IE: Client auf Monitor & offnen2 - c:\windows\web\AOpenClient.htm

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Linh\AppData\Roaming\Mozilla\Firefox\Profiles\1ncvaw4z.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-MKLOL - c:\program files (x86)\MKJogo\MKLOL\MKuInst.exe

AddRemove-UnityWebPlayer - c:\users\Linh\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,

   35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}"=hex:51,66,7a,6c,4c,1d,38,12,64,8d,5a,

   d4,85,0b,c0,07,d6,bc,e8,e4,66,85,97,ab

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:60,b5,92,b5,d5,99,ce,01

.

[HKEY_USERS\S-1-5-21-1039859687-1140944567-3889361609-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):52,e2,23,96,be,9d,4c,b5,be,81,e3,62,1a,c2,52,10,07,fd,b5,24,06,

   0a,f8,13,36,0b,1e,e3,f2,af,bf,84,f4,18,7f,0f,34,a0,a5,6d,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1039859687-1140944567-3889361609-1000_Classes\Wow6432Node\CLSID\{ef338741-e1d7-4cb9-9d9d-8c3ed1b4c2e9}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000bd

"Therad"=dword:00000015

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-07-20  15:13:16

ComboFix-quarantined-files.txt  2014-07-20 13:13

.

Pre-Run: 18 Verzeichnis(se), 211.236.343.808 Bytes frei

Post-Run: 19 Verzeichnis(se), 211.065.495.552 Bytes frei

.

- - End Of File - - CCE4EB9B7DC998C12C6AD11A457BC481

A36C5E4F47E84449FF07ED3517B43A31