Code:
ComboFix 13-08-22.01 - fatih 23.08.2013 22:01:21.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.6030.4533 [GMT 2:00]
ausgeführt von:: c:\users\fatih\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\programdata\SetStretch.VBS
c:\windows\msvcr71.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-23 bis 2013-08-23 ))))))))))))))))))))))))))))))
.
.
2013-08-23 20:07 . 2013-08-23 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-23 20:07 . 2013-08-23 20:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-23 18:20 . 2013-08-23 18:20 -------- d-----w- C:\FRST
2013-08-23 17:38 . 2013-08-23 18:58 -------- d-----w- c:\program files (x86)\Google
2013-08-23 17:38 . 2013-08-23 17:38 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-23 17:38 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-23 17:38 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-23 17:38 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-23 17:38 . 2013-08-23 17:38 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-23 17:38 . 2013-08-23 17:38 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-23 17:38 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-23 17:38 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-23 17:38 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-23 17:37 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-08-23 17:37 . 2013-08-23 17:37 -------- d-----w- c:\program files\AVAST Software
2013-08-23 17:37 . 2013-08-23 17:37 -------- d-----w- c:\programdata\AVAST Software
2013-08-23 17:19 . 2013-08-23 17:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-08-22 16:41 . 2013-08-22 16:41 -------- d-----w- c:\program files (x86)\GameforgeLive
2013-08-22 15:56 . 2013-08-22 15:56 240304 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin
2013-08-20 08:30 . 2013-08-20 08:30 -------- d-----w- c:\users\Public\CyberLink
2013-08-19 20:27 . 2013-08-19 20:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-19 20:27 . 2013-08-19 20:27 -------- d-----r- c:\program files (x86)\Skype
2013-08-19 20:27 . 2013-08-19 20:27 -------- d-----w- c:\programdata\Skype
2013-08-19 19:08 . 2013-08-19 19:08 -------- d-----w- c:\program files (x86)\OpenOffice 4
2013-08-19 13:35 . 2013-08-19 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-08-19 03:58 . 2012-10-11 07:25 56552 ----a-w- c:\windows\system32\drivers\sdstor.sys
2013-08-18 18:05 . 2013-08-18 18:06 -------- d-----w- c:\program files\WinRAR
2013-08-18 11:26 . 2012-11-27 04:19 3245568 ----a-w- c:\windows\system32\rdpcorets.dll
2013-08-18 11:18 . 2012-08-31 00:53 17888 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2013-08-18 11:13 . 2012-08-31 00:52 17888 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2013-08-18 09:17 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-18 09:17 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-18 09:11 . 2012-11-06 07:52 277736 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2013-08-18 07:32 . 2013-04-08 21:52 106496 ----a-w- c:\windows\SysWow64\Robocopy.exe
2013-08-18 07:32 . 2013-04-08 21:51 411136 ----a-w- c:\windows\SysWow64\Windows.Networking.dll
2013-08-18 07:32 . 2013-04-08 21:51 268800 ----a-w- c:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-08-18 07:32 . 2013-04-08 21:51 1113600 ----a-w- c:\windows\SysWow64\MSAudDecMFT.dll
2013-08-18 07:32 . 2013-04-08 21:51 361984 ----a-w- c:\windows\SysWow64\MFMediaEngine.dll
2013-08-18 07:32 . 2013-03-15 22:05 252928 ----a-w- c:\windows\SysWow64\rsaenh.dll
2013-08-18 07:30 . 2013-04-09 04:51 3552768 ----a-w- c:\windows\system32\tquery.dll
2013-08-18 07:29 . 2013-04-09 05:17 1829408 ----a-w- c:\windows\system32\ntdll.dll
2013-08-18 06:25 . 2013-03-02 02:45 1161728 ----a-w- c:\windows\system32\sppobjs.dll
2013-08-18 06:22 . 2013-01-09 23:23 2094592 ----a-w- c:\windows\system32\mmc.exe
2013-08-18 06:19 . 2013-05-04 06:59 3241472 ----a-w- c:\windows\system32\wuaueng.dll
2013-08-18 06:18 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-08-18 06:18 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-08-18 06:18 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-08-18 06:18 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-08-18 06:17 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-08-18 06:17 . 2013-05-23 23:01 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-08-18 06:17 . 2013-05-23 22:27 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-08-17 21:22 . 2013-08-17 21:22 -------- d-----w- c:\program files (x86)\TERA
