Hallo liebe Helfer,
leider ist einiges an Arbeit angefallen, weswegen ich nicht eher weitermachen konnte :(
Hier ist der Combolog: Code:
ComboFix 16-04-06.01 - ***** 12.04.2016 23:31:20.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16315.13141 [GMT 2:00]
ausgeführt von:: c:\users\*****\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*****\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((( Dateien erstellt von 2016-03-12 bis 2016-04-12 ))))))))))))))))))))))))))))))
.
.
2016-04-12 21:34 . 2016-04-12 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-08 23:34 . 2016-04-08 23:34 53248 ----a-r- c:\users\*****\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2016-04-08 23:18 . 2016-04-08 23:30 -------- d-----w- c:\program files (x86)\Logitech
2016-04-08 16:04 . 2016-03-28 10:07 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64D83E9C-0248-4393-8FAA-66558615D5E2}\mpengine.dll
2016-04-08 15:12 . 2016-04-08 15:12 -------- d-----w- c:\programdata\Logitech
2016-04-08 15:12 . 2016-04-08 16:53 -------- d-----w- c:\program files (x86)\Common Files\LWS
2016-04-07 17:28 . 2016-04-07 17:28 -------- d-----w- c:\program files\CONEXANT
2016-04-07 17:27 . 2016-04-07 17:27 -------- d-----w- c:\windows\Cnxt
2016-04-07 17:27 . 2016-04-07 17:27 -------- d-----w- c:\programdata\Conexant
2016-03-29 20:28 . 2016-03-29 20:28 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2016-03-29 20:28 . 2016-03-29 20:28 -------- d-----r- c:\users\*****\OneDrive
2016-03-29 20:28 . 2016-03-29 20:28 -------- d-----w- c:\programdata\Microsoft OneDrive
2016-03-29 20:24 . 2016-03-24 21:33 2533152 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-03-29 20:24 . 2016-04-12 15:39 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2016-03-23 01:22 . 2016-03-23 01:22 359968 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-03-23 01:22 . 2016-03-23 01:22 202272 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-03-23 01:22 . 2016-03-23 01:22 16416 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-03-19 18:20 . 2016-03-19 18:20 20640 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOLoaderUI.dll
2016-03-19 18:20 . 2016-03-19 18:20 11416 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOInstallerUI.dll
2016-03-14 22:38 . 2016-03-14 22:38 -------- d-----w- c:\users\*****\AppData\Roaming\KeePass
2016-03-14 16:49 . 2016-03-14 16:49 -------- d-----w- c:\program files (x86)\KeePass Password Safe
2016-03-13 22:14 . 2016-03-13 22:14 -------- d-----w- c:\users\*****\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-08 17:41 . 2015-06-20 12:36 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 17:41 . 2015-06-20 12:36 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-09 23:06 . 2015-06-14 22:01 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-03-07 21:30 . 2016-03-03 19:45 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-19 19:02 . 2016-03-09 17:56 38336 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-19 18:54 . 2016-03-09 17:56 1168896 ----a-w- c:\windows\system32\aeinv.dll
2016-02-19 14:07 . 2016-03-09 17:56 1373184 ----a-w- c:\windows\system32\appraiser.dll
2016-02-17 21:30 . 2016-02-17 21:30 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2016-02-17 21:30 . 2016-02-17 21:30 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2016-02-12 18:52 . 2016-03-09 17:57 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 17:57 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 17:57 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 17:57 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 17:57 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 17:57 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 17:57 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 17:57 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 17:57 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 17:57 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 17:57 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 17:57 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 17:57 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 17:57 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 17:57 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 17:57 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-11 18:56 . 2016-03-09 17:56 5572032 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-02-11 18:56 . 2016-03-09 17:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-02-11 18:56 . 2016-03-09 17:56 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-02-11 18:52 . 2016-03-09 17:56 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-02-11 18:49 . 2016-03-09 17:56 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-02-11 18:49 . 2016-03-09 17:56 243712 ----a-w- c:\windows\system32\wow64.dll
2016-02-11 18:49 . 2016-03-09 17:56 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-02-11 18:49 . 2016-03-09 17:56 215040 ----a-w- c:\windows\system32\winsrv.dll
