Combofix Logfile:
Code:
ComboFix 14-05-13.01 - laura 14.05.2014 15:48:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4008.2303 [GMT 2:00]
ausgeführt von:: c:\users\laura\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2EB00780-ABD4-49B8-8292-4155BAC2874F}.xps
c:\users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5B464A8C-AE44-45C2-A077-237DA2BBAC95}.xps
c:\users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\{66B32BF2-BF38-4341-897E-43CA291EE698}.xps
c:\users\laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4F83313-ED64-4AE7-AE9B-0A0A56C2B698}.xps
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-14 bis 2014-05-14 ))))))))))))))))))))))))))))))
.
.
2014-05-14 13:58 . 2014-05-14 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-14 13:58 . 2014-05-14 13:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-14 12:49 . 2014-05-14 12:49 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-05-14 09:17 . 2014-05-14 09:20 -------- d-----w- C:\FRST
2014-05-14 08:43 . 2014-05-14 08:43 -------- d-sh--w- c:\users\laura\AppData\Local\EmieUserList
2014-05-14 08:43 . 2014-05-14 08:43 -------- d-sh--w- c:\users\laura\AppData\Local\EmieSiteList
2014-05-14 08:19 . 2014-05-14 08:20 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 08:19 . 2014-05-14 08:19 -------- d-----w- c:\programdata\Malwarebytes
2014-05-13 06:55 . 2014-05-14 12:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-13 06:55 . 2014-05-14 12:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-13 06:54 . 2014-05-13 06:54 -------- d-----w- c:\users\laura\AppData\Local\Programs
2014-05-07 22:34 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-07 22:34 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 22:34 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-06 21:43 . 2014-05-06 21:43 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 12:24 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 12:24 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-30 16:43 . 2014-05-01 10:23 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 12:54 . 2011-03-17 22:46 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-05-14 12:54 . 2011-03-17 20:59 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2014-05-14 12:54 . 2011-07-31 17:33 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2014-04-09 20:14 . 2011-09-14 12:46 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 08:01 . 2011-03-17 21:00 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2014-03-13 08:01 . 2011-03-17 20:59 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2014-03-04 09:44 . 2014-04-09 08:16 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 08:16 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 08:16 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 08:16 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 08:16 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 08:16 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 08:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 08:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 08:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 08:16 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 08:16 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2014-04-10 08:59 423744 ----a-w- c:\users\laura\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\laura\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD2.dll" [2014-04-10 423744]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AmazonMP3DownloaderHelper"="c:\users\laura\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
"BackgroundContainerV2"="c:\users\laura\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2014-03-31 325952]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-15 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-3-18 548528]
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-3-18 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 18:06 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 21:38]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 21:38]
.
2014-05-12 c:\windows\Tasks\ReclaimerUpdateFiles_laura.job
- c:\users\laura\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-25 12:32]
.
2014-05-14 c:\windows\Tasks\ReclaimerUpdateXML_laura.job
- c:\users\laura\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-25 12:32]
.
2014-05-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_laura.job
- c:\users\laura\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-25 12:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-17 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-17 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-17 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-17 2188904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{51CF287F-D0CB-4E5D-822C-BC27750B5293}: NameServer = 139.7.30.126 139.7.30.125
TCP: Interfaces\{CD035092-BDD6-47F1-BC92-75EB321CF9C7}: NameServer = 139.7.30.126 139.7.30.125
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"=hex:51,66,7a,6c,4c,1d,38,12,43,d9,34,
04,c0,87,65,0e,d1,13,a1,8d,1e,85,28,eb
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=hex:51,66,7a,6c,4c,1d,38,12,6b,d7,31,
bd,21,23,45,0f,d1,9f,4b,e0,35,84,00,16
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:9c,70,37,cd,77,31,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-14 16:03:53
ComboFix-quarantined-files.txt 2014-05-14 14:03
.
Vor Suchlauf: 5.944.475.648 Bytes frei
Nach Suchlauf: 7.742.906.368 Bytes frei
.
- - End Of File - - BA499E5850054AAA56019960D6FD9E95
--- --- ---
Ich sollte ja mitteilen, falls mein Virenscan von Combofix angemahnt wird, das war tatsächlich der Fall, ich hatte den Avira Scan auf 'use Extension files' eingestellt...besser wusste ich es nicht zu bewerkstelligen.
