Eaterjoe | 25.07.2013 19:03 | naja, wie läuft der rechner? subjektives gefühl: nach dem starten etwas schneller. kann aber auch eher Wunschtraum sein...
nach dem combofix wollte ich den IE starten, aber ich wurde informiert, dass irgend ein registrywert zur Löschung markiert sei. da hab ich nochmal gebooted und dann ging es. Code:
ComboFix 13-07-25.02 - Armin 25.07.2013 19:33:54.2.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4094.1983 [GMT 2:00]
Running from: c:\users\Armin\Desktop\ComboFix.exe
Command switches used :: c:\users\Armin\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Hosts_Anti_Adwares_PUPs
c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
M:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HOSTS Anti-PUPs
.
.
((((((((((((((((((((((((( Files Created from 2013-06-25 to 2013-07-25 )))))))))))))))))))))))))))))))
.
.
2013-07-25 17:45 . 2013-07-25 17:45 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3153CAF6-FD97-4F24-8EC7-67EC4A5D27CB}\offreg.dll
2013-07-25 17:43 . 2013-07-25 17:43 -------- d-----w- c:\users\Kinder\AppData\Local\temp
2013-07-25 17:43 . 2013-07-25 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-25 17:43 . 2013-07-25 17:43 -------- d-----w- c:\users\BreneisAdmin\AppData\Local\temp
2013-07-24 18:26 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3153CAF6-FD97-4F24-8EC7-67EC4A5D27CB}\mpengine.dll
2013-07-24 17:08 . 2013-07-24 17:27 -------- d-----w- c:\windows\system32\catroot2
2013-07-23 17:57 . 2013-07-23 18:00 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-07-23 17:15 . 2013-07-23 17:15 -------- d-----w- C:\RegBackup
2013-07-23 16:46 . 2013-07-23 16:46 -------- d--h--w- c:\windows\AxInstSV
2013-07-23 16:37 . 2013-07-23 16:37 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-07-22 16:01 . 2013-07-22 16:01 -------- d-----w- c:\users\Armin\AppData\Roaming\Malwarebytes
2013-07-22 16:01 . 2013-07-22 16:01 -------- d-----w- c:\programdata\Malwarebytes
2013-07-22 16:01 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-22 16:01 . 2013-07-22 16:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-20 13:16 . 2013-07-20 13:16 -------- d-----w- c:\windows\ERUNT
2013-07-20 11:41 . 2013-07-20 11:41 -------- d-----w- C:\FRST
2013-07-20 08:37 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-18 16:40 . 2013-07-18 16:39 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16F650AB-D9E1-4352-A120-EDD60BB2D98D}\gapaengine.dll
2013-07-18 16:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-18 16:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-12 12:10 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 16:43 . 2012-04-04 16:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-18 16:43 . 2011-05-16 19:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 13:04 . 2009-12-02 18:54 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-22 07:12 . 2012-11-28 09:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-10 21:37 . 2013-06-10 21:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-10 21:37 . 2013-06-10 21:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-10 21:37 . 2013-06-10 21:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-10 21:37 . 2013-06-10 21:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-10 21:37 . 2013-06-10 21:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-10 21:37 . 2013-06-10 21:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-10 21:37 . 2013-06-10 21:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-10 21:37 . 2013-06-10 21:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-10 21:37 . 2013-06-10 21:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-10 21:37 . 2013-06-10 21:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-10 21:37 . 2013-06-10 21:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-10 21:37 . 2013-06-10 21:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-10 21:37 . 2013-06-10 21:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-10 21:37 . 2013-06-10 21:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-10 21:37 . 2013-06-10 21:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-10 21:37 . 2013-06-10 21:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-10 21:37 . 2013-06-10 21:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-10 21:37 . 2013-06-10 21:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-10 21:37 . 2013-06-10 21:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-10 21:37 . 2013-06-10 21:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-10 21:37 . 2013-06-10 21:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-10 21:37 . 2013-06-10 21:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-10 21:37 . 2013-06-10 21:37 441856 ----a-w- c:\windows\system32\html.iec
2013-06-10 21:37 . 2013-06-10 21:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-10 21:37 . 2013-06-10 21:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-10 21:37 . 2013-06-10 21:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-10 21:37 . 2013-06-10 21:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-10 21:37 . 2013-06-10 21:37 235008 ----a-w- c:\windows\system32\url.dll
2013-06-10 21:37 . 2013-06-10 21:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-10 21:37 . 2013-06-10 21:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-10 21:37 . 2013-06-10 21:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-10 21:37 . 2013-06-10 21:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-10 21:37 . 2013-06-10 21:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-10 21:37 . 2013-06-10 21:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-10 21:37 . 2013-06-10 21:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-10 21:37 . 2013-06-10 21:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-10 21:37 . 2013-06-10 21:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-10 21:37 . 2013-06-10 21:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-10 21:37 . 2013-06-10 21:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-10 21:37 . 2013-06-10 21:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-10 21:37 . 2013-06-10 21:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-10 21:37 . 2013-06-10 21:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-10 21:37 . 2013-06-10 21:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-10 21:37 . 2013-06-10 21:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-10 21:37 . 2013-06-10 21:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-10 21:37 . 2013-06-10 21:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-10 21:37 . 2013-06-10 21:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-10 21:37 . 2013-06-10 21:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-10 21:37 . 2013-06-10 21:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-04 07:15 . 2013-06-04 07:15 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-06-04 07:15 . 2013-06-04 07:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-04 07:15 . 2013-06-04 07:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-04 07:15 . 2013-06-04 07:15 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-05-22 18:33 . 2013-01-29 17:31 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2013-05-13 05:51 . 2013-06-15 10:12 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-15 10:12 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:51 . 2013-06-15 10:12 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:50 . 2013-06-15 10:12 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-15 10:12 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-15 10:12 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-15 10:12 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 03:43 . 2013-06-15 10:12 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-15 10:12 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-15 10:12 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-15 10:13 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-15 10:13 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-20 18:01 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2009-11-30 20:21 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleContactSync"="c:\program files (x86)\WebGear\GO Contact Sync\GOContactSync.exe" [2013-01-08 902144]
"cam2pc"="c:\program files (x86)\cam2pc\cam2pc.exe" [2007-10-27 6639616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:43]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:26]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:26]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core.job
- c:\users\Armin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 19:16]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA.job
- c:\users\Armin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 19:16]
.
2013-07-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.orf.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: grz.at\access
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-07-25 19:54:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-25 17:53
ComboFix2.txt 2013-07-24 18:23
.
Pre-Run: 9.555.103.744 Bytes frei
Post-Run: 9.085.239.296 Bytes frei
.
- - End Of File - - 5EF75030AA642D4E803D6AB0BAB75C91
A36C5E4F47E84449FF07ED3517B43A31 |