Hallo Cosinus,
Hier die Logdatei von Combofix: Code:
ComboFix 12-07-08.01 - Dennis 08.07.2012 20:04:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4079.2790 [GMT 2:00]
ausgeführt von:: c:\users\Dennis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1334172836.bdinstall.bin
c:\programdata\1334350528.bdinstall.bin
c:\programdata\1334350902.bdinstall.bin
c:\programdata\1334603970.bdinstall.bin
c:\programdata\1334604114.bdinstall.bin
c:\programdata\1334604331.bdinstall.bin
c:\programdata\1336494868.bdinstall.bin
c:\programdata\1336495148.bdinstall.bin
c:\programdata\1341348368.bdinstall.bin
c:\programdata\ntuser.dat
c:\users\Dennis\ace_uninstaller.exe
c:\users\Dennis\AppData\Local\assembly\tmp
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\settings.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-08 bis 2012-07-08 ))))))))))))))))))))))))))))))
.
.
2012-07-07 20:50 . 2012-07-08 10:20 -------- d-----w- c:\users\Dennis\AppData\Local\PMB Files
2012-07-07 20:50 . 2012-07-08 10:20 -------- d-----w- c:\programdata\PMB Files
2012-07-06 11:01 . 2012-07-06 11:01 -------- d-----w- C:\_OTL
2012-07-05 11:05 . 2012-07-05 11:05 -------- d-----w- c:\program files\HashTab Shell Extension
2012-07-03 20:55 . 2012-07-03 20:55 -------- d-----w- c:\users\Dennis\AppData\Local\Google
2012-07-03 20:55 . 2012-07-03 20:55 -------- d-----w- c:\program files (x86)\Google
2012-07-03 20:55 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 20:55 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 20:55 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 20:55 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 20:55 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 20:55 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 20:55 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 20:54 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 20:54 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 20:54 . 2012-07-03 20:54 -------- d-----w- c:\programdata\AVAST Software
2012-07-03 20:54 . 2012-07-03 20:54 -------- d-----w- c:\program files\AVAST Software
2012-07-02 14:27 . 2012-07-02 14:27 -------- d-----w- c:\program files\Alex Feinman
2012-07-02 14:17 . 2012-07-02 14:17 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2012-07-02 14:17 . 2012-07-02 14:17 -------- d-----w- c:\program files (x86)\UltraISO
2012-06-30 18:20 . 2012-06-30 18:20 -------- d-----w- c:\programdata\Apple Computer
2012-06-30 18:20 . 2010-03-17 20:53 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-06-30 18:20 . 2010-03-17 20:53 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-06-30 18:20 . 2010-03-17 20:53 180224 ----a-w- c:\windows\SysWow64\QTCF.dll
2012-06-30 18:20 . 2012-06-30 18:21 -------- d-----w- c:\program files (x86)\QuickTime Alternative
2012-06-26 10:42 . 2012-06-26 10:42 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-06-26 10:42 . 2012-06-26 10:42 -------- d-----w- c:\program files\Java
2012-06-26 09:07 . 2012-06-26 09:08 -------- d-----w- c:\users\Dennis\AppData\Roaming\.minecraft
2012-06-25 00:52 . 2012-06-25 00:52 119808 ----a-r- c:\users\Dennis\AppData\Roaming\Microsoft\Installer\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}\icons.exe
2012-06-25 00:52 . 2012-06-25 00:52 -------- d-----w- c:\users\Dennis\AppData\Local\Apps
2012-06-21 12:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 12:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 12:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 12:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 12:46 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 12:46 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 12:46 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 12:46 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 12:46 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 22:16 . 2012-06-20 22:16 -------- d-----w- c:\users\Dennis\AppData\Local\Futuremark_Corporation
2012-06-20 21:51 . 2012-06-20 21:51 -------- d-----w- c:\users\Dennis\AppData\Local\IsolatedStorage
2012-06-20 21:50 . 2012-06-20 21:50 -------- d-----w- c:\program files\Futuremark
2012-06-20 06:10 . 2012-06-20 06:10 668330 ----a-w- C:\Gpedit.reg
2012-06-20 05:51 . 2009-07-14 01:41 312320 ----a-w- c:\windows\system32\SrpUxNativeSnapIn.dll
2012-06-20 05:51 . 2010-11-20 13:27 568832 ----a-w- c:\windows\system32\scrptadm.dll
2012-06-20 05:49 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\ppcsnap.dll
2012-06-20 05:49 . 2010-11-20 12:35 1851392 ----a-w- c:\windows\system32\Microsoft.GroupPolicy.Reporting.dll
2012-06-20 05:48 . 2010-11-20 13:44 151040 ----a-w- c:\windows\system32\Microsoft.GroupPolicy.Interop.dll
2012-06-20 05:47 . 2010-11-20 13:44 196096 ----a-w- c:\windows\system32\Microsoft.GroupPolicy.AdmTmplEditor.dll
2012-06-20 05:46 . 2010-11-20 13:25 479232 ----a-w- c:\windows\system32\appmgr.dll
2012-06-20 05:46 . 2009-07-14 01:40 193536 ----a-w- c:\windows\system32\appmgmts.dll
2012-06-20 05:45 . 2009-07-14 01:40 220672 ----a-w- c:\windows\system32\AuditNativeSnapIn.dll
2012-06-20 05:44 . 2010-11-20 13:25 577024 ----a-w- c:\windows\system32\AdmTmpl.dll
2012-06-17 17:41 . 2012-06-17 17:41 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-15 15:59 . 2012-06-15 15:59 -------- d-----w- c:\program files (x86)\Sapphire TRIXX
2012-06-14 20:06 . 2012-05-22 12:26 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-14 20:06 . 2012-05-22 12:26 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-14 20:06 . 2012-06-14 20:06 -------- d-----w- c:\program files\Oracle
