Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 15-07-08.01 - AnimaAngelo 09.07.2015 23:36:26.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6124.3404 [GMT 2:00]
ausgeführt von:: c:\users\AnimaAngelo\Desktop\ComboFix.exe
AV: G DATA TOTAL PROTECTION *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G*DATA Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G DATA TOTAL PROTECTION *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-06-09 bis 2015-07-09 ))))))))))))))))))))))))))))))
.
.
2015-07-09 21:50 . 2015-07-09 21:50 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-07-09 21:50 . 2015-07-09 21:50 -------- d-----w- c:\users\Lea&Pia.man\AppData\Local\temp
2015-07-09 21:50 . 2015-07-09 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-07 20:34 . 2015-07-07 20:38 -------- d-----w- C:\FRST
2015-07-07 20:06 . 2015-07-07 20:06 75776 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2015-07-07 20:05 . 2015-07-07 20:05 98760 ----a-w- c:\windows\system32\drivers\TS4nt.sys
2015-07-07 20:05 . 2015-07-07 20:05 27648 ----a-w- c:\windows\system32\drivers\GDKBB64.sys
2015-07-07 20:05 . 2015-07-07 20:05 20992 ----a-w- c:\windows\system32\drivers\GDKBFlt64.sys
2015-07-07 20:04 . 2015-07-07 20:04 64512 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2015-07-07 20:03 . 2015-07-07 20:03 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2015-07-07 20:03 . 2015-07-07 20:03 230400 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2015-07-07 20:03 . 2015-07-07 20:03 150016 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2015-07-07 20:03 . 2015-07-07 20:03 124928 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2015-07-07 20:02 . 2015-07-07 20:02 -------- d-----w- c:\programdata\G DATA Software
2015-07-07 20:01 . 2015-07-07 20:01 -------- d-----w- c:\program files (x86)\Common Files\G Data
2015-07-07 18:58 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-07-07 18:58 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-07-05 17:09 . 2015-07-05 17:09 -------- d-----w- c:\users\AnimaAngelo\AppData\Roaming\Command and Conquer 3 Tiberium Wars
2015-07-05 17:06 . 2015-07-05 17:06 -------- d-----w- c:\users\AnimaAngelo\AppData\Roaming\Command and Conquer 3 Kanes Wrath
2015-06-28 11:21 . 2015-06-28 11:21 -------- d-----w- c:\users\AnimaAngelo\.thumbnails
2015-06-28 10:37 . 2015-06-28 11:31 -------- d-----w- c:\users\AnimaAngelo\AppData\Local\gtk-2.0
2015-06-28 10:28 . 2015-06-28 10:28 -------- d-----w- c:\users\AnimaAngelo\AppData\Local\fontconfig
2015-06-28 10:28 . 2015-06-28 11:51 -------- d-----w- c:\users\AnimaAngelo\.gimp-2.8
2015-06-28 10:28 . 2015-06-28 10:28 -------- d-----w- c:\users\AnimaAngelo\AppData\Local\gegl-0.2
2015-06-28 10:10 . 2015-06-28 10:15 -------- d-----w- c:\program files\GIMP 2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-01 16:13 . 2014-10-03 13:59 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-05-30 13:10 . 2015-05-30 13:10 30424 ----a-w- c:\windows\system32\drivers\ggsomc.sys
2015-05-30 13:10 . 2015-05-30 13:10 16088 ----a-w- c:\windows\system32\drivers\ggflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-06-23 37152]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleChromeAutoLaunch_E24E5488099F34B5CE81DB9BDD8DD73F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-07-07 813896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"GDFirewallTray"="c:\program files (x86)\G DATA\TotalProtection\Firewall\GDFirewallTray.exe" [2015-02-20 1855608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
R3 GDTunerSvc;G*DATA Tuner Service;c:\program files (x86)\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe;c:\program files (x86)\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [x]
R3 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 X6va028;X6va028;c:\windows\SysWOW64\Drivers\X6va028;c:\windows\SysWOW64\Drivers\X6va028 [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys;c:\windows\SYSNATIVE\Drivers\TS4nt.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AVKProxy;G*DATA*ANTIVIRUS Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G*DATA Scheduler;c:\program files (x86)\G DATA\TotalProtection\AVK\AVKService.exe;c:\program files (x86)\G DATA\TotalProtection\AVK\AVKService.exe [x]
S2 AVKWCtl;G*DATA Dateisystem Wächter;c:\program files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe;c:\program files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 GDBackupSvc;G*DATA Backup Service;c:\program files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe;c:\program files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 GDFwSvc;G*DATA Personal Firewall;c:\program files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe [x]
S3 GDKBB;G Data GDKBB Driver;c:\windows\system32\drivers\GDKBB64.sys;c:\windows\SYSNATIVE\drivers\GDKBB64.sys [x]
S3 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G*DATA Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TSNxGService;G DATA Datensafe Service;c:\program files (x86)\G DATA\TotalProtection\TSNxG\TSNxGService.exe;c:\program files (x86)\G DATA\TotalProtection\TSNxG\TSNxGService.exe [x]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys;c:\windows\SYSNATIVE\DRIVERS\uvhid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 18:07 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-04 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2014-10-03 07:06]
.
2015-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03 12:46]
.
2015-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03 12:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\AnimaAngelo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about Ok ich hoffe mal nun ist es richtig und komplett.
09.07.2015, 22:58
Hybrid-Darstellung
