Combofix Logfile

Lloky · 11.05.2014, 16:49

Hallo, als Ich meine Windows Firewall nicht mehr aktivieren konnte hab ich Combofix ausgeführt, wollte nun fragen ob sich jemand meine Logfile mal anschauen könnte ob nun alles in Ordnung ist

Zitat:

ComboFix 14-05-10.01 - Sebastian 11.05.2014 17:21:38.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.8175.6349 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SET5741.tmp
c:\windows\SysWow64\SET5A32.tmp
c:\windows\SysWow64\SET62BF.tmp
c:\windows\SysWow64\SET67F2.tmp
c:\windows\SysWow64\SET6823.tmp
c:\windows\SysWow64\SET6854.tmp
c:\windows\SysWow64\SET6993.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-11 bis 2014-05-11 ))))))))))))))))))))))))))))))
.
.
2014-05-11 14:37 . 2014-05-11 15:28 -------- d-----w- c:\windows\system32\wbem\repository
2014-05-11 12:22 . 2014-05-11 12:22 -------- d-----w- c:\users\Sebastian\AppData\Local\Downloaded Installations
2014-05-11 12:21 . 2014-05-11 12:21 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Avira
2014-05-11 12:19 . 2014-02-25 09:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-05-11 12:19 . 2014-02-25 09:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-11 12:19 . 2014-02-25 09:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-11 12:19 . 2014-05-11 12:19 -------- d-----w- c:\programdata\Avira
2014-05-08 17:20 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-08 17:20 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-08 17:20 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-06 15:13 . 2014-05-06 15:13 -------- d-----w- c:\program files (x86)\MSECache
2014-05-06 15:00 . 2014-03-06 08:53 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-05-06 14:38 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 14:38 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-04 15:43 . 2014-05-11 12:19 -------- d-----w- c:\program files (x86)\Avira
2014-05-04 13:15 . 2014-05-04 13:20 -------- d-----w- c:\users\Sebastian\AppData\Roaming\SpaceEngineers
2014-05-01 11:34 . 2014-05-01 11:34 17931952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-04-16 18:14 . 2014-04-16 18:14 -------- d-----w- c:\users\Sebastian\AppData\Local\Programs
2014-04-16 17:34 . 2014-04-16 17:34 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2014-04-16 17:34 . 2014-04-16 17:34 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2014-04-16 17:34 . 2004-07-15 22:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2014-04-16 17:34 . 2004-07-15 22:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2014-04-16 17:34 . 2004-07-15 22:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2014-04-16 17:34 . 2004-07-15 22:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2014-04-16 17:34 . 2004-07-15 22:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2014-04-16 17:28 . 2014-04-16 17:36 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2014-04-16 17:27 . 2014-04-16 17:36 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-11 13:16 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll
2014-05-11 13:16 . 2010-11-21 03:24 1008128 ----a-w- c:\windows\system32\user32.dll
2014-05-11 13:16 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-05-11 13:16 . 2009-07-13 23:51 381952 ----a-w- c:\windows\system32\sppcommdlg.dll
2014-05-11 13:16 . 2010-11-21 03:24 15360 ----a-w- c:\windows\system32\slwga.dll
2014-05-11 13:16 . 2009-07-13 23:52 142336 ----a-w- c:\windows\system32\sppwmi.dll
2014-05-11 13:14 . 2010-11-21 03:24 389632 ----a-w- c:\windows\system32\winlogon.exe
2014-05-11 13:14 . 2010-11-21 03:24 349696 ----a-w- c:\windows\system32\slui.exe
2014-05-11 13:14 . 2009-07-13 23:57 2048 ----a-w- c:\windows\system32\winver.exe
