Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 20.06.17
Scan-Zeit: 19:58
Protokolldatei: Mamlog 20.6.17.txt
Administrator: Ja
-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.141
Version des Aktualisierungspakets: 1.0.2193
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Petra-PC\Petra
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 325352
Erkannte Bedrohungen: 17
In die Quarantäne verschobene Bedrohungen: 17
Abgelaufene Zeit: 31 Min., 30 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 7
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [3431], [168092],1.0.2193
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [3431], [168097],1.0.2193
PUP.Optional.SysTweak, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F927C591-371C-198E-4749-14DA78ABE9B4}, In Quarantäne, [259], [338870],1.0.2193
PUP.Optional.SysTweak, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F927C591-371C-198E-4749-14DA78ABE9B4}, In Quarantäne, [259], [338870],1.0.2193
PUP.Optional.Gameo, HKU\S-1-5-21-3044843266-4113540890-2975666671-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\1444812f_0, In Quarantäne, [7054], [185308],1.0.2193
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDBAEB84-0583-4896-BFC1-0370493D587F}, In Quarantäne, [829], [183964],1.0.2193
PUP.Optional.SmartBar, HKLM\SOFTWARE\CLASSES\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, [1615], [189776],1.0.2193
Registrierungswert: 4
PUP.Optional.Gameo, HKU\S-1-5-21-3044843266-4113540890-2975666671-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\1444812f_0|, In Quarantäne, [7054], [185308],1.0.2193
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, In Quarantäne, [7961], [232752],1.0.2193
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDBAEB84-0583-4896-BFC1-0370493D587F}|PATH, In Quarantäne, [829], [183964],1.0.2193
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, [1615], [189776],1.0.2193
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 2
Rogue.Multiple, C:\PROGRAMDATA\374311380, In Quarantäne, [4143], [170100],1.0.2193
PUP.Optional.AdPeak, C:\PROGRAM FILES (X86)\CB78F643-3729-434F-8C25-F28D15F025F3, In Quarantäne, [824], [175360],1.0.2193
Datei: 4
PUP.Optional.AdPeak, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\libeay32.dll, In Quarantäne, [824], [175360],1.0.2193
PUP.Optional.AdPeak, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\nfapi.dll, In Quarantäne, [824], [175360],1.0.2193
PUP.Optional.AdPeak, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\ProtocolFilters.dll, In Quarantäne, [824], [175360],1.0.2193
PUP.Optional.AdPeak, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\ssleay32.dll, In Quarantäne, [824], [175360],1.0.2193
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
-----------------------------------------------------------------
AdwCleaner Logfile:
Code:
# AdwCleaner v6.047 - Bericht erstellt am 23/06/2017 um 08:49:56
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-06-22.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Administrator_2 - PETRA-PC
# Gestartet von : C:\Users\Petra\Downloads\adwcleaner_6.047.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
\AdwCleaner\AdwCleaner[C0].txt - [29423 Bytes] - [20/06/2017 19:36:35]
\AdwCleaner\AdwCleaner[C2].txt - [1857 Bytes] - [22/06/2017 10:22:59]
\AdwCleaner\AdwCleaner[S0].txt - [32108 Bytes] - [20/06/2017 19:32:23]
\AdwCleaner\AdwCleaner[S1].txt - [1509 Bytes] - [20/06/2017 19:53:23]
\AdwCleaner\AdwCleaner[S2].txt - [2066 Bytes] - [22/06/2017 10:22:07]
\AdwCleaner\AdwCleaner[S3].txt - [1724 Bytes] - [22/06/2017 18:26:51]
\AdwCleaner\AdwCleaner[S4].txt - [1648 Bytes] - [23/06/2017 08:49:56]
########## EOF - \AdwCleaner\AdwCleaner[S4].txt - [1719 Bytes] ##########
--- --- ---
13:49:35 # product=EOS
# version=8
# flags=0
# Eset Onlinescanner_enu.exe=2.0.17.0
# EOSSerial=bf8bd441e9170a4b988d42093ad427e7
# end=init
# utc_time=2017-06-24 11:49:34
# local_time=2017-06-24 13:49:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
MSC schreibt wohl keine Log ????
------------------------------------
Combofix Logfile:
Code:
ComboFix 17-05-16.14 - Petra 21.06.2017 18:58:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7788.5470 [GMT 2:00]
ausgeführt von:: c:\users\Petra\Downloads\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Petra\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2017-05-21 bis 2017-06-21 ))))))))))))))))))))))))))))))
.
.
