Combo Fixasd

ComboFix 13-09-02.02 - Berr-Fati 09/04/2013 18:54:48.1.
2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.387.1033.18.1791.476 [GMT 2:00]
Running from: c:\users\Berr-Fati\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-08-04 to 2013-09-04 )))))))
))))))))))))))))))))))))
.
.
2013-09-04 17:07 . 2013-09-04 17:07
-------d-----wc:\users
\Default\AppData\Local\temp
2013-09-04 17:02 . 2013-09-04 17:02
60872 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{7B95DF20-A627-4EAA-BE7C-69758A3051
E3}\offreg.dll
2013-09-02 23:08 . 2013-09-02 23:08
-------d-----wc:\progr
am files\Valve Hammer Editor Neon
2013-08-29 18:15 . 2013-08-29 18:18
-------d-----wc:\progr
am files\CyberGhost VPN
2013-08-29 12:13 . 2008-07-12 06:18
467984 ----a-wc:\windows\syste
m32\d3dx10_39.dll
2013-08-29 12:13 . 2008-07-12 06:18
m32\D3DCompiler_39.dll
2013-08-29 12:13 . 2008-07-12 06:18
m32\D3DX9_39.dll
2013-08-29 12:11 . 2013-08-29 12:11
-------d-sh--wc:\windo
ws\system32\AI_RecycleBin
2013-08-29 12:11 . 2013-08-29 12:11
-------d-----wC:\Riot
Games
2013-08-29 12:09 . 2013-09-01 02:46
-------d-----wc:\progr
amdata\PMB Files
2013-08-29 12:09 . 2013-08-29 12:09
-------d-----wc:\progr
am files\Pando Networks
2013-08-29 00:33 . 2013-08-29 00:40
-------d-----wc:\progr
am files\Valve Hammer Editor
2013-08-28 21:52 . 2013-08-28 21:52
-------d-----wc:\progr
am files\WinSCP
2013-08-28 19:06 . 2013-08-28 19:06
-------d-----wc:\windo
ws\system32\SPReview
2013-08-27 17:59 . 2013-08-27 17:59
-------d-----wc:\windo
ws\system32\EventProviders
2013-08-27 15:08 . 2010-11-20 12:20
m32\networkmap.dll
2013-08-27 14:46 . 2011-03-25 02:58
m32\drivers\usbhub.sys
2013-08-26 20:11 . 2013-08-26 20:11
-------d-----wc:\windo
ws\system32\Wat
2013-08-26 18:01 . 2012-12-16 14:13
m32\atmfd.dll
2013-08-26 18:01 . 2012-12-16 14:13
m32\atmlib.dll
2013-08-26 18:01 . 2010-09-30 06:47
m32\fontsub.dll
2013-08-26 17:36 . 2012-07-26 03:21
m32\WUDFHost.exe
2013-08-26 17:36 . 2012-07-26 03:20
m32\WUDFSvc.dll
2013-08-26 17:36 . 2012-07-26 03:20
m32\WUDFx.dll
2013-08-26 17:36 . 2012-07-26 03:20
m32\WUDFCoinstaller.dll
2013-08-26 17:36 . 2012-07-26 03:20
m32\WUDFPlatform.dll
2013-08-26 17:36 . 2012-07-26 02:33
m32\drivers\WUDFPf.sys
2013-08-26 17:36 . 2012-07-26 02:32
m32\drivers\WUDFRd.sys
2013-08-26 17:35 . 2012-03-01 05:46
m32\drivers\fs_rec.sys
2013-08-26 17:35 . 2012-03-01 05:33
m32\imagehlp.dll
2013-08-26 17:35 . 2012-03-01 05:29
m32\wmi.dll
2013-08-26 09:26 . 2011-08-13 04:18
\Internet Explorer\iecompat.dll
2013-08-26 09:26 . 2012-04-28 04:41
m32\rdpcorets.dll
2013-08-26 09:26 . 2012-04-28 03:17
m32\drivers\rdpwd.sys
2013-08-26 09:26 . 2011-05-24 10:44
m32\umpnpmgr.dll
2013-08-26 09:26 . 2010-11-20 12:18
m32\cfgmgr32.dll
2013-08-26 09:26 . 2012-02-11 05:37
m32\spoolsv.exe
2013-08-26 09:25 . 2013-04-12 13:45
m32\drivers\ntfs.sys
2013-08-26 09:25 . 2012-11-22 04:45
m32\usp10.dll
2013-08-26 09:25 . 2011-04-29 02:46
m32\drivers\srv.sys
2013-08-26 09:25 . 2011-04-29 02:46
m32\drivers\srv2.sys
2013-08-26 09:25 . 2011-04-29 02:46
m32\drivers\srvnet.sys
2013-08-26 09:25 . 2011-04-25 02:18
m32\drivers\afd.sys
2013-08-26 09:25 . 2013-02-12 03:32
m32\drivers\usb8023.sys
2013-08-26 09:25 . 2011-11-17 05:38
m32\ntdll.dll
