| juatandi | 16.02.2013 23:41 |
Och, meine Datei war schon richtig, ich habe sie noch einmal verglichen...
Habs denoch noch einmal laufen lassen und deine Datei genommen - hier das ERgebnis: Code:
ComboFix 13-02-13.02 - Geschäft 16.02.2013 23:27:58.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8189.5870 [GMT 1:00]
ausgeführt von:: c:\users\Geschäft\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Geschäft\Desktop\CFScript.txt.txt
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\pss\runctf.lnk.Startup"
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-16 bis 2013-02-16 ))))))))))))))))))))))))))))))
.
.
2013-02-16 22:35 . 2013-02-16 22:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-16 22:35 . 2013-02-16 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-15 14:41 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D2C497E-1F04-4315-A387-1F5338822082}\mpengine.dll
2013-02-13 13:56 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 13:56 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 13:53 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 13:53 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 18:39 . 2013-02-12 18:39 -------- d-----w- c:\windows\en
2013-02-12 18:38 . 2013-02-12 18:38 -------- d-----w- c:\windows\de
2013-02-12 18:35 . 2013-02-12 18:35 -------- d-----w- c:\program files\Windows Live
2013-02-12 18:34 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-02-12 18:34 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-02-12 18:34 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-02-12 18:34 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-02-12 18:34 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-12 18:34 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-02-12 18:34 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-02-12 18:34 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-02-12 18:34 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-02-12 18:34 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-02-12 18:33 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-02-12 18:33 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-02-12 18:33 . 2013-02-12 18:33 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6f6be1421ce094f04\DXSETUP.exe
2013-02-12 18:33 . 2013-02-12 18:33 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6f6be1421ce094f04\dsetup32.dll
2013-02-12 18:33 . 2013-02-12 18:33 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6f6be1421ce094f04\DSETUP.dll
2013-02-12 18:33 . 2013-02-12 18:33 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\696eeb121ce094f01\DSETUP.dll
2013-02-12 18:33 . 2013-02-12 18:33 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\696eeb121ce094f01\DXSETUP.exe
2013-02-12 18:33 . 2013-02-12 18:33 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\696eeb121ce094f01\dsetup32.dll
2013-02-12 18:31 . 2013-02-12 18:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\389110d61ce094f02\DSETUP.dll
2013-02-12 18:31 . 2013-02-12 18:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\389110d61ce094f02\DXSETUP.exe
2013-02-12 18:31 . 2013-02-12 18:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\389110d61ce094f02\dsetup32.dll
2013-02-12 18:30 . 2013-02-12 18:30 -------- d-----w- c:\program files (x86)\FileHippo.com
2013-02-12 17:54 . 2013-02-12 17:56 -------- d-----w- c:\users\Standard
2013-02-12 17:46 . 2013-02-12 17:46 -------- d-----w- c:\users\Geschäft\AppData\Local\Macromedia
2013-02-12 17:34 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-02-12 17:34 . 2013-02-12 17:34 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-02-12 17:34 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-02-12 17:34 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-12 17:34 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-02-12 17:31 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-12 17:31 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-12 17:31 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-12 17:31 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-12 17:31 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-12 17:31 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-12 17:31 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-12 17:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-12 17:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-12 17:23 . 2013-02-12 17:23 -------- d-----w- c:\users\Geschäft\AppData\Local\Secunia PSI