2016-02-11 18:49 . 2016-03-09 17:56 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-02-11 18:49 . 2016-03-09 17:56 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-02-11 18:49 . 2016-03-09 17:56 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-02-11 18:49 . 2016-03-09 17:56 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-02-11 18:48 . 2016-03-09 17:56 503808 ----a-w- c:\windows\system32\srcore.dll
2016-02-11 18:48 . 2016-03-09 17:56 50176 ----a-w- c:\windows\system32\srclient.dll
2016-02-11 18:48 . 2016-03-09 17:56 28160 ----a-w- c:\windows\system32\secur32.dll
2016-02-11 18:48 . 2016-03-09 17:56 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-11 18:48 . 2016-03-09 17:56 1214464 ----a-w- c:\windows\system32\rpcrt4.dll
2016-02-11 18:47 . 2016-03-09 17:56 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-02-11 18:45 . 2016-03-09 17:56 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-02-11 18:45 . 2016-03-09 17:56 315392 ----a-w- c:\windows\system32\msv1_0.dll
2016-02-11 18:45 . 2016-03-09 17:56 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-02-11 18:45 . 2016-03-09 17:56 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-02-11 18:44 . 2016-03-09 17:56 3994560 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44 . 2016-03-09 17:56 3938240 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-02-11 18:44 . 2016-03-09 17:56 1461248 ----a-w- c:\windows\system32\lsasrv.dll
2016-02-11 18:44 . 2016-03-09 17:56 422400 ----a-w- c:\windows\system32\KernelBase.dll
2016-02-11 18:44 . 2016-03-09 17:56 730112 ----a-w- c:\windows\system32\kerberos.dll
2016-02-11 18:44 . 2016-03-09 17:56 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-02-11 18:42 . 2016-03-09 17:56 43520 ----a-w- c:\windows\system32\csrsrv.dll
2016-02-11 18:42 . 2016-03-09 17:56 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-02-11 18:42 . 2016-03-09 17:56 22016 ----a-w- c:\windows\system32\credssp.dll
2016-02-11 18:41 . 2016-03-09 17:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-02-11 18:41 . 2016-03-09 17:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-date*****e-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-11 18:41 . 2016-03-09 17:56 880128 ----a-w- c:\windows\system32\advapi32.dll
2016-02-11 18:41 . 2016-03-09 17:56 686080 ----a-w- c:\windows\system32\adtschema.dll
2016-02-11 18:41 . 2016-03-09 17:56 1314328 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-02-11 18:38 . 2016-03-09 17:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-02-11 18:38 . 2016-03-09 17:56 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-02-11 18:38 . 2016-03-09 17:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2016-02-11 18:38 . 2016-03-09 17:56 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll
2016-02-11 18:38 . 2016-03-09 17:56 171520 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-02-11 18:38 . 2016-03-09 17:56 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-02-11 18:37 . 2016-03-09 17:56 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2016-02-11 18:37 . 2016-03-09 17:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-02-11 18:37 . 2016-03-09 17:56 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-11 18:35 . 2016-03-09 17:56 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-02-11 18:35 . 2016-03-09 17:56 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-02-11 18:35 . 2016-03-09 17:56 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legi*****e Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-29 20:28 1587912 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-29 20:28 1587912 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-29 20:28 1587912 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-29 20:28 1587912 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-29 20:28 1587912 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-24 21:34 1538856 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-24 21:34 1538856 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-24 21:34 1538856 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Todoist"="c:\users\*****\AppData\Local\Todoist\WindowsDesktopApp\Todoist.exe" [2015-09-29 171080]
"Steam"="f:\programme\Steam\steam.exe" [2016-03-31 3077712]
"Spotify Web Helper"="c:\users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-01-24 2346096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-02-10 50599552]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
"AudioBox VSL"="c:\program files\PreSonus\AudioBox\AudioBox.exe" [2014-07-16 7593984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2016-03-12 25577864]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="d:\creative suite cs6\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="d:\creative suite cs6\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Logitech\Webcam\Ereg\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
Todoist.lnk - c:\users\*****\AppData\Local\Todoist\WindowsDesktopApp\Todoist.exe [2016-2-10 171080]
TweetDeck.lnk - c:\program files (x86)\Twitter\TweetDeck\TweetDeck.exe [2013-11-1 360952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Outlook 2016.lnk - c:\program files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [2016-3-29 25934528]