2013-08-26 09:25 . 2013-03-01 03:09
m32\win32k.sys
2013-08-26 09:25 . 2012-08-24 16:57
m32\wintrust.dll
2013-08-26 09:24 . 2012-11-02 05:11
m32\dpnet.dll
2013-08-26 09:24 . 2010-11-20 11:57
m32\dpnaddr.dll
2013-08-26 09:24 . 2011-02-18 05:39
m32\prevhost.exe
2013-08-26 09:23 . 2011-02-18 05:43
m32\vbscript.dll
2013-08-26 09:23 . 2012-11-09 04:43
m32\win32spl.dll
2013-08-26 09:23 . 2013-01-24 04:47
m32\drivers\fvevol.sys
2013-08-26 09:23 . 2011-03-03 05:38
m32\dnsrslvr.dll
2013-08-26 09:23 . 2011-03-03 05:36
172032 ----a-w-
c:\windows\syste
66560
----a-w-
c:\windows\syste
155136 ----a-w-
c:\windows\syste
19824
----a-w-
c:\windows\syste
159232 ----a-w-
c:\windows\syste
5120
----a-w-
c:\windows\syste
6144
----a-w-
c:\program files
919040 ----a-w-
c:\windows\syste
183808 ----a-w-
c:\windows\syste
293376 ----a-w-
c:\windows\syste
145920 ----a-w-
c:\windows\syste
317440 ----a-w-
c:\windows\syste
1211752 ----a-w-
c:\windows\syste
626688 ----a-w-
c:\windows\syste
311808 ----a-w-
c:\windows\syste
310272 ----a-w-
c:\windows\syste
114688 ----a-w-
c:\windows\syste
338944 ----a-w-
c:\windows\syste
15872
----a-w-
c:\windows\syste
1288472 ----a-w-
c:\windows\syste
2347008 ----a-w-
c:\windows\syste
172544 ----a-w-
c:\windows\syste
376832 ----a-w-
c:\windows\syste
2560
----a-w-
c:\windows\syste
31232
----a-w-
c:\windows\syste
428032 ----a-w-
c:\windows\syste
492032 ----a-w-
c:\windows\syste
196328 ----a-w-
c:\windows\syste
132608 ----a-w-
c:\windows\syste
28672
c:\windows\syste
----a-w-
m32\dnscacheugc.exe
2013-08-26 09:23 . 2011-10-01 04:37
\Common Files\System\wab32.dll
2013-08-26 09:23 . 2013-03-19 05:04
m32\ntkrnlpa.exe
2013-08-26 09:23 . 2013-03-19 05:04
m32\ntoskrnl.exe
2013-08-26 09:23 . 2013-03-19 04:48
m32\csrsrv.dll
2013-08-26 09:23 . 2013-03-19 02:49
m32\smss.exe
2013-08-26 09:21 . 2012-06-02 04:36
m32\crypt32.dll
2013-08-26 09:21 . 2012-06-02 04:36
m32\cryptsvc.dll
2013-08-26 09:21 . 2012-06-02 04:36
m32\cryptnet.dll
2013-08-26 09:21 . 2011-12-30 05:27
m32\timedate.cpl
2013-08-26 09:21 . 2011-08-17 04:24
m32\psisdecd.dll
2013-08-26 09:21 . 2011-08-17 04:19
m32\psisrndr.ax
2013-08-26 09:21 . 2010-11-20 12:16
m32\Mpeg2Data.ax
2013-08-26 09:21 . 2010-11-20 12:16
m32\MSDvbNP.ax
2013-08-26 09:21 . 2010-11-20 12:16
m32\MSNP.ax
2013-08-26 01:30 . 2011-05-03 04:30
m32\inetcomm.dll
2013-08-26 01:30 . 2012-11-01 04:47
m32\msxml6.dll
2013-08-26 01:28 . 2011-05-04 04:34
m32\tquery.dll
2013-08-26 01:28 . 2011-05-04 04:32
m32\mssrch.dll
2013-08-26 01:28 . 2011-05-04 04:32
m32\mssvp.dll
2013-08-26 01:28 . 2011-05-04 04:32
m32\mssph.dll
2013-08-26 01:28 . 2011-05-04 04:32
m32\mssphtb.dll
2013-08-26 01:28 . 2011-05-04 04:32
m32\msscntrs.dll
2013-08-26 01:28 . 2011-05-04 04:28
m32\SearchFilterHost.exe
2013-08-26 01:28 . 2011-05-04 04:28
m32\SearchIndexer.exe
2013-08-26 01:28 . 2011-05-04 04:28
m32\SearchProtocolHost.exe
2013-08-26 01:26 . 2011-10-26 04:32
m32\quartz.dll
2013-08-26 01:26 . 2011-10-26 04:32
m32\qdvd.dll
2013-08-26 01:26 . 2012-08-10 23:56
m32\kerberos.dll
2013-08-26 01:26 . 2011-02-25 05:30
rer.exe
2013-08-26 01:26 . 2012-04-07 11:26
708608 ----a-w-
c:\program files
3968856 ----a-w-
c:\windows\syste
3913560 ----a-w-
c:\windows\syste
38912
----a-w-
c:\windows\syste
69632
----a-w-
c:\windows\syste