2013-02-12 17:23 . 2013-02-12 17:23 -------- d-----w- c:\program files (x86)\Secunia
2013-02-12 15:18 . 2013-02-12 15:19 -------- d-----w- c:\users\Geschäft\AppData\Local\{A88BC2B0-6F7A-4968-88CA-B1BFE52F7131}
2013-02-11 10:01 . 2013-02-11 10:01 -------- d-----w- c:\users\Geschäft\AppData\Local\{00CF2887-4693-451A-A10B-2CB3B1743947}
2013-02-10 18:23 . 2013-02-10 18:23 -------- d-----w- c:\windows\ERUNT
2013-02-10 18:23 . 2013-02-11 10:10 -------- d-----w- C:\JRT
2013-02-10 10:36 . 2013-02-10 10:37 -------- d-----w- c:\users\Geschäft\AppData\Local\{7C8FD56C-6633-4783-B7E7-A35AAF4C4F45}
2013-02-09 15:59 . 2013-02-09 15:59 -------- d-----w- c:\users\Geschäft\AppData\Local\{4F507A2D-AF31-4CFA-814D-B196611C82EE}
2013-02-09 10:59 . 2013-02-09 10:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-09 10:58 . 2013-02-09 10:58 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-09 10:58 . 2013-02-09 10:58 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-09 10:58 . 2013-02-09 10:58 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-09 10:58 . 2013-02-09 10:58 -------- d-----w- c:\program files (x86)\Java
2013-02-08 21:36 . 2013-02-08 21:36 -------- d-----w- c:\users\Geschäft\AppData\Local\{B5FB406F-6EFD-4F09-8E5F-45641CFAA3D8}
2013-02-08 09:35 . 2013-02-08 09:36 -------- d-----w- c:\users\Geschäft\AppData\Local\{51BF1668-2ABC-43E5-B830-F50A38B9A68E}
2013-02-07 18:10 . 2013-02-07 18:11 -------- d-----w- c:\users\Geschäft\AppData\Local\{339A6E8F-3B9E-4CCD-9105-EB762E0A3B4E}
2013-02-06 21:43 . 2013-02-06 21:43 -------- d-----w- c:\users\Geschäft\AppData\Local\{171CA74C-C5DE-4E68-91B8-CC29D0CBC447}
2013-02-06 09:27 . 2013-02-06 09:27 -------- d-----w- c:\users\Geschäft\AppData\Local\{6BA7239A-9413-4293-8E6E-B0C86357C326}
2013-02-05 21:22 . 2013-02-05 21:22 -------- d-----w- c:\users\Geschäft\AppData\Local\{ECEDFA12-27A1-41F9-A665-47EBDE9A1D8F}
2013-02-04 22:54 . 2013-02-04 22:55 -------- d-----w- c:\users\Geschäft\AppData\Local\{D884BA10-6A64-4EBF-8C83-C87BC64898D0}
2013-02-04 10:40 . 2013-02-04 10:40 -------- d-----w- c:\users\Geschäft\AppData\Local\{4D8512B9-747B-4D8B-BA81-28AFF8317830}
2013-02-03 23:33 . 2013-02-03 23:33 -------- d-----w- c:\users\Geschäft\AppData\Roaming\Malwarebytes
2013-02-03 23:33 . 2013-02-03 23:33 -------- d-----w- c:\programdata\Malwarebytes
2013-02-03 23:33 . 2013-02-03 23:33 -------- d-----w- c:\users\Geschäft\AppData\Local\Programs
2013-02-03 09:52 . 2013-02-03 09:52 -------- d-----w- c:\users\Geschäft\AppData\Local\{0A5A1C98-7C19-4431-B37D-47FD8BCA6E93}
2013-02-02 18:05 . 2013-02-02 18:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-02 18:05 . 2013-02-02 18:05 -------- d-----r- c:\program files (x86)\Skype
2013-02-02 08:54 . 2013-02-02 08:55 -------- d-----w- c:\users\Geschäft\AppData\Local\{FADACF9A-79EE-48EF-A897-A92923FF3825}
2013-02-01 13:44 . 2013-02-01 13:44 -------- d-----w- c:\users\Geschäft\AppData\Local\{4144D4F2-EB83-4F0F-B041-87B6B9160A7E}
2013-01-31 16:14 . 2013-01-31 16:14 -------- d-----w- c:\users\Geschäft\AppData\Local\{82B2F28E-30E5-4122-A95B-0FE311A0A662}
2013-01-30 16:09 . 2013-01-30 16:09 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2013-01-30 14:15 . 2013-01-30 14:15 -------- d-----w- c:\users\Geschäft\AppData\Local\{4E10F33D-91C6-4737-BE9D-2B1A5DEAED63}
2013-01-29 13:59 . 2013-01-29 13:59 -------- d-----w- c:\users\Geschäft\AppData\Local\{4A475983-D59C-44F6-AB23-0E986EFFCBA1}
2013-01-28 14:26 . 2013-01-28 14:26 -------- d-----w- c:\users\Geschäft\AppData\Local\{2FDF62D3-2A54-4526-83F7-049A5F5585D7}
2013-01-27 10:05 . 2013-01-27 10:05 -------- d-----w- c:\users\Geschäft\AppData\Local\{BB3F8CAE-3BC5-45BC-A701-A684C552E12B}
2013-01-26 20:39 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-26 20:31 . 2013-01-26 20:32 -------- d-----w- c:\users\Geschäft\AppData\Local\{5A8EBA0F-9E99-45D7-9BBD-00641D0C831E}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-16 22:19 . 2012-06-09 19:57 25640 ----a-w- c:\windows\gdrv.sys
