DrunkenHorse | 19.06.2014 12:12 | Ok, Combofix ist fertig.
Er hat wegen SpyBot gemeckert, da ich gar nicht wusste, dass es im Hintergrund läuft. Habe dann SpyBot beendet, Combofix war immer noch nicht ganz glücklich, hat aber den Scan weitergemacht. Wenn das schlecht ist, kann ich es auch nochmal versuchen, hier das Logfile: Code:
ComboFix 14-06-19.01 - Administrator 19.06.2014 13:02:35.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3327.2082 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\WinHelp.vbs
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-19 bis 2014-06-19 ))))))))))))))))))))))))))))))
.
.
2014-06-19 11:07 . 2014-06-19 11:07 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2014-06-19 11:07 . 2014-06-19 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-19 10:26 . 2014-06-19 10:27 -------- d-----w- C:\FRST
2014-06-19 08:37 . 2014-06-19 08:37 -------- d-----w- c:\programdata\Panda Security
2014-06-19 08:37 . 2014-06-19 08:37 -------- d-----w- c:\program files\Panda USB Vaccine
2014-06-15 16:02 . 2014-06-03 09:54 800428 --sha-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinHelp.vbs
2014-06-11 21:57 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 21:57 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 21:57 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-11 21:57 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-11 21:57 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 21:57 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 21:57 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 21:57 . 2014-06-11 21:57 -------- d-----w- c:\program files\Microsoft Silverlight
2014-06-11 14:15 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-11 14:15 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 08:02 . 2014-06-10 08:02 -------- d-----w- c:\users\Stefan\AppData\Local\Scansoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 12:58 . 2013-05-04 14:54 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-22 12:58 . 2013-05-04 14:54 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-12 02:15 . 2014-05-14 06:18 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-14 06:18 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-14 06:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 06:18 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-14 06:18 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-14 06:18 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-14 06:18 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-09 12:55 . 2013-05-04 15:32 140120 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-04-09 12:55 . 2013-05-05 08:39 292096 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-04-09 12:55 . 2013-05-04 15:32 292096 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-04-09 12:54 . 2013-05-04 15:32 291296 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"WinHelp"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-28 10127976]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Super-Charger"="c:\program files\MSI\Super-Charger\StartSuperCharger.exe" [2011-07-06 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-22 737872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 5529328]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-12-12 186408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-12-06 747264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-06 280576]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2007-8-24 101784]
WinHelp.vbs [2014-6-3 800428]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 ArcService;Arc Service;c:\program files\Perfect World Entertainment\Arc\ArcService.exe [2014-05-20 88400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-01 37352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-06 209408]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-06 276992]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-05-22 430160]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2013-09-19 50432]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-01-17 42480]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 63872]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 141952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 35968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 22:48 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-04 14:56]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-04 14:56]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-RGSC - c:\program files\Rockstar Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,92,
62,f3,67,4d,02,ad,f7,41,fc,14,7b,e2,66
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,43,
3a,c0,0c,0a,09,b2,ad,85,e9,6e,6d,03,89
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,12,
ef,6c,9b,41,01,a5,35,dc,a9,20,95,14,1b
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fd,
ad,53,95,bf,5e,a6,e3,4a,e0,c0,49,f4,17
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:80,17,f5,88,01,68,ce,01
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,a1,27,9a,00,06,9f,41,98,04,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,a1,27,9a,00,06,9f,41,98,04,91,\
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\chrome.exe"
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*t*ø*T%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2591402658-904465390-3129269047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-19 13:09:09
ComboFix-quarantined-files.txt 2014-06-19 11:09
.
Vor Suchlauf: 6.530.736.128 Bytes frei
Nach Suchlauf: 6.500.732.928 Bytes frei
.
- - End Of File - - F2BFBAA340FEDDF0DD77A1E6E0A84C7A
A36C5E4F47E84449FF07ED3517B43A31 |