1159680 ----a-w-
c:\windows\syste
140288 ----a-w-
c:\windows\syste
103936 ----a-w-
c:\windows\syste
478720 ----a-w-
c:\windows\syste
465408 ----a-w-
c:\windows\syste
75776
----a-w-
c:\windows\syste
72704
----a-w-
c:\windows\syste
59904
----a-w-
c:\windows\syste
204288 ----a-w-
c:\windows\syste
741376 ----a-w-
c:\windows\syste
1389568 ----a-w-
c:\windows\syste
1549312 ----a-w-
c:\windows\syste
1401344 ----a-w-
c:\windows\syste
666624 ----a-w-
c:\windows\syste
337408 ----a-w-
c:\windows\syste
197120 ----a-w-
c:\windows\syste
59392
----a-w-
c:\windows\syste
86528
----a-w-
c:\windows\syste
427520 ----a-w-
c:\windows\syste
164352 ----a-w-
c:\windows\syste
1328128 ----a-w-
c:\windows\syste
514560 ----a-w-
c:\windows\syste
542208 ----a-w-
c:\windows\syste
2616320 ----a-w-
c:\windows\explo
2342400 ----a-w-
c:\windows\syste
m32\msi.dll
2013-08-26 01:24 . 2012-05-14 04:33
m32\localspl.dll
2013-08-26 01:24 . 2010-11-20 12:21
m32\Spool\prtprocs\w32x86\winprint.dll
2013-08-26 01:24 . 2012-01-04 08:58
m32\ntshrui.dll
2013-08-26 01:24 . 2012-03-03 05:31
m32\DWrite.dll
2013-08-26 01:24 . 2011-03-11 05:33
m32\mfc42u.dll
2013-08-26 01:24 . 2011-03-11 05:33
m32\mfc42.dll
2013-08-26 01:24 . 2011-02-23 04:47
m32\drivers\bowser.sys
2013-08-26 01:23 . 2011-04-09 05:56
m32\poqexec.exe
2013-08-26 01:23 . 2011-04-22 19:14
m32\drivers\Diskdump.sys
2013-08-26 01:23 . 2012-11-09 04:42
m32\tzres.dll
2013-08-26 01:05 . 2013-01-04 04:50
m32\winsrv.dll
2013-08-26 01:05 . 2011-02-03 05:54
m32\drivers\dxgmms1.sys
2013-08-26 01:05 . 2010-11-20 12:29
m32\drivers\dxgkrnl.sys
2013-08-26 01:05 . 2010-11-20 11:56
m32\cdd.dll
2013-08-26 00:33 . 2013-08-25 14:40
ws\Panther
2013-08-26 00:32 . 2013-08-28 21:23
2013-08-25 23:53 . 2013-08-25 23:53
m32\drivers\tap0901.sys
2013-08-25 23:53 . 2013-08-25 23:55
am files\ExpressVPN
2013-08-25 22:45 . 2013-08-25 22:45
amdata\Yahoo! Companion
2013-08-25 22:45 . 2013-08-25 22:45
m32\FlashPlayerCPLApp.cpl
2013-08-25 22:45 . 2013-08-25 22:45
m32\FlashPlayerApp.exe
2013-08-25 22:45 . 2013-08-25 22:45
ws\system32\Macromed
2013-08-25 22:45 . 2013-08-25 22:45
amdata\Yahoo!
2013-08-25 22:43 . 2013-08-25 22:45
am files\Yahoo!
2013-08-25 21:18 . 2013-08-25 21:18
am files\Origin Games
2013-08-25 21:16 . 2013-09-02 19:20
amdata\Origin
2013-08-25 21:16 . 2013-08-25 21:16
amdata\Electronic Arts
2013-08-25 21:16 . 2013-09-04 16:47
am files\Origin
2013-08-25 20:36 . 2013-08-25 20:36
am files\Skillbrains
2013-08-25 20:09 . 2013-08-25 20:09
am files\TeamViewer
769024 ----a-w-
c:\windows\syste
30208
----a-w-
c:\windows\syste
442880 ----a-w-
c:\windows\syste
1077248 ----a-w-
c:\windows\syste
1164288 ----a-w-
c:\windows\syste
1137664 ----a-w-
c:\windows\syste
69632
----a-w-
c:\windows\syste
123904 ----a-w-
c:\windows\syste
27008
----a-w-
c:\windows\syste
2048
----a-w-
c:\windows\syste
169984 ----a-w-
c:\windows\syste
219008 ----a-w-
c:\windows\syste
728448 ----a-w-
c:\windows\syste
107520 ----a-w-
c:\windows\syste
--------
d-----w-
c:\windo
-------d-----wC:\Boot
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
70304
----a-w-
c:\windows\syste
419488 ----a-w-
c:\windows\syste
--------
d-----w-
c:\windo
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
2013-08-25 19:00 . 2013-08-25 19:32