2014-05-11 13:14 . 2009-06-10 20:59 107946 ----a-w- c:\windows\system32\slmgr.vbs
2014-05-01 11:34 . 2012-05-27 01:02 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 11:34 . 2012-05-27 01:02 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-12 12:28 . 2011-10-10 15:51 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-12 09:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-16 13:45 . 2014-02-16 13:45 0 ----a-w- c:\windows\SysWow64\FAP2E4C.tmp
2014-02-16 13:44 . 2014-02-16 13:44 0 ----a-w- c:\windows\SysWow64\FAPAD3.tmp
2014-02-16 13:44 . 2014-02-16 13:44 0 ----a-w- c:\windows\SysWow64\FAPBDDA.tmp
2014-02-16 13:44 . 2014-02-16 13:44 0 ----a-w- c:\windows\SysWow64\FAP5FE1.tmp
2014-02-16 13:43 . 2014-02-16 13:43 0 ----a-w- c:\windows\SysWow64\FAPE350.tmp
2014-02-16 13:43 . 2014-02-16 13:43 0 ----a-w- c:\windows\SysWow64\FAP6CF7.tmp
2014-02-16 13:41 . 2014-02-16 13:41 0 ----a-w- c:\windows\SysWow64\FAP6CB6.tmp
2014-02-16 13:40 . 2014-02-16 13:40 0 ----a-w- c:\windows\SysWow64\FAP5DA7.tmp
2014-02-16 13:30 . 2014-02-16 13:30 0 ----a-w- c:\windows\SysWow64\FAP5961.tmp
2014-02-16 13:30 . 2014-02-16 13:30 0 ----a-w- c:\windows\SysWow64\FAP52DA.tmp
2014-02-16 13:29 . 2014-02-16 13:29 0 ----a-w- c:\windows\SysWow64\FAP291A.tmp
2014-02-16 13:24 . 2014-02-16 13:24 0 ----a-w- c:\windows\SysWow64\FAPEDFB.tmp
2014-02-16 13:24 . 2014-02-16 13:24 0 ----a-w- c:\windows\SysWow64\FAPEC35.tmp
2014-02-16 13:24 . 2014-02-16 13:24 0 ----a-w- c:\windows\SysWow64\FAPDD93.tmp
2014-02-16 12:14 . 2014-02-16 12:14 0 ----a-w- c:\windows\SysWow64\FAPBDB1.tmp
2014-02-16 12:13 . 2014-02-16 12:13 0 ----a-w- c:\windows\SysWow64\FAPB9C8.tmp
2014-02-16 12:13 . 2014-02-16 12:13 0 ----a-w- c:\windows\SysWow64\FAPAB07.tmp
2014-02-16 12:13 . 2014-02-16 12:13 0 ----a-w- c:\windows\SysWow64\FAP89EE.tmp
2014-02-16 12:12 . 2014-02-16 12:12 0 ----a-w- c:\windows\SysWow64\FAP7E1A.tmp
2014-02-16 12:12 . 2014-02-16 12:12 0 ----a-w- c:\windows\SysWow64\FAP6193.tmp
2014-02-16 12:11 . 2014-02-16 12:11 0 ----a-w- c:\windows\SysWow64\FAPB951.tmp
2014-02-16 12:11 . 2014-02-16 12:11 0 ----a-w- c:\windows\SysWow64\FAPB940.tmp
2014-02-16 12:05 . 2014-02-16 12:05 0 ----a-w- c:\windows\SysWow64\FAPFA33.tmp
2014-02-16 12:05 . 2014-02-16 12:05 0 ----a-w- c:\windows\SysWow64\FAPF0BF.tmp
2014-02-16 12:05 . 2014-02-16 12:05 0 ----a-w- c:\windows\SysWow64\FAPF0AE.tmp
2014-02-16 12:04 . 2014-02-16 12:04 0 ----a-w- c:\windows\SysWow64\FAPD8D8.tmp
2014-02-16 12:04 . 2014-02-16 12:04 0 ----a-w- c:\windows\SysWow64\FAPCC87.tmp
2014-02-16 12:04 . 2014-02-16 12:04 0 ----a-w- c:\windows\SysWow64\FAPBD97.tmp
2014-02-16 12:01 . 2014-02-16 12:01 0 ----a-w- c:\windows\SysWow64\FAP2E60.tmp
2014-02-16 12:01 . 2014-02-16 12:01 0 ----a-w- c:\windows\SysWow64\FAP2366.tmp
2014-02-16 12:01 . 2014-02-16 12:01 0 ----a-w- c:\windows\SysWow64\FAP2355.tmp
2014-02-16 12:01 . 2014-02-16 12:01 0 ----a-w- c:\windows\SysWow64\FAPDFCE.tmp
2014-02-16 11:59 . 2014-02-16 11:59 0 ----a-w- c:\windows\SysWow64\FAP47F0.tmp
2014-02-16 11:59 . 2014-02-16 11:59 0 ----a-w- c:\windows\SysWow64\FAP3D83.tmp
2014-02-16 11:59 . 2014-02-16 11:59 0 ----a-w- c:\windows\SysWow64\FAP3D71.tmp
2014-02-16 11:58 . 2014-02-16 11:58 0 ----a-w- c:\windows\SysWow64\FAP46C2.tmp
2014-02-16 11:56 . 2014-02-16 11:56 0 ----a-w- c:\windows\SysWow64\FAP1860.tmp
2014-02-16 11:56 . 2014-02-16 11:56 0 ----a-w- c:\windows\SysWow64\FAPE12.tmp
2014-02-16 11:56 . 2014-02-16 11:56 0 ----a-w- c:\windows\SysWow64\FAPE00.tmp
2014-02-16 11:56 . 2014-02-16 11:56 0 ----a-w- c:\windows\SysWow64\FAPC3C5.tmp
2014-02-16 11:55 . 2014-02-16 11:55 0 ----a-w- c:\windows\SysWow64\FAP69E1.tmp
2014-02-16 11:54 . 2014-02-16 11:54 0 ----a-w- c:\windows\SysWow64\FAP395E.tmp