2013-02-13 13:58 . 2012-06-12 20:32 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-13 13:50 . 2012-06-09 20:24 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 13:50 . 2012-06-09 20:24 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-29 13:56 . 2012-06-09 21:41 62368 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2013-01-28 17:47 . 2012-06-09 21:41 64416 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2013-01-28 17:47 . 2012-06-09 21:41 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2013-01-28 17:47 . 2012-06-09 21:41 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2013-01-28 17:47 . 2012-06-09 21:41 65008 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2013-01-17 00:28 . 2012-06-09 19:55 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 13:35 . 2012-06-09 22:11 11240 ----a-w- c:\windows\SysWow64\GdScrSv.de.dll
2013-01-05 10:22 . 2013-01-05 10:22 50800 ----a-w- c:\windows\system32\drivers\point64.sys
2013-01-05 10:22 . 2013-01-05 10:22 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2013-01-04 04:43 . 2013-02-13 13:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-23 22:56 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 22:56 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 22:56 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 22:56 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 22:14 . 2012-12-09 22:14 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-09 22:14 . 2012-12-09 22:14 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-03-28 08:14 . 2012-07-02 16:45 1456640 ----a-w- c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-10 39408]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-10 30528]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-06-21 13728]
R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2009-12-17 45600]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-02 176128]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-06-21 68512]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-05-22 15736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-28 54176]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-28 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-28 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-06-09 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-28 64416]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-08-02 8786848]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-08-02 565152]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-29 62368]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-09 16032]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-09 50208]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 13:50]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 11:49]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 11:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.afterwork-wellness.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Geschäft\AppData\Roaming\Mozilla\Firefox\Profiles\ziyof0n5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.afterwork-wellness.info/|hxxp://www.babybauchfoto.com/|hxxp://www.fotoinside.info/|hxxp://www.fotografie-emotion.de/|hxxp://www.unser-licht.info/
FF - ExtSQL: 2013-02-12 19:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Geschäft\AppData\Roaming\Mozilla\Firefox\Profiles\ziyof0n5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-12 20:03; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Geschäft\AppData\Roaming\Mozilla\Firefox\Profiles\ziyof0n5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-02-12 20:03; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Geschäft\AppData\Roaming\Mozilla\Firefox\Profiles\ziyof0n5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files (x86)\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1571012534-911800545-3409040398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1571012534-911800545-3409040398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-16 23:37:10
ComboFix-quarantined-files.txt 2013-02-16 22:37
ComboFix2.txt 2013-02-14 15:45
.
Vor Suchlauf: 15 Verzeichnis(se), 510.641.676.288 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 510.590.631.936 Bytes frei
.
- - End Of File - - E33BB66307F1EECBD1926AC42526F4C8
...und hej... - runctf ist aus dem Autostart raus :-)
Vielen dank für alles and ich hoffe, ich brauche euch nicht so schnell erneut
Beste Grüße
Andi :daumenhoc |
WARNUNG für die MITLESER: 