2017-06-21 17:09 . 2017-06-21 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-06-21 16:57 . 2017-06-21 16:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2906FAE8-9074-4D69-8284-5E9189CA5CF7}\offreg.1868.dll
2017-06-21 16:45 . 2017-06-21 16:45 -------- d-----w- c:\program files\WEB.DE MailCheck
2017-06-21 16:45 . 2017-06-21 16:45 -------- d-----w- c:\program files (x86)\WEB.DE MailCheck
2017-06-21 15:47 . 2017-06-08 23:38 884456 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2017-06-21 15:47 . 2017-06-08 19:21 68552 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2017-06-21 15:47 . 2017-06-08 19:21 51486152 ----a-w- c:\program files (x86)\Mozilla Firefox\xul.dll
2017-06-21 15:47 . 2017-06-08 18:10 83784 ----a-w- c:\program files (x86)\Mozilla Firefox\vcruntime140.dll
2017-06-21 15:47 . 2017-06-08 19:20 323528 ----a-w- c:\program files (x86)\Mozilla Firefox\updater.exe
2017-06-21 15:47 . 2017-06-08 18:10 917184 ----a-w- c:\program files (x86)\Mozilla Firefox\ucrtbase.dll
2017-06-21 15:47 . 2017-06-08 19:20 146888 ----a-w- c:\program files (x86)\Mozilla Firefox\softokn3.dll
2017-06-21 15:47 . 2017-06-08 19:20 17352 ----a-w- c:\program files (x86)\Mozilla Firefox\qipcap.dll
2017-06-21 15:43 . 2017-06-08 19:20 26568 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2017-06-21 15:06 . 2017-01-18 15:36 20832 ----a-w- c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-06-21 15:05 . 2017-04-17 15:37 876544 ----a-w- c:\windows\system32\oleaut32.dll
2017-06-21 15:01 . 2016-06-26 00:27 344576 ----a-w- c:\windows\system32\ntprint.dll
2017-06-21 15:01 . 2016-06-26 00:27 166400 ----a-w- c:\windows\system32\inetpp.dll
2017-06-21 15:01 . 2016-06-25 19:53 297472 ----a-w- c:\windows\SysWow64\ntprint.dll
2017-06-21 15:01 . 2016-06-26 00:27 22528 ----a-w- c:\windows\system32\inetppui.dll
2017-06-21 15:01 . 2016-06-25 19:53 48640 ----a-w- c:\windows\system32\wpnpinst.exe
2017-06-21 15:01 . 2016-06-25 19:53 61952 ----a-w- c:\windows\system32\ntprint.exe
2017-06-21 15:01 . 2016-06-25 19:41 61952 ----a-w- c:\windows\SysWow64\ntprint.exe
2017-06-21 12:21 . 2017-06-21 12:21 1078240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35FAC18B-98CB-490A-8704-6750160CC653}\gapaengine.dll
2017-06-21 12:21 . 2017-06-21 12:20 13020000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D391CFC3-2AC7-4BA2-8420-9E6ADF41FAEF}\mpengine.dll
2017-06-21 11:47 . 2017-06-21 11:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2017-06-21 11:47 . 2017-06-21 11:48 -------- d-----w- c:\program files\Microsoft Security Client
2017-06-21 10:50 . 2017-06-21 10:51 -------- d-----w- C:\AULOGS
2017-06-21 10:38 . 2017-06-21 10:38 -------- d-----w- c:\windows\MATS
2017-06-21 10:38 . 2017-06-21 10:38 -------- d-----w- c:\program files\Microsoft Fix it Center
2017-06-20 18:18 . 2017-06-20 18:18 -------- d-----w- c:\users\Petra\AppData\Local\ESET
2017-06-20 17:53 . 2017-06-21 16:46 188312 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-06-20 17:53 . 2017-06-21 16:46 113592 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-06-20 17:53 . 2017-06-21 16:46 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-06-20 17:52 . 2017-06-21 16:46 44960 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-06-20 17:51 . 2017-06-21 16:46 252832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-20 17:51 . 2017-05-25 09:58 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-06-20 17:50 . 2017-06-20 17:50 -------- d-----w- c:\programdata\Malwarebytes
2017-06-20 17:50 . 2017-06-20 17:50 -------- d-----w- c:\program files\Malwarebytes
2017-06-20 17:28 . 2017-06-20 17:53 -------- d-----w- C:\AdwCleaner
2017-06-20 13:02 . 2017-06-20 13:23 -------- d-----w- c:\users\Petra\2017-06-20
2017-05-27 19:19 . 2017-05-27 19:19 -------- d-----w- c:\users\Petra\AppData\Local\1&1 Mail & Media GmbH
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-21 11:25 . 2012-04-13 18:00 133627792 -c--a-w- c:\windows\system32\MRT.exe
2017-06-16 17:42 . 2016-12-03 14:24 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-06-16 17:42 . 2016-12-03 14:24 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-05-30 20:45 . 2015-05-31 08:37 565416 ------w- c:\windows\system32\MpSigStub.exe
2017-05-12 18:03 . 2017-06-21 15:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-04-26 14:54 . 2012-05-21 11:10 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2017-04-26 14:54 . 2012-05-21 11:09 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-01-25 3058304]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2017-04-10 2834664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx.Sys;c:\program files (x86)\FreeRide Games\X5XSEx.Sys [x]
R3 cpuz134;cpuz134;c:\users\Petra\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Petra\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WEBDE_MailCheck_Update;WEB.DE MailCheck Aktualisierungsdienst;c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Update.exe;c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Update.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*Deregistered* - avdevprot
*Deregistered* - avipbb
*Deregistered* - avnetflt
*Deregistered* - ESProtectionDriver
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.web.de/tb/ie_startpage
uDefault_Search_URL = https://search.avira.net/#web/result?source=art&q=
mDefault_Search_URL = https://search.avira.net/#web/result?source=art&q=
mDefault_Page_URL = https://search.avira.net/#web/result?source=art&q=
mStart Page = https://search.avira.net/#web/result?source=art&q=
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://search.avira.net/#web/result?source=art&q=
uSearchAssistant =
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 192.168.178.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\b9eue635.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/?gws_rd=ssl
FF - ExtSQL: !HIDDEN! 2013-12-10 14:47; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF - ExtSQL: !HIDDEN! 2013-12-10 15:13; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF - ExtSQL: !HIDDEN! 2013-12-10 17:57; ffxtlbra@softonic.com; c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\b9eue635.default\extensions\ffxtlbra@softonic.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2017-06-21 19:15:01
ComboFix-quarantined-files.txt 2017-06-21 17:15
.
Vor Suchlauf: 13 Verzeichnis(se), 149.358.964.736 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 149.008.998.400 Bytes frei
.
- - End Of File - - A5358A611FC0FDD6A83201C80D954588
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31