MisterBen | 18.02.2014 22:09 | Bittesehr. Combofix logfile. Komischerweise meldet Antivir obwohl ich es deaktiviert hatte wenn da also was falsch gelaufen ist bitte sagen und ich poste ein neues log.
BTW ich habe einige gemeldete Dateien vom AntiVir webdienst überprüfen lassen und da wurden sie mir als false positives bestätigt. Ich habe auch einige Trainer für z.B. command und Conquer drauf falls die die Resultate beeinflussen können.
Woren erkennt man das da Junkware ist? worauf muss ich achten?
Combofix Logfile: Code:
ComboFix 14-02-18.01 - Anwender 18.02.2014 21:44:49.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8151.4902 [GMT 1:00]
ausgeführt von:: c:\users\Anwender\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Anwender\GoogleEarthSetup.exe
c:\windows\IsUn0407.exe
N:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-01-18 bis 2014-02-18 ))))))))))))))))))))))))))))))
.
.
2014-02-18 20:49 . 2014-02-18 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-18 17:28 . 2014-02-18 17:30 -------- d-----w- C:\FRST
2014-02-18 03:11 . 2014-02-18 03:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52C4D374-C814-4133-B0EC-DDBDCE2C081E}\offreg.dll
2014-02-18 03:01 . 2014-02-18 03:01 -------- d-----w- c:\program files (x86)\Runtime Software
2014-02-17 20:22 . 2014-02-18 17:38 -------- d-----w- C:\AdwCleaner
2014-02-16 21:46 . 2014-02-16 21:46 -------- d-----w- c:\program files\File Shredder
2014-02-14 18:05 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52C4D374-C814-4133-B0EC-DDBDCE2C081E}\mpengine.dll
2014-02-13 02:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 02:01 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 07:53 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-11 17:43 . 2014-02-11 18:24 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2014-02-10 18:00 . 2014-02-10 18:01 -------- d-----w- c:\program files (x86)\Harry Potter Creative CD
2014-02-10 17:13 . 2014-02-10 17:13 -------- d-----w- c:\program files (x86)\Software2000
2014-02-10 17:06 . 2014-02-10 17:08 -------- d-----w- c:\program files\Cbsinstall
2014-02-08 20:03 . 2014-02-08 20:03 -------- d-----w- c:\users\Anwender\AppData\Roaming\Unity
2014-02-08 19:48 . 2014-02-08 19:48 -------- d-----w- c:\users\Anwender\AppData\Local\Unity
2014-01-30 23:17 . 2014-01-30 23:17 -------- d-----w- C:\BDE
2014-01-30 23:17 . 2014-01-30 23:18 -------- d-----w- c:\users\Public\Bundesjugendspiele
2014-01-30 23:17 . 2001-11-05 08:30 165376 ----a-w- c:\windows\UNWISE.EXE
2014-01-30 18:50 . 2014-02-15 13:04 -------- d-----w- c:\users\Anwender\AppData\Local\gtk-2.0
2014-01-30 12:24 . 2014-01-30 15:54 -------- d-----w- c:\program files (x86)\ResultsAlpha
2014-01-30 12:23 . 2014-01-30 12:23 118784 ----a-w- c:\windows\system32\d3dx9`29.exe
2014-01-29 23:35 . 2014-01-29 23:35 -------- d-----w- C:\PhSp_CS2_UE_Ret
2014-01-29 20:10 . 2014-01-29 20:13 -------- d-----w- c:\windows\uninstall
2014-01-29 00:41 . 2014-01-29 00:41 -------- d-----w- c:\windows\Migration
2014-01-28 21:41 . 2014-01-28 21:51 -------- d-----w- C:\GEW-Zeugnis
2014-01-26 21:23 . 2014-01-26 21:23 -------- d-----w- c:\users\Anwender\AppData\Roaming\ASCOMP Software
2014-01-26 21:23 . 2014-01-26 21:23 -------- d-----w- c:\program files (x86)\ASCOMP Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 02:00 . 2013-09-02 08:06 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-05 17:58 . 2013-03-22 13:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 17:58 . 2013-03-22 13:20 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-18 20:51 . 2013-08-05 17:11 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 20:51 . 2013-08-05 17:11 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 20:51 . 2013-08-05 17:10 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 05:13 . 2010-11-21 03:27 270496 ----a-w- c:\windows\system32\MpSigStub.exe
2013-11-27 01:41 . 2014-01-15 09:33 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 09:33 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 09:33 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 09:33 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 09:33 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 09:33 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 09:33 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 20:57 . 2013-08-05 17:11 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-26 11:40 . 2014-01-15 09:33 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 09:33 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 19:51 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:51 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2014-02-18 5414912]
"uTorrent"="c:\users\Anwender\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-21 1142864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"Cabinet"="c:\program files (x86)\Cabinet\Cabinet.exe" [2009-08-19 581632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
c:\users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BK1GGXQ05WK;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 SystenPropertiesProtection;Virtual Desktop TsUsbFlt;c:\windows\system32\d3dx9`29.exe;c:\windows\SYSNATIVE\d3dx9`29.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 12:29 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 17:58]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 23:56]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 23:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\ovzf72gq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-TaskTray - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-Alliance Beta - c:\program files (x86)\Bethesda Softworks\Star Trek Legacy\Uninstal.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2433209126-1084260488-3787671162-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b6,0d,c8,c5,72,76,44,a5,d7,a5,ef,91,af,50,46,39,a2,1e,5f,3c,e2,ae,88,
2f,22,d1,ef,db,e5,7a,f9,a1,70,39,7f,a9,96,5d,7b,54,f6,27,d2,13,7e,2f,b4,5c,\
"??"=hex:5d,19,9c,5d,eb,bb,10,35,0a,ad,90,f0,65,3c,48,de
.
[HKEY_USERS\S-1-5-21-2433209126-1084260488-3787671162-1000\Software\SecuROM\License information*]
"datasecu"=hex:e3,83,6a,52,f3,fd,3d,f9,0e,17,fd,c4,fc,a5,0f,69,68,09,5a,a5,02,
8d,c3,0d,bd,7a,1d,9c,31,e3,84,3f,45,af,05,22,d4,32,14,eb,17,ac,ce,46,0f,21,\
"rkeysecu"=hex:4a,26,26,1a,54,97,6f,b1,7c,96,44,f8,94,c7,8e,c4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-18 21:55:43
ComboFix-quarantined-files.txt 2014-02-18 20:55
.
Vor Suchlauf: 17 Verzeichnis(se), 378.260.701.184 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 378.335.944.704 Bytes frei
.
- - End Of File - - C0064C2501A8A00265475F60A608ACEF --- --- ---
A36C5E4F47E84449FF07ED3517B43A31 [/CODE] |