ichnichtdu | 29.09.2014 22:21 | Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-09-2014 02
Ran by C. Nagelstübchen at 2014-09-29 21:38:14 Run:1
Running from C:\Users\C. Nagelstübchen\Desktop
Loaded Profile: C. Nagelstübchen (Available profiles: C. Nagelstübchen)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:52631;https=127.0.0.1:52631
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
==== End of Fixlog ==== Code:
ComboFix 14-09-29.02 - C. Nagelstübchen 29.09.2014 22:10:20.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2038.908 [GMT 2:00]
ausgeführt von:: c:\users\C. Nagelst³bchen\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\Windows Searchqu Toolbar
c:\programdata\2308189059
c:\programdata\2308189059\BITB665.tmp
c:\users\C. Nagelstübchen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\CA61B~1.NAG\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\DEBUG.log
c:\windows\system32\Packet.dll
c:\windows\system32\roboot.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ProtectMonitor
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-28 bis 2014-09-29 ))))))))))))))))))))))))))))))
.
.
2030-01-01 16:28 . 2011-08-02 21:39 -------- dc----w- C:\Boot
2014-09-29 19:50 . 2014-09-29 03:23 43096 ----a-w- c:\windows\system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw.sys
2014-09-29 19:50 . 2014-09-29 19:50 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9309F2D3-CAD2-48ED-AAA5-A51C233068D3}\MpKslff098b82.sys
2014-09-29 18:55 . 2014-09-29 18:55 -------- d-----w- c:\program files\VS Revo Group
2014-09-29 05:04 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9309F2D3-CAD2-48ED-AAA5-A51C233068D3}\mpengine.dll
2014-09-29 01:05 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-28 21:52 . 2014-09-29 06:52 -------- d-----w- c:\users\C. Nagelstübchen\AppData\Roaming\InetStat
2014-09-28 20:46 . 2014-09-29 19:38 -------- dc----w- C:\FRST
2014-09-28 17:49 . 2014-09-28 17:49 -------- d-----w- c:\users\C. Nagelstübchen\AppData\Roaming\Avira
2014-09-28 17:22 . 2014-09-29 19:44 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-28 17:18 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-28 17:18 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-28 17:18 . 2014-09-28 17:19 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-28 17:08 . 2014-09-29 20:47 -------- d-----w- c:\users\C. Nagelstübchen\AppData\Roaming\LookThisUp
2014-09-28 16:40 . 2014-09-28 16:36 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-09-28 16:29 . 2014-08-15 08:30 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-09-28 16:29 . 2014-08-15 08:30 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-09-28 16:29 . 2014-08-15 08:30 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-28 16:22 . 2014-09-28 16:29 -------- d-----w- c:\program files\Avira
2014-09-28 16:21 . 2014-09-28 16:21 -------- d-----w- c:\programdata\Package Cache
2014-09-28 13:42 . 2014-09-29 18:49 -------- d-----w- c:\program files\Krab Web
2014-09-28 13:35 . 2014-09-01 18:29 20480 ----a-w- c:\windows\system32\drivers\pcwatch.sys
2014-09-28 13:35 . 2014-09-01 18:28 304776 ----a-w- c:\windows\system32\MyOSProtect.dll
2014-09-28 13:35 . 2014-09-29 05:27 -------- d--h--w- c:\users\Public\Temp
2014-09-28 13:34 . 2014-09-28 13:34 -------- d-----w- c:\windows\Sun
2014-09-28 13:34 . 2014-09-28 13:34 -------- d-----w- c:\users\C. Nagelstübchen\AppData\Local\com
2014-09-28 13:33 . 2014-09-28 17:03 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-09-28 13:33 . 2014-09-28 13:33 -------- d-----w- c:\program files\predm
2014-09-28 13:32 . 2014-09-29 06:54 -------- d-----w- c:\users\C. Nagelstübchen\AppData\Roaming\omiga-plus
2014-09-28 13:32 . 2014-09-28 10:05 4834816 ----a-w- c:\windows\score.exe
2014-09-28 13:31 . 2014-09-28 13:31 -------- d-----w- c:\users\C. Nagelstübchen\AppData\Local\Programs
2014-09-28 13:31 . 2014-09-28 17:12 -------- d-----w- c:\program files\PCTRunner
2014-09-28 13:29 . 2014-09-28 13:32 -------- d-----w- c:\users\C. Nagelstübchen\AppData\Local\Genesis_09281329
2014-09-26 08:19 . 2014-09-26 08:18 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10E2B7B9-6926-4B04-BA37-693CD40D1D81}\gapaengine.dll
2014-09-26 08:03 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-12 10:58 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-12 09:43 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-09-11 18:05 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-11 18:05 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-11 18:04 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-11 18:04 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-11 18:03 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-11 18:03 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-02 19:55 . 2014-09-02 19:55 487483 -c--a-w- C:\monitor.exe
2014-09-02 19:55 . 2014-09-02 19:55 34244 -c--a-w- C:\monitorsvc.exe
2014-09-02 18:16 . 2014-09-02 18:16 634880 -c--a-w- C:\DirectControl.exe
2014-08-31 20:48 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-31 20:48 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 06:41 . 2011-05-22 12:40 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-10 07:12 . 2013-09-14 20:13 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-10 07:12 . 2013-09-14 20:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-31 20:38 . 2010-06-24 19:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-24 21:06 . 2013-10-20 18:29 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 16:05 . 2014-07-17 16:05 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2013-06-18 19:50 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-14 01:42 . 2014-08-17 13:40 654336 ----a-w- c:\windows\system32\rpcrt4.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-15 17:30 244328 ----a-w- c:\program files\SockshareDownloader\smarterdownloader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LookThisUp"="c:\users\C. Nagelstübchen\AppData\Roaming\LookThisUp\LookThisUp.exe" [2014-09-28 1848976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2013-06-20 391040]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-17 164656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2014-2-15 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^C. Nagelstübchen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\C. Nagelstübchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]
