hier ist die Log-Datei von Combofix
Code:
Alles auswählen Aufklappen ATTFilter
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 13-08-12.01 - Timon 12.08.2013 22:28:30.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5413 [GMT 1:00]
ausgeführt von:: c:\users\Timon\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-12 bis 2013-08-12 ))))))))))))))))))))))))))))))
.
.
2013-08-12 21:35 . 2013-08-12 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-05 20:45 . 2013-08-05 20:45 -------- d-----w- c:\windows\Profiles
2013-08-02 08:46 . 2013-08-02 08:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-08-02 08:46 . 2013-08-02 08:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-02 08:46 . 2013-08-02 08:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-02 08:46 . 2013-08-02 08:46 -------- d-----w- c:\program files (x86)\Java
2013-07-31 21:25 . 2013-08-04 18:46 -------- d-----w- c:\users\Timon\AppData\Local\LogMeIn Hamachi
2013-07-31 12:54 . 2009-03-18 16:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2013-07-31 12:54 . 2013-07-31 12:54 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-07-27 22:38 . 2013-07-27 22:38 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F8559CF-9FA5-4E98-A68C-0A1D59736F58}\offreg.dll
2013-07-26 19:59 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F8559CF-9FA5-4E98-A68C-0A1D59736F58}\mpengine.dll
2013-07-18 22:35 . 2013-08-06 10:14 -------- d-----w- c:\users\Timon\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-02 08:46 . 2011-10-05 19:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-10 00:00 . 2013-05-07 10:03 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-11 23:43 . 2013-07-13 15:53 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-13 15:53 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-13 15:53 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-13 15:53 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-13 15:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-13 15:53 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-13 15:53 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-13 15:53 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-13 15:53 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-13 15:53 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-13 15:53 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-13 15:53 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-13 15:53 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-13 15:53 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-13 15:53 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-13 15:53 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-13 15:53 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-13 15:53 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-13 15:53 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-13 15:53 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-13 15:53 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-13 15:53 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-12 11:10 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-12 11:10 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-12 11:10 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-23 21:59 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 05:47 . 2013-05-15 05:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-15 05:47 . 2013-05-15 05:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-15 05:47 . 2013-05-15 05:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-15 05:47 . 2013-05-15 05:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-15 05:47 . 2013-05-15 05:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-15 05:47 . 2013-05-15 05:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-15 05:47 . 2013-05-15 05:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-15 05:47 . 2013-05-15 05:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-15 05:47 . 2013-05-15 05:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-15 05:47 . 2013-05-15 05:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-15 05:47 . 2013-05-15 05:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-15 05:47 . 2013-05-15 05:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-15 05:47 . 2013-05-15 05:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-15 05:47 . 2013-05-15 05:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-15 05:47 . 2013-05-15 05:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-15 05:47 . 2013-05-15 05:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-15 05:47 . 2013-05-15 05:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-15 05:47 . 2013-05-15 05:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-15 05:47 . 2013-05-15 05:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-15 05:47 . 2013-05-15 05:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-15 05:47 . 2013-05-15 05:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-15 05:47 . 2013-05-15 05:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-15 05:47 . 2013-05-15 05:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-15 05:47 . 2013-05-15 05:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-15 05:47 . 2013-05-15 05:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-15 05:47 . 2013-05-15 05:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-15 05:47 . 2013-05-15 05:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-15 05:47 . 2013-05-15 05:47 441856 ----a-w- c:\windows\system32\html.iec
2013-05-15 05:47 . 2013-05-15 05:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-15 05:47 . 2013-05-15 05:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-15 05:47 . 2013-05-15 05:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-15 05:47 . 2013-05-15 05:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-15 05:47 . 2013-05-15 05:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-15 05:47 . 2013-05-15 05:47 235008 ----a-w- c:\windows\system32\url.dll
2013-05-15 05:47 . 2013-05-15 05:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-15 05:47 . 2013-05-15 05:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-15 05:47 . 2013-05-15 05:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-15 05:47 . 2013-05-15 05:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-15 05:47 . 2013-05-15 05:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-15 05:47 . 2013-05-15 05:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-15 05:47 . 2013-05-15 05:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-15 05:47 . 2013-05-15 05:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-15 05:47 . 2013-05-15 05:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-15 05:47 . 2013-05-15 05:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-15 05:47 . 2013-05-15 05:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-15 05:47 . 2013-05-15 05:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-15 05:47 . 2013-05-15 05:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-15 05:47 . 2013-05-15 05:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-15 05:47 . 2013-05-15 05:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-15 05:46 . 2013-05-15 05:46 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-15 05:46 . 2013-05-15 05:46 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-15 05:46 . 2013-05-15 05:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-15 05:46 . 2013-05-15 05:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-15 05:46 . 2013-05-15 05:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-15 05:46 . 2013-05-15 05:46 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-15 05:46 . 2013-05-15 05:46 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-15 05:46 . 2013-05-15 05:46 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-15 05:46 . 2013-05-15 05:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-15 05:46 . 2013-05-15 05:46 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:14 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Timon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-12 1104384]
"Spotify"="c:\users\Timon\AppData\Roaming\Spotify\Spotify.exe" [2013-07-12 4640768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-10 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Timon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Timon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0001711375901553mcinstcleanup;McAfee Application Installer Cleanup (0001711375901553);c:\windows\TEMP\000171~1.EXE;c:\windows\TEMP\000171~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Timon\AppData\Local\Temp\ALSysIO64.sys;c:\users\Timon\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 14:10]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 14:10]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1080726024-2515634446-1135583900-1000Core.job
- c:\users\Timon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 21:34]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1080726024-2515634446-1135583900-1000UA.job
- c:\users\Timon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 21:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.astrouhr.telebus.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Timon\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Timon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Prof.Tim-Die Rückkehr der verrückten Werkstatt - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-12 22:42:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-12 21:42
.
Vor Suchlauf: 12 Verzeichnis(se), 358.694.592.512 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 359.032.127.488 Bytes frei
.
- - End Of File - - 704D2B17726C83F673406C1E4AFE1187
--- --- ---
D41D8CD98F00B204E9800998ECF8427E
Danke
12.08.2013, 22:54
Baum-Darstellung