-------d-----wc:\progr
am files\3D Instructor 2 Home
2013-08-25 15:43 . 2013-08-25 15:43
-------d-----wc:\progr
amdata\ATI
2013-08-25 15:43 . 2013-08-25 15:43
-------d-----wc:\progr
am files\AMD AVT
2013-08-25 15:43 . 2013-08-25 15:43
-------d-----wc:\progr
am files\AMD APP
2013-08-25 15:09 . 2013-08-25 15:09
-------d-----wc:\progr
am files\ATI
2013-08-25 15:08 . 2013-08-25 15:08
-------d-----wC:\AMD
2013-08-25 15:06 . 2013-08-26 09:39
-------d-----wc:\progr
am files\Counter-Strike 1.6 LH 2013
2013-08-25 15:05 . 2013-08-25 15:06
-------d-s---wc:\progr
am files\HLSW
2013-08-25 15:05 . 2013-08-25 15:05
-------d-----wc:\progr
am files\Common Files\Skype
2013-08-25 15:05 . 2013-08-25 15:05
-------d-----rc:\progr
am files\Skype
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2013-08-28 19:10 . 2009-07-14 02:05
m32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Berr-Fati\AppData\Roaming\uTorrent\uTorrent.exe" [2013-08-2
5 1130576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"Viber"="c:\users\Berr-Fati\AppData\Local\Viber\Viber.exe" [2013-07-31 912904]
"LightShot"="c:\users\Berr-Fati\AppData\Local\Skillbrains\lightshot\LightShot.ex
e" [2013-08-22 226592]
"EADM"="c:\program files\Origin\Origin.exe" [2013-08-21 3549528]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-0525 6595928]
"Facebook Update"="c:\users\Berr-Fati\AppData\Local\Facebook\Update\FacebookUpda
te.exe" [2013-09-02 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[2012-11-16 641704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-08-28 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07
-25 162672]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliSe
rvice.exe [2012-04-26 2438696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\W
atAdminSvc.exe [2013-08-26 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\a
tiesrxx.exe [2012-11-16 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\F
uel\Fuel.Service.exe [2012-11-16 291840]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Serv
ice.exe [2013-08-07 4308320]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 3
7944]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys
[2010-01-06 1500160]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\
DRIVERS\hidusbf.sys [2006-11-08 4544]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [20
12-08-28 45736]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 22
:45]
.
2013-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1635668486-3845655148
-3978692056-1000Core.job
- c:\users\Berr-Fati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-0
2 18:55]
.
2013-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1635668486-3845655148
-3978692056-1000UA.job
- c:\users\Berr-Fati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-0
2 18:55]
.
2013-09-04 c:\windows\Tasks\update-S-1-5-21-1635668486-3845655148-3978692056-100
0.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-08-25 22:26]
.
2013-09-04 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-08-25 22:26]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
TCP: DhcpNameServer = 192.168.1.1

.
- - - - ORPHANS REMOVED - - - .
HKLM-Run-Driver Genius - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-04 19:10:32
ComboFix-quarantined-files.txt 2013-09-04 17:10
.
Pre-Run: 47,183,249,408 bytes free
Post-Run: 47,720,886,272 bytes free
.
- - End Of File - - 6773408644F71D523BC0A71ABA02F398
A36C5E4F47E84449FF07ED3517B43A31

Combo Fixasd

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Combo Fixasd

Hochgeladen von

Copyright:

Verfügbare Formate

ComboFix 13-09-02.02 - Berr-Fati 09/04/2013 18:54:48.1.

2013-08-25 19:00 . 2013-08-25 19:32

TCP: DhcpNameServer = 192.168.1.1

Das könnte Ihnen auch gefallen