2012-06-14 18:16 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 18:16 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 18:16 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 18:15 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 18:15 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 18:15 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:29 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:29 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:29 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:29 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:29 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:28 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:28 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:28 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:28 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:28 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:28 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 16:31 . 2012-06-13 16:31 -------- d-----w- C:\Temp
2012-06-13 16:29 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-13 16:29 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-11 15:35 . 2012-06-11 15:35 -------- d-----w- c:\program files\OO Software
2012-06-11 15:17 . 2012-06-11 15:17 -------- d-----w- c:\users\Dennis\AppData\Local\fontconfig
2012-06-11 15:17 . 2012-06-11 15:26 -------- d-----w- c:\users\Dennis\.gimp-2.8
2012-06-11 15:17 . 2012-06-11 15:17 -------- d-----w- c:\users\Dennis\AppData\Local\gegl-0.2
2012-06-11 15:16 . 2012-06-11 15:16 -------- d-----w- c:\program files\GIMP 2
2012-06-11 15:00 . 2012-06-11 15:00 -------- d-----w- c:\users\Dennis\AppData\Local\Macromedia
2012-06-11 05:42 . 2012-06-11 05:42 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-11 05:42 . 2012-06-11 05:42 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 10:42 . 2012-04-21 01:37 902120 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-26 10:42 . 2012-04-21 01:37 1020392 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-17 17:41 . 2012-04-17 21:31 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-11 05:42 . 2012-04-17 18:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-11 05:42 . 2012-04-17 18:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-05-20 11:42 . 2012-04-11 21:18 1725440 ----a-w- c:\windows\AutoKMS.exe
2012-04-28 10:44 . 2012-04-28 10:44 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-16 06:06 . 2012-04-13 18:02 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-15 17:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-15 17:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-13 15:15 . 2012-04-13 15:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-13 15:15 . 2012-04-13 15:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-13 15:15 . 2012-04-13 15:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-13 15:15 . 2012-04-13 15:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-13 15:15 . 2012-04-13 15:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-13 15:15 . 2012-04-13 15:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-13 15:15 . 2012-04-13 15:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-13 15:15 . 2012-04-13 15:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-13 15:15 . 2012-04-13 15:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-13 15:15 . 2012-04-13 15:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-13 15:15 . 2012-04-13 15:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-13 15:15 . 2012-04-13 15:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-13 15:15 . 2012-04-13 15:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-13 15:15 . 2012-04-13 15:15 448512 ----a-w- c:\windows\system32\html.iec
2012-04-13 15:15 . 2012-04-13 15:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-13 15:15 . 2012-04-13 15:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-13 15:15 . 2012-04-13 15:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-13 15:15 . 2012-04-13 15:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-13 15:15 . 2012-04-13 15:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-13 15:15 . 2012-04-13 15:15 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-13 15:15 . 2012-04-13 15:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-13 15:15 . 2012-04-13 15:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-13 15:15 . 2012-04-13 15:15 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-13 15:15 . 2012-04-13 15:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-13 15:15 . 2012-04-13 15:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-13 15:15 . 2012-04-13 15:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-13 15:15 . 2012-04-13 15:15 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-13 15:15 . 2012-04-13 15:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-13 15:15 . 2012-04-13 15:15 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-13 15:15 . 2012-04-13 15:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-13 15:15 . 2012-04-13 15:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-13 15:15 . 2012-04-13 15:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-11 18:37 . 2012-04-11 18:37 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-7-2 513536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-13 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-04-11 15936]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-28 283200]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 05:42]
.