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2016-3-24 13425904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R1 BDEnhanceBoost;BDEnhanceBoost;c:\windows\system32\drivers\BDEnhanceBoost.sys;c:\windows\SYSNATIVE\drivers\BDEnhanceBoost.sys [x]
R1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
R1 SRepairDrv;SRepairDrv;c:\windows\GJFix\SRepairDrv;c:\windows\GJFix\SRepairDrv [x]
R2 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.892\BaiduHips.exe ;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.892\BaiduHips.exe [x]
R2 BDArKit;BDArKit;c:\windows\system32\DRIVERS\BDArKit.sys;c:\windows\SYSNATIVE\DRIVERS\BDArKit.sys [x]
R2 BDMNetMon;BDMNetMon;c:\windows\system32\DRIVERS\BDMNetMon.sys;c:\windows\SYSNATIVE\DRIVERS\BDMNetMon.sys [x]
R2 BDMRTP;BDMRTP Service;c:\program files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnSvc.exe;c:\program files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnSvc.exe [x]
R2 clr_op*****ization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox-Update-Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 tsnethlpx64;TsNetHlpX64.sys;c:\program files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys;c:\program files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dbupdatem;Dropbox-Update-Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;f:\programme\Origin\OriginClientService.exe;f:\programme\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 paeusbaudio;paeusbaudio;c:\windows\system32\DRIVERS\paeusbaudio_x64.sys;c:\windows\SYSNATIVE\DRIVERS\paeusbaudio_x64.sys [x]
S3 paeusbaudiodsp;paeusbaudiodsp;c:\windows\system32\DRIVERS\paeusbaudiodsp_x64.sys;c:\windows\SYSNATIVE\DRIVERS\paeusbaudiodsp_x64.sys [x]
S3 paeusbaudioks;paeusbaudioks;c:\windows\system32\DRIVERS\paeusbaudioks_x64.sys;c:\windows\SYSNATIVE\DRIVERS\paeusbaudioks_x64.sys [x]
S3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 16:04 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2016-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-20 17:41]
.
2016-04-12 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-11 17:10]
.
2016-04-12 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-11 17:10]
.
2016-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10 20:24]
.
2016-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-29 20:28 1641664 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-29 20:28 1641664 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-29 20:28 1641664 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-29 20:28 1641664 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-29 20:28 1641664 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-25 00:28 2095920 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-25 00:28 2095920 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-25 00:28 2095920 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-05-27 7611608]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-04-11 36352]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Lesezeichen ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Battle.net - f:\programme\Battle.net\Battle.net
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-win_en_77 - c:\program files (x86)\win_en_77\win_en_77.exe
Wow6432Node-HKLM-Run-BaiduAnTray - c:\program files (x86)\Baidu\BaiduAn\4.0.0.8029\BaiduAnTray.exe
Wow6432Node-HKLM-Run-QQPCTray - c:\program files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTRAY.EXE
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
AddRemove-Die Völker - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SRepairDrv]
"ImagePath"="\??\c:\windows\GJFix\SRepairDrv"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1655654349-1022280801-1205856674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1655654349-1022280801-1205856674-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.15"
.
[HKEY_USERS\S-1-5-21-1655654349-1022280801-1205856674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1655654349-1022280801-1205856674-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:eb,f2,46,ce,75,be,98,94,c3,dc,96,11,5a,a1,4a,52,a0,37,0e,09,50,
bc,0f,4c,08,dc,8a,0e,19,91,b3,37,d4,ca,27,d5,ae,2c,47,08,c5,26,32,3c,8a,90,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:eb,f2,46,ce,75,be,98,94,c3,dc,96,11,5a,a1,4a,52,a0,37,0e,09,50,
bc,0f,4c,08,dc,8a,0e,19,91,b3,37,d4,ca,27,d5,ae,2c,47,08,c5,26,32,3c,8a,90,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\program files (x86)\ControlCenter4\BrCcUxSys.exe
f:\programme\Steam\bin\steamwebhelper.exe
f:\programme\Battle.net\Battle.net.7100\Battle.net.exe
f:\programme\Battle.net\Battle.net.7100\Battle.net Helper.exe
c:\programdata\Battle.net\Agent\Agent.4869\Agent.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
f:\programme\Battle.net\Battle.net.7100\Battle.net Helper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2016-04-12 23:36:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2016-04-12 21:36
.
Vor Suchlauf: 12 Verzeichnis(se), 119.428.734.976 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 123.199.954.944 Bytes frei
.
- - End Of File - - 2E4BDEA43AD67479FDC97B5A499F3F96
A36C5E4F47E84449FF07ED3517B43A31
|
SecurityCheck und:
WARNUNG an die MITLESER: 