Avira AntiVir Personal
Report file date: Mittwoch, 14. Mai 2014 16:33
Scanning for 6828912 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LAURALAPTOP
Version information:
BUILD.DAT : 10.2.0.2100 36757 Bytes 24.06.2013 22:26:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 01.08.2011 17:49:22
AVSCAN.DLL : 10.0.5.0 47464 Bytes 01.08.2011 17:49:22
LUKE.DLL : 10.3.0.5 45416 Bytes 01.08.2011 17:49:23
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 22:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 01.08.2011 17:49:23
AVREG.DLL : 10.3.0.9 88833 Bytes 01.08.2011 17:49:23
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:52:25
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 12:01:08
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 14:28:35
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 12:19:59
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:12:51
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 09:57:07
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 12:54:05
VBASE007.VDF : 7.11.145.136 2117120 Bytes 28.04.2014 10:15:16
VBASE008.VDF : 7.11.145.137 2048 Bytes 28.04.2014 10:15:16
VBASE009.VDF : 7.11.145.138 2048 Bytes 28.04.2014 10:15:16
VBASE010.VDF : 7.11.145.139 2048 Bytes 28.04.2014 10:15:16
VBASE011.VDF : 7.11.145.140 2048 Bytes 28.04.2014 10:15:16
VBASE012.VDF : 7.11.145.141 2048 Bytes 28.04.2014 10:15:16
VBASE013.VDF : 7.11.146.20 166912 Bytes 29.04.2014 10:15:16
VBASE014.VDF : 7.11.146.131 194048 Bytes 01.05.2014 09:56:06
VBASE015.VDF : 7.11.146.243 167936 Bytes 03.05.2014 09:56:06
VBASE016.VDF : 7.11.147.97 122368 Bytes 05.05.2014 08:43:01
VBASE017.VDF : 7.11.147.207 169472 Bytes 06.05.2014 08:43:01
VBASE018.VDF : 7.11.148.61 174080 Bytes 08.05.2014 11:27:07
VBASE019.VDF : 7.11.148.149 257024 Bytes 09.05.2014 11:27:07
VBASE020.VDF : 7.11.148.241 135168 Bytes 12.05.2014 07:37:31
VBASE021.VDF : 7.11.149.61 139264 Bytes 13.05.2014 07:37:31
VBASE022.VDF : 7.11.149.62 2048 Bytes 13.05.2014 07:37:31
VBASE023.VDF : 7.11.149.63 2048 Bytes 13.05.2014 07:37:31
VBASE024.VDF : 7.11.149.64 2048 Bytes 13.05.2014 07:37:31
VBASE025.VDF : 7.11.149.65 2048 Bytes 13.05.2014 07:37:31
VBASE026.VDF : 7.11.149.66 2048 Bytes 13.05.2014 07:37:31
VBASE027.VDF : 7.11.149.67 2048 Bytes 13.05.2014 07:37:31
VBASE028.VDF : 7.11.149.68 2048 Bytes 13.05.2014 07:37:31
VBASE029.VDF : 7.11.149.69 2048 Bytes 13.05.2014 07:37:31
VBASE030.VDF : 7.11.149.70 2048 Bytes 13.05.2014 07:37:31
VBASE031.VDF : 7.11.149.134 221184 Bytes 14.05.2014 07:37:32
Engineversion : 8.3.18.20
AEVDF.DLL : 8.3.0.4 118976 Bytes 21.03.2014 11:35:06
AESCRIPT.DLL : 8.1.4.202 528584 Bytes 11.05.2014 11:27:13
AESCN.DLL : 8.3.0.2 135360 Bytes 21.03.2014 11:35:05
AESBX.DLL : 8.2.20.24 1409224 Bytes 11.05.2014 11:27:14
AERDL.DLL : 8.2.0.138 704888 Bytes 03.12.2013 15:20:58
AEPACK.DLL : 8.4.0.24 778440 Bytes 14.05.2014 07:37:32
AEOFFICE.DLL : 8.3.0.4 205000 Bytes 18.04.2014 08:49:03
AEHEUR.DLL : 8.1.4.1054 6697160 Bytes 11.05.2014 11:27:13
AEHELP.DLL : 8.3.0.0 274808 Bytes 15.03.2014 16:47:15
AEGEN.DLL : 8.1.7.26 450752 Bytes 18.04.2014 08:49:02
AEEXP.DLL : 8.4.1.312 569544 Bytes 01.05.2014 10:15:19
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 10:42:39
AECORE.DLL : 8.3.0.6 241864 Bytes 21.03.2014 11:34:59
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 11:25:55
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 01.08.2011 17:49:22
AVREP.DLL : 10.0.0.10 174120 Bytes 01.08.2011 17:49:23
AVARKT.DLL : 10.0.26.1 255336 Bytes 01.08.2011 17:49:22
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 01.08.2011 17:49:22
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 01.08.2011 17:49:22
RCTEXT.DLL : 10.0.64.0 97640 Bytes 01.08.2011 17:49:22
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Start of the scan: Mittwoch, 14. Mai 2014 16:33
Starting search for hidden objects.
While loading the module (AVARKT.DLL) the following error occured:
The file does not exist!