2010-11-16 12:54 2018032 ----a-w- c:\program files\ASUS\APRP\aprp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]
2011-05-22 12:04 2429 ----a-w- c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
2011-07-13 07:38 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2010-06-10 21:12 414384 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 11:45 138096 ----atw- c:\users\C. Nagelstübchen\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
2011-07-13 07:38 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-24 18:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
2011-07-13 07:38 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 03:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-24 18:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-07-13 07:38 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-24 18:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-12 21:54 8546848 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-03-18 15:47 448736 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarterBackgroundChanger]
2010-02-11 15:02 285696 ----a-w- c:\program files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
2011-07-13 07:38 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2009-08-31 08:43 132608 ----a-w- c:\program files\Join Air\UIExec.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX4400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\windows\TEMP\E_S70CF.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"PlusService"=c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-11-09 12400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-06-30 9216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-08-18 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-08-18 105088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw;{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw;c:\windows\system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw.sys [2014-09-29 43096]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-02-09 11832]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-08-15 37352]
S1 MpKslff098b82;MpKslff098b82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9309F2D3-CAD2-48ED-AAA5-A51C233068D3}\MpKslff098b82.sys [2014-09-29 39464]
S1 pcwatch;pcwatch service;c:\windows\system32\Drivers\pcwatch.sys [2014-09-01 20480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-15 430160]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-09-17 161016]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 scores;scores;c:\windows\score.exe [2014-09-28 4834816]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-26 1051968]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
S2 Update Krab Web;Update Krab Web;c:\program files\Krab Web\updateKrabWeb.exe [2014-09-29 522016]
S2 Util Krab Web;Util Krab Web;c:\program files\Krab Web\bin\utilKrabWeb.exe [2014-09-29 522016]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
S3 MyOSProtect;MyOSProtect;c:\program files\PCTRunner\MyOSProtect.exe [2014-09-01 1317096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 07:12]
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-07 05:31]
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-07 05:31]
.
2013-09-09 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job
- c:\program files\TuneUp Utilities 2010\OneClick.exe [2010-08-26 12:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49210;https=127.0.0.1:49210
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASzi0BCB3t7v1U20AZk8bbd5-GfgTa-P8xracJ8XMi0TB6MZS-DUjYunuoEqcOM62na8MPpaMAef23YbU-fu_b9HmMaP0P1iSpBGbywl5YeOrxjIKFeWiOOLtmKJI-65oEQ,,&q={searchTerms}
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\users\C. Nagelstübchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\MyOSProtect.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\C. Nagelstübchen\AppData\Roaming\Mozilla\Firefox\Profiles\b5omhoji.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASzi0BCB3t7v1U20AZk8bbd5-GfgTa-P8xracJ8XMi0TB6MZS-DUjYunuoEqcOM62na8AqV310o5upBmeIeRbpjgMWKPqd7oW4iJep1gH7hRvLaG0UYcaTPAFKrFhR1Djtg,,
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASzi0BCB3t7v1U20AZk8bbd5-GfgTa-P8xracJ8XMi0TB6MZS-DUjYunuoEqcOM62na8MPpaMAef23YbU-fu_b9HmMaP0P1iSpBGbywl5YeOrxjIKFeWiOOLtmKJI-65oEQ,,&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-mbot_de_107 - (no file)
SafeBoot-pcwatch.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
"{41564952-412D-5637-00A7-7A786E7484D7}"=hex:51,66,7a,6c,4c,1d,38,12,3c,4a,45,
45,1f,0f,59,13,7f,b1,39,38,6b,2a,c0,c3
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F1AF26F8-1828-4279-ABCE-074EF3235BD7}"=hex:51,66,7a,6c,4c,1d,38,12,96,25,bc,
f5,1a,56,17,07,d4,d8,44,0e,f6,7d,1f,c3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:76,73,e6,50,f3,af,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,58,2c,9f,d1,8d,f8,4c,9a,62,6a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,58,2c,9f,d1,8d,f8,4c,9a,62,6a,\
.
[HKEY_USERS\S-1-5-21-741763006-2606483172-3570834343-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,84,fb,
d9,e0,fa,fc,06,b0,67,8c,d8,49,1a,53,0c
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,22,3b,
55,8e,3c,16,0a,8c,f8,a2,84,03,76,3a,6d
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5036)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-29 22:56:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-09-29 20:56
.
Vor Suchlauf: 14 Verzeichnis(se), 20.050.771.968 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 21.095.317.504 Bytes frei
.
- - End Of File - - 589CE7859F0E32C1F588F5EDD51496DE
A36C5E4F47E84449FF07ED3517B43A31 Danke für deine Hilfe.
ComboFix hat bei der Durchführung gemeckert, es würde noch Avira und Microsoft Security Essentials aktiv sein.
Nachdem ComboFix durchlief, der PC neu startete, war Avira automatisch wieder aktiv.
MfG Claudia |