Hallo schrauber,
danke für die schnelle Antwort.
Hier das Logfile von Combofix: Code:
ComboFix 13-08-29.02 - Jaro 30.08.2013 7:30.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2369 [GMT 2:00]
ausgeführt von:: c:\users\Jaro\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\programdata\1371483234.bdinstall.bin
c:\programdata\1373732944.bdinstall.bin
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\networkdlllsp.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-28 bis 2013-08-30 ))))))))))))))))))))))))))))))
.
.
2013-08-30 05:38 . 2013-08-30 05:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-30 05:38 . 2013-08-30 05:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-30 03:00 . 2013-08-30 03:00 -------- d-----w- C:\FRST
2013-08-25 16:14 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2013-08-25 16:13 . 2013-08-25 16:13 -------- d-----w- c:\windows\ELAMBKUP
2013-08-25 16:13 . 2013-08-30 02:59 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-25 16:13 . 2013-08-25 16:13 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-08-25 16:13 . 2013-08-25 16:23 619616 ----a-w- c:\windows\system32\drivers\klif.sys
2013-08-25 16:13 . 2013-06-08 18:18 112224 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-08-25 16:11 . 2013-08-25 16:11 312232 ----a-w- c:\windows\system32\javaws.exe
2013-08-25 16:11 . 2013-08-25 16:11 189352 ----a-w- c:\windows\system32\javaw.exe
2013-08-25 16:11 . 2013-08-25 16:11 188840 ----a-w- c:\windows\system32\java.exe
2013-08-25 16:11 . 2013-08-25 16:11 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-25 16:11 . 2013-08-25 16:11 -------- d-----w- c:\program files\Java
2013-08-21 01:21 . 2013-08-21 01:21 -------- d-----w- c:\users\DefaultAppPool
2013-08-19 02:01 . 2013-06-18 08:22 108760 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-08-19 02:01 . 2013-06-18 08:22 872152 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-08-19 02:01 . 2013-06-18 08:22 74456 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-08-19 01:41 . 2013-08-19 01:41 -------- d-----w- c:\windows\Dell
2013-08-19 01:41 . 2013-08-19 01:41 -------- d-----w- c:\program files\Apoint2K
2013-08-19 01:41 . 2013-02-28 19:29 116056 ----a-w- c:\windows\system32\Vxdif.dll
2013-08-19 01:41 . 2013-04-23 08:32 495408 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2013-08-19 01:27 . 2013-08-19 01:27 -------- d-----w- c:\program files (x86)\SoftwareUpdater
2013-08-19 01:26 . 2013-08-19 01:26 -------- d-----w- c:\programdata\FreeDriverScout
2013-08-19 01:25 . 2013-08-30 02:49 -------- d-----w- c:\program files\SoftwareUpdater
2013-08-19 01:24 . 2013-08-19 01:25 -------- d-----w- c:\users\Jaro\AppData\Local\DownloadGuide
2013-08-15 13:40 . 2013-08-30 04:14 -------- d-----w- c:\users\Jaro\AppData\Local\Battle.net
2013-08-15 13:40 . 2013-08-15 13:41 -------- d-----w- c:\users\Jaro\AppData\Roaming\Battle.net
2013-08-15 13:40 . 2013-08-15 13:40 -------- d-----w- c:\users\Jaro\AppData\Local\Blizzard Entertainment
2013-08-15 13:39 . 2013-08-29 18:49 -------- d-----w- c:\program files (x86)\Battle.net
2013-08-15 03:24 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-12 12:04 . 2013-08-12 12:31 -------- d-----w- c:\users\Jaro\AppData\Roaming\7-PDFSplitMerge
2013-08-12 12:04 . 2013-08-12 12:04 -------- d-----w- c:\program files (x86)\7-PDF
2013-08-08 22:55 . 2013-08-08 22:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-08 22:55 . 2013-08-08 22:55 -------- d-----w- c:\program files (x86)\Java
2013-08-08 22:28 . 2013-08-25 16:09 -------- d-----w- c:\programdata\F-Secure
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-30 02:43 . 2013-01-07 05:15 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-08-25 16:11 . 2013-03-13 05:19 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-25 16:11 . 2013-03-13 05:19 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-19 01:44 . 2013-04-10 16:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-19 01:44 . 2013-04-10 16:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-15 12:59 . 2012-12-04 17:57 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-08 22:55 . 2012-12-04 17:55 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-08 22:55 . 2012-12-04 17:55 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-09 04:45 . 2013-08-15 03:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-17 00:10 . 2013-07-14 02:09 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9836990C-72FD-4798-9CB1-2A3B421320AA}\mpengine.dll