2012-04-23 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-04-11 11:42]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 20:55]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21 192.168.0.1
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\mehxmo83.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2461678 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ad,8a,0a,d3,5e,58,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,59,a1,1a,05,93,b3,4f,9e,0b,15,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,59,a1,1a,05,93,b3,4f,9e,0b,15,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="0B619F7BCFD830969C1794FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B9808A9C6AECB7A5D1407AEBEE588D1CB4FBC745EF74FA5F686080DCE01F4DA12F80144F6FC986E966F45658E73798D3FF37CAD4717AE6FF892160FFC2BEA82D7E997CBF83B5767A40D7CD3C3A5764378B4247A07711B5463BA517F807C71E429F0355D866A90840FBC9072167728142E0C63F2FB89AFA4E4102A2F819C31A2D0D3A9A62E789F50551952EC21BC3B98B9892BDDEBB48A24D236D1A48C865DC8BA6C0A0CE623664920505724E017635B1D50B1BBFC1D4E0AA366411C9208275F77A72DA40BFE49E0B7A3F72E3A01D4DBF817F1BA3ABEA184F46BB38167C446DDBC06B03DD574307C0A6A52D1F046498C152BA84393ECAF3105A6A67AC3B477B2629EF3536A3D09F7A80FC68BB189FED45CE9D86D5DCDA5A5B88CDE5AC3207ABD66191B1DCDEBC29FCA107B8D0A3D378E5E47C807CC5A386918A4622EE7A6915369330EFE69E1533649FE59B9EAACB70BCBCA82127EE01DF7CD0CFC33953C05BDB0BD7A170958B2F0A2818C2CAD72CA0B7D0FD44371818E432BF13DDB9326A13AA31FCD34605ADD7B7854872E0BFEBCC66DC350058A354C2C239AF6500F01367850CF3FD904C855F290C2FDC1A19960E9BBABCB730FC2970ECDDF41E819B9959EE75EC33FEC551EE9D5316A9B73D80A12299EE1612C4838B267ACF635249298C53E6A1B4FF88A41645414092467AB14521F88F0556FB9F75A5002B6F78B25997ACDA8C2AA69C1C95E3FF7DBF547D05D33A6E71A854EDB26BA0BF2E4A7895AF93D31E400A4E4AB4A46EC792765425D462E6F5044629FC694F9BF2928EDBDF09C842CFAD944F14BD57C554B74736B3A3433CCE79A0C9D6A1BB43C606CAA2FFBE838A1DB1DC6007A06D798B312DA3725912535EA0959E787947BEDE85EEEC462CA351B8D5B986163F623768D0F0701AD4BDA422942D20334DD52EAA7F3034B5FB14D45A8665FC885C99A57C642180839D41FB4853D35D55A5BAFE913E25FF2009145EF5A5873D036A3F142E04364EC01A0B0EEF63473AB377202C5B9A5B4CFA9E15692E50CDD781CAB4FE772F0F238112BC3F708A4B2345C0FA7803AFD635A909EAD459DA1DF1FB30F4A98A6EA80D2CA717EF959514C83B01FF4BCC9EB846F41C56BC3ECFD6D8A4B0073CABB97FD8AE1F4FCC59DBFCE8E6D15B143B0B85F50985D256F50C9ABE48730CB1803208F93DFBA4D4B9CBA7AB2A0671BFEC9EEF41F4C6C63CCD9EFF83BE1DBC93EE2700E03A1CCF123B1D0C4AE2B11DF00875EF7E5607DA406AD21E2FEA23D579FD6BA0554D7B862884A525727439125FA6C19CC11B12158E705D02E056C94D1C16B7337E487910B"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-08 20:14:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-08 18:14
.
Vor Suchlauf: 10 Verzeichnis(se), 40.148.377.600 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 40.077.242.368 Bytes frei
.
- - End Of File - - B6E3A20ADDB0186A72508C62D0323308
Mfg,
Darth |