2014-02-16 11:54 . 2014-02-16 11:54 0 ----a-w- c:\windows\SysWow64\FAP3066.tmp
2014-02-16 11:54 . 2014-02-16 11:54 0 ----a-w- c:\windows\SysWow64\FAP3055.tmp
2014-02-16 11:53 . 2014-02-16 11:53 0 ----a-w- c:\windows\SysWow64\FAP4C8A.tmp
2014-02-16 11:53 . 2014-02-16 11:53 0 ----a-w- c:\windows\SysWow64\FAP3A11.tmp
2014-02-16 11:53 . 2014-02-16 11:53 0 ----a-w- c:\windows\SysWow64\FAP39E0.tmp
2014-02-16 11:52 . 2014-02-16 11:52 0 ----a-w- c:\windows\SysWow64\FAP4C07.tmp
2014-02-16 11:52 . 2014-02-16 11:52 0 ----a-w- c:\windows\SysWow64\FAP2D5E.tmp
2014-02-16 11:52 . 2014-02-16 11:52 0 ----a-w- c:\windows\SysWow64\FAP2D5C.tmp
2014-02-16 11:52 . 2014-02-16 11:52 0 ----a-w- c:\windows\SysWow64\FAPDEDD.tmp
2014-02-16 11:52 . 2014-02-16 11:52 0 ----a-w- c:\windows\SysWow64\FAPDCF7.tmp
2014-02-16 11:51 . 2014-02-16 11:51 0 ----a-w- c:\windows\SysWow64\FAPEFD9.tmp
2014-02-16 11:10 . 2014-02-16 11:10 0 ----a-w- c:\windows\SysWow64\FAP730A.tmp
2014-02-16 11:10 . 2014-02-16 11:10 0 ----a-w- c:\windows\SysWow64\FAP69F3.tmp
2014-02-16 11:10 . 2014-02-16 11:10 0 ----a-w- c:\windows\SysWow64\FAP48CB.tmp
2014-02-16 11:09 . 2014-02-16 11:09 0 ----a-w- c:\windows\SysWow64\FAP498.tmp
2014-02-16 11:09 . 2014-02-16 11:09 0 ----a-w- c:\windows\SysWow64\FAP467.tmp
2014-02-16 11:09 . 2014-02-16 11:09 0 ----a-w- c:\windows\SysWow64\FAPED0F.tmp
2014-02-16 11:09 . 2014-02-16 11:09 0 ----a-w- c:\windows\SysWow64\FAP92DC.tmp
2014-02-16 11:09 . 2014-02-16 11:09 0 ----a-w- c:\windows\SysWow64\FAP8718.tmp
2014-02-16 11:08 . 2014-02-16 11:08 0 ----a-w- c:\windows\SysWow64\FAPAA7D.tmp
2014-02-16 11:08 . 2014-02-16 11:08 0 ----a-w- c:\windows\SysWow64\FAPA8D6.tmp
2014-02-16 11:08 . 2014-02-16 11:08 0 ----a-w- c:\windows\SysWow64\FAP9728.tmp
2014-02-16 11:07 . 2014-02-16 11:07 0 ----a-w- c:\windows\SysWow64\FAP4A9C.tmp
2012-07-07 15:54 2169856 --sha-w- c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-05-11 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-05-11 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\steam\steam.exe" [2014-04-23 1825984]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE" [2013-03-04 241280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-04-15 3814736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe"
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 11:34]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 17:55]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 17:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-07-07 2169856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.claro-search.com/?affID=116061&tt=3712_7&babsrc=HP_iclro&mntrId=562dbc2f0000000000007a7905aece91
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\yagplasc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - 562dbc2f0000000000007a7905aece91
FF - user.js: extensions.claro.instlDay - 15598
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.113:09
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2585827865-2113932034-3510346713-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,31,b7,ce,52,e6,3a,20,c9,3c,6d,c6,81,10,be,83,7b,30,0d,94,2f,
48,38,b9,fa,3a,65,37,9e,37,f3,29,c2,0e,ca,79,53,8b,10,48,04,32,d1,4a,f4,e1,\
"rkeysecu"=hex:f7,9d,38,b0,9f,3d,d3,b1,66,c7,d3,13,59,ea,c0,90
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-11 17:33:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-11 15:33
.
Vor Suchlauf: 11 Verzeichnis(se), 29.107.970.048 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 28.523.958.272 Bytes frei
.
- - End Of File - - CD1AA9AF362C5D76F7D066618A92BA94
A36C5E4F47E84449FF07ED3517B43A31

Combofix Logfile

Log-Analyse und Auswertung: Combofix Logfile

Combofix Logfile

Ähnliche Themen: Combofix Logfile