2013-08-17 21:06 . 2013-06-27 22:04 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-17 21:06 . 2013-06-27 22:04 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-17 20:43 . 2013-08-17 20:43 -------- d-----w- C:\sources
2013-08-17 20:42 . 2013-08-17 21:13 -------- d-----r- c:\windows\BrowserChoice
2013-08-17 11:00 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-08-17 11:00 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-08-17 11:00 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-08-17 11:00 . 2013-08-23 18:58 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-08-17 10:57 . 2013-08-17 10:57 -------- d-----w- c:\program files (x86)\Pando Networks
2013-08-17 09:09 . 2013-08-17 09:12 -------- d-----w- c:\windows\system32\MRT
2013-08-17 07:53 . 2013-08-17 07:53 -------- d-----w- c:\program files (x86)\GPU-Z
2013-08-17 07:33 . 2007-10-22 01:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2013-08-16 19:08 . 2013-08-16 19:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-08-16 19:08 . 2013-08-16 19:08 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-16 19:08 . 2013-08-16 19:08 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-16 19:08 . 2013-08-16 19:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-16 19:08 . 2013-08-16 19:08 -------- d-----w- c:\program files (x86)\Java
2013-08-16 18:46 . 2013-08-16 18:46 -------- d-----w- C:\NvidiaLogging
2013-08-16 18:45 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-08-16 18:45 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-16 18:45 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-08-16 10:38 . 2013-08-19 19:05 -------- d-----w- c:\programdata\Microsoft Help
2013-08-16 10:10 . 2013-08-16 15:35 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-08-16 10:10 . 2013-08-23 19:58 -------- d-----w- c:\program files (x86)\Steam
2013-08-16 10:08 . 2013-08-16 10:08 -------- d-----w- c:\program files (x86)\Microsoft Office 15
2013-08-16 00:20 . 2013-08-15 17:31 -------- d--h--r- c:\users\Public\AccountPictures
2013-08-15 20:12 . 2013-08-15 20:12 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-08-15 20:12 . 2013-08-15 20:19 -------- d-----w- c:\windows\SysWow64\NV
2013-08-15 20:12 . 2013-08-15 20:19 -------- d-----w- c:\windows\system32\NV
2013-08-15 20:07 . 2013-08-15 20:07 -------- d-----w- C:\NVIDIA
2013-08-15 19:55 . 2012-10-10 07:04 94208 ----a-w- c:\windows\system32\synceng.dll
2013-08-15 19:52 . 2012-11-26 04:21 71168 ----a-w- c:\windows\SysWow64\ncryptsslp.dll
2013-08-15 19:52 . 2012-11-26 04:20 86016 ----a-w- c:\windows\system32\ncryptsslp.dll
2013-08-15 19:52 . 2013-04-10 22:35 1617920 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-08-15 19:52 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-08-15 19:52 . 2013-04-10 22:35 1318912 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-08-15 19:52 . 2013-04-10 22:35 1306112 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-08-15 19:52 . 2013-04-10 22:35 1272320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-15 19:52 . 2013-04-11 04:12 1029632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-08-15 19:52 . 2013-04-11 04:12 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-08-15 19:52 . 2013-04-16 02:34 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-15 19:52 . 2013-01-10 01:40 303848 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-08-15 19:46 . 2013-08-15 19:46 -------- d-----w- c:\programdata\APN
2013-08-15 19:40 . 2013-05-23 23:02 1314816 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 19:40 . 2013-05-23 22:25 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-15 19:39 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-08-15 19:06 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-08-15 19:06 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 19:06 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-08-15 19:06 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 19:05 . 2013-07-09 06:07 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 19:05 . 2013-03-02 09:59 411880 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-08-15 18:57 . 2013-06-01 09:25 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-08-15 18:57 . 2013-06-01 09:21 595968 ----a-w- c:\windows\system32\qedit.dll
2013-08-15 18:56 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe
2013-08-15 18:56 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2013-08-15 18:56 . 2013-03-02 08:23 375808 ----a-w- c:\windows\SysWow64\ReAgent.dll
2013-08-15 18:56 . 2013-03-02 02:44 1011200 ----a-w- c:\windows\system32\reseteng.dll