AVARKT.DLL
The scan of running processes will be started
Scan process 'chrome.exe' - '52' Module(s) have been scanned
Scan process 'chrome.exe' - '52' Module(s) have been scanned
Scan process 'chrome.exe' - '62' Module(s) have been scanned
Scan process 'chrome.exe' - '90' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '31' Module(s) have been scanned
Scan process 'avcenter.exe' - '99' Module(s) have been scanned
Scan process 'thunderbird.exe' - '116' Module(s) have been scanned
Scan process 'daemonu.exe' - '42' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '39' Module(s) have been scanned
Scan process 'realsched.exe' - '39' Module(s) have been scanned
Scan process 'avgnt.exe' - '71' Module(s) have been scanned
Scan process 'wcourier.exe' - '40' Module(s) have been scanned
Scan process 'SonicFocusTray.exe' - '39' Module(s) have been scanned
Scan process 'HControlUser.exe' - '19' Module(s) have been scanned
Scan process 'DMedia.exe' - '27' Module(s) have been scanned
Scan process 'AudibleDownloadHelper.exe' - '76' Module(s) have been scanned
Scan process 'Skype.exe' - '120' Module(s) have been scanned
Scan process 'rundll32.exe' - '65' Module(s) have been scanned
Scan process 'AmazonMP3DownloaderHelper.exe' - '43' Module(s) have been scanned
Scan process 'AsScrPro.exe' - '33' Module(s) have been scanned
Scan process 'LiveUpdate.exe' - '111' Module(s) have been scanned
Scan process 'DCSHelper.exe' - '30' Module(s) have been scanned
Scan process 'sensorsrv.exe' - '28' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '29' Module(s) have been scanned
Scan process 'rpcnet.exe' - '59' Module(s) have been scanned
Scan process 'ouc.exe' - '27' Module(s) have been scanned
Scan process 'avguard.exe' - '70' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Scan process 'GFNEXSrv.exe' - '10' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '21' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '228' files ).
Starting the file scan:
Begin scan in 'C:\' <OS>
Begin scan in 'D:\' <DATA>
D:\LAURALAPTOP\Backup Set 2013-02-24 190001\Backup Files 2013-03-17 190001\Backup files 2.zip
[0] Archive type: ZIP
--> C/Users/laura/Downloads/FlashPlayer_V.23874109c.exe
[1] Archive type: NSIS
--> ProgramFilesDir/setup__120.exe
[DETECTION] Contains virus patterns of Adware ADWARE/WhiteSmoke.BA
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
D:\LAURALAPTOP\Backup Set 2013-08-04 190002\Backup Files 2013-09-08 190001\Backup files 2.zip
[0] Archive type: ZIP
--> C/Users/laura/Downloads/The.Taste.S01E04.HDTV.x264 2HD.mp4.flv__3039_i66854854_il5445127.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Amonetize.Q.2
D:\LAURALAPTOP\Backup Set 2014-03-17 115821\Backup Files 2014-04-02 091210\Backup files 4.zip
[0] Archive type: ZIP
--> C/Users/laura/Downloads/Player-Chrome.exe
[DETECTION] Contains virus patterns of Adware ADWARE/iBryte.bxjh
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
D:\LAURALAPTOP\Backup Set 2014-03-17 115821\Backup Files 2014-05-04 192203\Backup files 2.zip
[0] Archive type: ZIP
--> C/Users/laura/Downloads/VLCPlus_Setup.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Linkular.D
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
Beginning disinfection:
D:\LAURALAPTOP\Backup Set 2014-03-17 115821\Backup Files 2014-05-04 192203\Backup files 2.zip
[DETECTION] Contains virus patterns of Adware ADWARE/Linkular.D
[WARNING] The file was ignored!
D:\LAURALAPTOP\Backup Set 2014-03-17 115821\Backup Files 2014-04-02 091210\Backup files 4.zip
[DETECTION] Contains virus patterns of Adware ADWARE/iBryte.bxjh
[WARNING] The file was ignored!
D:\LAURALAPTOP\Backup Set 2013-08-04 190002\Backup Files 2013-09-08 190001\Backup files 2.zip
[DETECTION] Contains virus patterns of Adware ADWARE/Amonetize.Q.2
[NOTE] The file was moved to the quarantine directory under the name '542e0ceb.qua'.
D:\LAURALAPTOP\Backup Set 2013-02-24 190001\Backup Files 2013-03-17 190001\Backup files 2.zip
[DETECTION] Contains virus patterns of Adware ADWARE/WhiteSmoke.BA
[WARNING] The file was ignored!
End of the scan: Mittwoch, 14. Mai 2014 19:57
Used time: 3:22:30 Hour(s)
The scan has been done completely.
64916 Scanned directories
1286538 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1286534 Files not concerned
32342 Archives were scanned
3 Warnings
1 Notes
FRAGE: Soll ich noch die GMER-Installation und Reporterstellung durchführen oder ist die überflüssig nach Combofix?
Danke für eine Rückmeldung
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
So funktioniert es:
SecurityCheck und:
