Delta Search

Tobi1985K · 11.06.2013, 19:50

Jetzt gings...
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-06-08.02 - Admin 11.06.2013  20:36:43.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.2529 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 18:45 . 2013-06-11 18:45	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-06-11 18:45 . 2013-06-11 18:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-11 18:45 . 2013-06-11 18:45	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-06-11 18:45 . 2013-06-11 18:45	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-06-08 19:22 . 2013-06-08 19:22	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-06-08 17:44 . 2013-06-08 17:44	--------	d-----w-	c:\programdata\BrowserDefender
2013-06-08 17:44 . 2013-06-08 17:44	--------	d-----w-	c:\users\Admin\AppData\Roaming\BabSolution
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\program files (x86)\Delta
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\users\Admin\AppData\Roaming\Delta
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\programdata\Babylon
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\users\Admin\AppData\Roaming\Babylon
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\users\Admin\AppData\Roaming\WebCake
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\program files (x86)\WebCake
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\programdata\Tarma Installer
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\users\Admin\AppData\Local\PutLockerDownloader
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\users\Admin\AppData\Local\Mozilla
2013-06-08 17:43 . 2013-06-08 17:43	--------	d-----w-	c:\program files (x86)\FTDownloader.com
2013-06-07 18:43 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{44601B31-07C0-4C62-B1D4-6ACBA6586D37}\mpengine.dll
2013-05-15 18:01 . 2013-04-05 06:50	15404032	----a-w-	c:\windows\system32\ieframe.dll
2013-05-15 16:57 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 16:57 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:57 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 16:56 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 16:56 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 16:56 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 16:56 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 16:56 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 16:56 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 16:56 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 16:56 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 16:56 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:08 . 2010-06-13 09:39	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-14 18:50 . 2013-02-27 18:56	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 18:50 . 2013-02-27 18:56	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-03-01 16:03	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-01 16:03	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-02-28 20:22	378432	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-02-28 20:22	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-02-28 20:22	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-28 20:22	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-28 20:22	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-02-28 20:22	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-02-28 20:21	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-28 20:22	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-06 17:14 . 2013-03-01 11:14	318300	----a-w-	c:\windows\SysWow64\~.tmp
2013-05-02 00:06 . 2010-06-08 12:40	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 16:57	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:57	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:57	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:57	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:57	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:57	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 15:59	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-09 13:13 . 2013-05-06 17:17	110264	----a-w-	c:\windows\system32\pdfcmon.dll
2013-03-22 14:32 . 2013-02-28 19:10	92248	----a-w-	c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-03-19 06:04 . 2013-04-10 18:43	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 18:43	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 18:43	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:43	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 18:43	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 18:43	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-16 10:25 . 2013-03-16 10:25	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-16 10:25 . 2013-03-16 10:25	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-16 10:25 . 2013-03-16 10:25	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-16 10:25 . 2013-03-16 10:25	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-16 10:25 . 2013-03-16 10:25	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-16 10:25 . 2013-03-16 10:25	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-16 10:25 . 2013-03-16 10:25	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-16 10:25 . 2013-03-16 10:25	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-16 10:25 . 2013-03-16 10:25	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-16 10:25 . 2013-03-16 10:25	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-16 10:25 . 2013-03-16 10:25	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-16 10:25 . 2013-03-16 10:25	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-16 10:25 . 2013-03-16 10:25	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-16 10:25 . 2013-03-16 10:25	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-16 10:25 . 2013-03-16 10:25	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-16 10:25 . 2013-03-16 10:25	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-16 10:25 . 2013-03-16 10:25	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-16 10:25 . 2013-03-16 10:25	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-16 10:25 . 2013-03-16 10:25	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-16 10:25 . 2013-03-16 10:25	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-16 10:25 . 2013-03-16 10:25	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-16 10:25 . 2013-03-16 10:25	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-16 10:25 . 2013-03-16 10:25	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-16 10:25 . 2013-03-16 10:25	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-16 10:25 . 2013-03-16 10:25	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-16 10:25 . 2013-03-16 10:25	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-16 10:25 . 2013-03-16 10:25	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-16 10:25 . 2013-03-16 10:25	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-16 10:25 . 2013-03-16 10:25	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-16 10:25 . 2013-03-16 10:25	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-16 10:25 . 2013-03-16 10:25	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-16 10:25 . 2013-03-16 10:25	441856	----a-w-	c:\windows\system32\html.iec
2013-03-16 10:25 . 2013-03-16 10:25	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-16 10:25 . 2013-03-16 10:25	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-16 10:25 . 2013-03-16 10:25	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-16 10:25 . 2013-03-16 10:25	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-16 10:25 . 2013-03-16 10:25	235008	----a-w-	c:\windows\system32\url.dll
2013-03-16 10:25 . 2013-03-16 10:25	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-16 10:25 . 2013-03-16 10:25	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-16 10:25 . 2013-03-16 10:25	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-16 10:25 . 2013-03-16 10:25	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-16 10:25 . 2013-03-16 10:25	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-16 10:25 . 2013-03-16 10:25	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-16 10:25 . 2013-03-16 10:25	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-16 10:25 . 2013-03-16 10:25	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-16 10:25 . 2013-03-16 10:25	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-16 10:25 . 2013-03-16 10:25	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-16 10:25 . 2013-03-16 10:25	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-16 10:25 . 2013-03-16 10:25	102912	----a-w-	c:\windows\system32\inseng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02	295832	----a-w-	c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"WebCake Desktop"="c:\users\Admin\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-04-10 2387088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-2-7 575000]
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe [2012-11-26 520296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Tobi\AppData\Local\Temp\ALSysIO64.sys;c:\users\Tobi\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2013/03/01 15:25];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 18:19	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 18:50]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28 20:06]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"EzPrint"="c:\program files (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=D8B72617FEC4A785
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rt1s26ru.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=D8B72617FEC4A785
FF - ExtSQL: 2013-05-06 19:17; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-05-13 17:28; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extentions.webcake.installId - b239d215-737b-40d6-a01c-dac88071e6de
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - d8b73e3e0000000000002617fec4a785
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15864
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:44
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119781
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1044226639-1867335067-3542661926-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:15,0a,54,20,cf,20,b3,e4,4a,49,79,b7,83,6e,eb,2d,41,78,3b,77,ed,c9,7d,
   c6,f7,31,27,25,b8,23,36,70,73,7c,02,cc,69,88,9d,be,89,7b,86,ba,0c,94,e6,6f,\
"??"=hex:dc,81,5b,60,c7,9a,b6,94,93,3e,f7,8a,c7,a2,0e,c0
.
[HKEY_USERS\S-1-5-21-1044226639-1867335067-3542661926-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,c6,33,17,01,ee,00,45,a0,23,26,5e,f8,3a,aa,d1,68,ca,d3,47,c5,88,16,
   63,39,bf,0c,7a,81,86,c4,81,f4,e8,3e,f3,fb,6f,1e,38,b2,14,0d,13,bb,77,62,dc,\
"??"=hex:09,fd,9b,43,f5,52,93,b5,ce,78,4d,42,32,66,74,39
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSE05.00.00.01PRO"="5B76EF1F201DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14078EDD5E5BE2F6E6675D575E7D6A3B9808C6F4577CA8001157A7DAE46BF2A80803BAF5C0BE81CE7F59A2AF4A83155F8EE824CDD53B29F1E6C9866C4B05EFC1568735038D57A43F9DAB3BFBB9CA2EAF904D0E5AB2738BD712321F6E80CD173E5183CC9EF8B614F7618E933DBE7916861F979C710CE5A74AE2BE10A8CFFED3F806EDC4201DAF70B3B85F317BE01D42A4A32F3B6C74FBE9A85F7C4AE47A792911B81D33E2053C6FF341DFF0C218E8BC093ADEACA7743E5014C1E013F2B2C129E9DE4F84C732795A7DCFB4032453B0A5F8B2530586855DEDF376C18625A180FDABA2A375321BA68D566BE8E9347570ACFD9120AB6E172BEB711F5A10D1640062BF641F9A88A7AAFB4CCEE7FD8B53C399E5113B60C78D9F03FA12CB72D2083127D6B429D938348D296EEA83EBC637EE46C01C803100BD5384C35898430813A7AF63DA8F6E2F92FB2F1262F23207DFD5A164D32C048AF308D2402FA76B54FD1AF59CD002E5620847BA4E8CCC25F07E042D690DE212DCEE1F64AA08C42B1EB1E6057C4694A5C8CD648E007611EC2CB82780ADCF2867EEE19F4783899F914E110C7D441DC061DE906B7E47DD1F04662A10445158696540F33597890CCA06D5EE2E93F56CE2A5A3F01A7487B6BDBBCFDF35373A1873BF5140AE0A461EBFC1A6941410D87EB9D09A04516DE8A916379D5BAF2B9233780028557D66817FD6D1B6BCAB4F78D06A95CB53957BD91135ED07923F8845818F03CE363907C9A7519A011783402416FE7B42DB8F43077C8C2CCA71C5C6041133F9D1D91D5BF14053CE8548D0E7ECB661DB0F0E0E7DE72FF1912754C6F5469FC1E8432C09E690A4E179C469E9DEAC4B6366C34F7FF732221E91630EED3842A5FC28B98BFDC1FDE7EAF84705CAD17DA2B91EF9F87A146200AEF3C66388C377488BE44E4A2494D9503B7E171C93003E407CD8CCD736C7B9A825569D8F096125E578A19E31C5220655090F4121893E925AA643DAAC919BBCAE66A539410672D08E3230CBF952BB2826E986DAFD92F3615A9A59482D8C2CB15A3DA6ED1837E5C40689BBFCD3DC48AA235911798EBC1F555F1C70BE81CA2B26A65572942C7C448D4636405A621AC33C63B730B7A035CE5E3D532E66C697DFE844C2F2890856A6FBFA528D11BA68BDCE2F47B9B3FA52282FF8CC8DF18F5E9F109577E8ADA6EBBBA5845DC9D46BC4D81804B05991550AE13FCDF85C92DDB0DBF132CF6866FC0746E2F7B7ECD9EFD14D13147E8A76597A4A4A2A2C3F02AEC2932C6686D81BF0939B529DA9C45ABD57E47CC39F210E296240CD309EABFAEA6E5B1D31BF76385A26A653715CEF933ABF0057ADE84106"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11  20:49:06
ComboFix-quarantined-files.txt  2013-06-11 18:49
.
Vor Suchlauf: 20 Verzeichnis(se), 314.503.831.552 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 314.083.713.024 Bytes frei
.
- - End Of File - - D0EB06CCA196836D04A3E546CF700DB3

--- --- ---
A3673A5356641CE5018401BC42D7286C

Delta Search

Log-Analyse und Auswertung: Delta Search

Delta Search

Ähnliche Themen: Delta Search