2013-08-15 18:56 . 2012-12-15 04:55 443392 ----a-w- c:\windows\system32\ReAgent.dll
2013-08-15 18:56 . 2012-11-03 05:26 132096 ----a-w- c:\windows\system32\sysreset.exe
2013-08-15 18:56 . 2012-11-03 05:25 945152 ----a-w- c:\windows\system32\resetengmig.dll
2013-08-15 18:49 . 2013-02-05 22:29 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-08-15 18:49 . 2013-02-05 22:28 215552 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-08-15 18:49 . 2013-02-02 05:41 1437184 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2013-08-15 18:49 . 2013-02-02 05:31 1690624 ----a-w- c:\windows\system32\GdiPlus.dll
2013-08-15 18:49 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-15 18:49 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll
2013-08-15 18:43 . 2013-08-16 10:04 -------- d-----w- c:\program files\office.tmp
2013-08-15 18:40 . 2013-02-12 00:17 20992 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-08-15 18:40 . 2013-03-06 06:31 19758592 ----a-w- c:\windows\system32\shell32.dll
2013-08-15 18:40 . 2013-03-06 06:31 222208 ----a-w- c:\windows\system32\shdocvw.dll
2013-08-15 18:40 . 2013-03-06 06:29 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-08-15 18:40 . 2013-03-06 07:10 112872 ----a-w- c:\windows\system32\consent.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 17:29 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-21 12:06 . 2013-04-02 21:46 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-04-02 21:46 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-06-21 12:06 . 2013-04-02 21:46 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-04-02 21:46 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-06-21 12:06 . 2013-04-02 21:46 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-06-21 10:23 . 2013-04-02 21:47 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-04-02 21:47 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-04-02 21:47 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-04-02 21:47 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-06-21 10:23 . 2013-04-02 21:47 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-04-02 21:47 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-04-02 21:47 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 10:23 . 2013-04-02 21:47 1025312 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-06-20 04:17 . 2013-04-02 21:47 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-15 18:43 220632 ----a-w- c:\users\fatih\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-15 18:43 220632 ----a-w- c:\users\fatih\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-15 18:43 220632 ----a-w- c:\users\fatih\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" [2012-12-24 2649816]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-11-27 3187360]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe" [2012-08-31 3423104]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2012-05-24 111120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
R2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
R2 McSchedulerSvc;McAfee PC Task Scheduler Service;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-15 18:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-15 18:43 244696 ----a-w- c:\users\fatih\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-15 18:43 244696 ----a-w- c:\users\fatih\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-15 18:43 244696 ----a-w- c:\users\fatih\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-15 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-15 399392]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-01-23 13267016]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\fatih\AppData\Roaming\Mozilla\Firefox\Profiles\meecj6r3.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-08-15 20:23; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\fatih\AppData\Roaming\Mozilla\Firefox\Profiles\meecj6r3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-23 19:38; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ATLauncher - c:\program files\McAfee\MSC\OOBE\ATLauncher.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeEx]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-08-23 22:09:52
ComboFix-quarantined-files.txt 2013-08-23 20:09
.
Vor Suchlauf: 10 Verzeichnis(se), 105.919.959.040 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 105.810.636.800 Bytes frei
.
- - End Of File - - 45CAA7E3FB512CD725D819093B2B6AB4
5FB38429D5D77768867C76DCBDB35194 Danke für die schnelle Antwort, hier der ComboFix Logfile |