2013-06-10 13:44 . 2012-12-04 18:09 2080472 ----a-w- c:\windows\RtlExUpd.dll
2013-06-10 10:27 . 2013-06-10 10:27 30304 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-06-09 17:53 . 2013-06-09 17:53 83024 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2013-06-09 17:53 . 2013-06-09 17:53 83016 ----a-w- c:\windows\SysWow64\mfcm110.dll
2013-06-09 17:53 . 2013-06-09 17:53 74832 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2013-06-09 17:53 . 2013-06-09 17:53 74832 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2013-06-09 17:53 . 2013-06-09 17:53 73808 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2013-06-09 17:53 . 2013-06-09 17:53 72784 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2013-06-09 17:53 . 2013-06-09 17:53 70736 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2013-06-09 17:53 . 2013-06-09 17:53 65104 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2013-06-09 17:53 . 2013-06-09 17:53 53840 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2013-06-09 17:53 . 2013-06-09 17:53 53328 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2013-06-09 17:53 . 2013-06-09 17:53 46160 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2013-06-09 17:53 . 2013-06-09 17:53 46160 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2013-06-09 17:53 . 2013-06-09 17:53 4456520 ----a-w- c:\windows\SysWow64\mfc110u.dll
2013-06-09 17:53 . 2013-06-09 17:53 4421192 ----a-w- c:\windows\SysWow64\mfc110.dll
2013-06-09 17:53 . 2013-06-09 17:53 164424 ----a-w- c:\windows\SysWow64\atl110.dll
2013-06-09 14:40 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-09 13:59 . 2013-06-09 13:59 90192 ----a-w- c:\windows\system32\mfcm110u.dll
2013-06-09 13:59 . 2013-06-09 13:59 90184 ----a-w- c:\windows\system32\mfcm110.dll
2013-06-09 13:59 . 2013-06-09 13:59 74832 ----a-w- c:\windows\system32\mfc110fra.dll
2013-06-09 13:59 . 2013-06-09 13:59 74832 ----a-w- c:\windows\system32\mfc110deu.dll
2013-06-09 13:59 . 2013-06-09 13:59 73808 ----a-w- c:\windows\system32\mfc110esn.dll
2013-06-09 13:59 . 2013-06-09 13:59 72784 ----a-w- c:\windows\system32\mfc110ita.dll
2013-06-09 13:59 . 2013-06-09 13:59 70736 ----a-w- c:\windows\system32\mfc110rus.dll
2013-06-09 13:59 . 2013-06-09 13:59 65104 ----a-w- c:\windows\system32\mfc110enu.dll
2013-06-09 13:59 . 2013-06-09 13:59 5619784 ----a-w- c:\windows\system32\mfc110u.dll
2013-06-09 13:59 . 2013-06-09 13:59 5592648 ----a-w- c:\windows\system32\mfc110.dll
2013-06-09 13:59 . 2013-06-09 13:59 53840 ----a-w- c:\windows\system32\mfc110jpn.dll
2013-06-09 13:59 . 2013-06-09 13:59 53328 ----a-w- c:\windows\system32\mfc110kor.dll
2013-06-09 13:59 . 2013-06-09 13:59 46160 ----a-w- c:\windows\system32\mfc110cht.dll
2013-06-09 13:59 . 2013-06-09 13:59 46160 ----a-w- c:\windows\system32\mfc110chs.dll
2013-06-09 13:59 . 2013-06-09 13:59 192584 ----a-w- c:\windows\system32\atl110.dll
2013-06-06 15:38 . 2013-06-06 15:38 178784 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-06-05 03:34 . 2013-07-11 13:59 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 13:59 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 13:59 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-03-28 389120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AOD"="c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" [2013-03-28 361984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - kxldypog
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-29 06:12 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 01:44]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 17:37]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 17:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-06-25 13626072]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2013-04-25 679768]
"MsmqIntCert"="mqrt.dll" [2010-11-21 247808]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-157001695-2697609133-1144193094-1001\Software\SecuROM\License information*]
"datasecu"=hex:62,31,cd,fb,e6,6b,bb,3d,96,6d,8d,21,d2,3a,f6,33,b7,bb,97,51,3e,
15,07,cc,f0,fd,be,65,77,68,c8,ed,08,5c,1e,e0,73,3f,1a,da,25,93,d4,5a,e1,80,\
"rkeysecu"=hex:54,1b,e0,b8,69,96,83,ce,6b,09,fc,2b,3a,28,40,c0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-30 07:50:25
ComboFix-quarantined-files.txt 2013-08-30 05:50
.
Vor Suchlauf: 13 Verzeichnis(se), 40.957.992.960 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 40.630.579.200 Bytes frei
.
- - End Of File - - C5EAFD169918F152964151105EB7359D
A36C5E4F47E84449FF07ED3517B43A31 |