| GamerWolf | 30.07.2013 20:38 |
ok, hier ist combofix.txt
Combofix Logfile: Code:
ComboFix 13-07-30.03 - Monika 30.07.2013 20:54:08.1.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.4048.2427 [GMT 2:00]
ausgeführt von:: c:\users\Monika\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LyricsContainer\125.dll
c:\users\Monika\AppData\Local\assembly\tmp
c:\users\Monika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81B49F67-E9EA-4F96-81DB-CD6EC05DC145}.xps
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-28 bis 2013-07-30 ))))))))))))))))))))))))))))))
.
.
2013-07-30 12:10 . 2013-07-30 12:10 -------- d-----w- C:\FRST
2013-07-30 11:36 . 2013-07-30 11:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-28 07:13 . 2013-07-28 07:13 289968 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10211.bin
2013-07-27 14:17 . 2013-07-27 14:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-27 10:47 . 2013-02-28 14:27 20312 ----a-w- c:\windows\system32\roboot64.exe
2013-07-27 05:53 . 2011-07-26 14:15 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2013-07-27 05:53 . 2011-07-26 14:15 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2013-07-27 05:53 . 2011-07-26 14:15 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2013-07-27 05:53 . 2012-09-29 20:49 40992 ----a-w- c:\windows\system32\CleanMFT64.exe
2013-07-27 05:53 . 2008-04-02 13:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2013-07-27 05:53 . 2008-04-02 13:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2013-07-27 05:53 . 2008-04-02 13:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2013-07-27 05:53 . 2012-09-29 20:50 512544 ----a-w- c:\windows\SysWow64\msxml.dll
2013-07-27 05:53 . 2008-09-17 19:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-07-26 21:31 . 2013-07-27 13:39 -------- d-----w- c:\windows\system32\drivers\NSTx64
2013-07-26 21:30 . 2013-07-26 21:31 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2013-07-26 21:30 . 2013-07-26 21:42 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-26 21:30 . 2013-07-26 21:30 -------- d-----w- c:\program files\Symantec
2013-07-26 21:30 . 2013-07-26 21:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-07-26 21:24 . 2013-07-27 10:52 -------- d-----w- c:\windows\system32\drivers\NAVx64
2013-07-26 21:24 . 2013-07-26 21:24 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2013-07-26 19:10 . 2013-07-27 06:04 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-07-26 18:00 . 2013-07-26 18:00 -------- d-----w- c:\program files\Updater By Sweetpacks
2013-07-26 17:59 . 2013-07-26 17:59 -------- d-----w- c:\program files (x86)\Web Cake
2013-07-26 17:59 . 2013-07-26 17:59 -------- d-----w- c:\program files (x86)\SweetIM
2013-07-26 17:58 . 2013-07-27 00:59 -------- d-----w- c:\windows\SysWow64\jmdp
2013-07-26 17:58 . 2013-07-26 17:58 -------- d-----w- c:\windows\SysWow64\ARFC
2013-07-26 17:58 . 2013-06-30 16:10 1645360 ----a-w- c:\windows\system32\dmwu.exe
2013-07-26 17:58 . 2013-06-30 16:07 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-07-26 17:58 . 2013-07-26 17:58 -------- d-----w- c:\windows\SysWow64\WNLT
2013-07-26 17:57 . 2013-07-26 17:59 -------- d-----w- c:\programdata\Tarma Installer
2013-07-26 11:04 . 2013-07-26 11:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-26 11:02 . 2013-07-26 11:02 -------- d-----w- c:\programdata\Iminent
2013-07-26 11:02 . 2013-07-26 11:02 -------- d-----w- c:\program files (x86)\Common Files\Umbrella
2013-07-26 11:02 . 2013-07-26 11:02 -------- d-----w- c:\program files (x86)\Iminent
2013-07-26 11:02 . 2013-07-26 11:02 -------- d-----w- c:\program files (x86)\Delta
2013-07-26 11:02 . 2013-07-26 11:02 -------- d-----w- c:\program files (x86)\Wajam
2013-07-26 11:02 . 2013-07-30 19:02 -------- d-----w- c:\program files (x86)\LyricsContainer
2013-07-26 11:02 . 2013-07-26 11:02 -------- d-----w- c:\programdata\Babylon
2013-07-26 11:01 . 2013-07-26 11:01 278080 ----a-w- c:\program files\Adobe_Reader.exe
2013-07-25 08:08 . 2013-07-25 08:08 -------- d-----w- C:\found.000
2013-07-14 13:22 . 2012-07-23 22:00 466432 ----a-w- c:\windows\system32\esxw2ud.dll
2013-07-14 13:22 . 2011-12-11 22:00 135824 ----a-w- c:\windows\system32\escsvc64.exe
2013-07-14 13:22 . 2013-07-14 13:22 -------- d-----w- c:\program files (x86)\epson
2013-07-14 12:21 . 2013-07-14 12:25 -------- d-----r- c:\windows\BrowserChoice
2013-07-14 12:14 . 2013-07-14 12:14 -------- d-----w- c:\program files\Common Files\EPSON
2013-07-14 12:14 . 2013-07-20 12:18 -------- d-----w- c:\programdata\EPSON
2013-07-14 12:14 . 2012-11-01 10:42 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-07-14 12:14 . 2012-11-01 10:42 120320 ----a-w- c:\windows\system32\E_ILMILE.DLL
2013-07-14 12:14 . 2012-11-01 10:42 83968 ----a-w- c:\windows\system32\E_ID4BILE.DLL
2013-07-14 11:58 . 2006-05-29 00:00 16384 ----a-r- c:\windows\SysWow64\avmprmon.dll
2013-07-14 11:58 . 2006-12-14 11:42 69120 ----a-r- c:\windows\SysWow64\avmadd32.dll
2013-07-14 11:58 . 2013-07-14 11:58 -------- d-----w- c:\program files (x86)\FRITZ!Box
2013-07-14 07:48 . 2012-11-26 02:15 16114176 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 07:48 . 2012-11-26 02:14 15541248 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 07:45 . 2013-06-23 22:41 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-14 06:49 . 2013-07-14 11:41 -------- d-----w- c:\program files (x86)\proWIN Office
2013-07-14 06:48 . 2013-07-14 06:48 -------- d-----w- c:\windows\SysWow64\URTTEMP
2013-07-13 18:21 . 2013-07-13 18:21 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-13 18:20 . 2013-07-13 18:20 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-13 18:19 . 2012-11-10 04:22 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-07-13 18:19 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2013-07-13 18:19 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2013-07-13 18:19 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2013-07-13 18:19 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-07-13 18:19 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2013-07-12 18:22 . 2013-07-12 18:22 -------- d-----w- C:\Neuer Ordner
2013-07-12 18:18 . 2013-07-12 18:18 -------- d-----w- c:\windows\PCHEALTH
2013-07-12 18:15 . 2013-07-12 18:15 -------- d-----w- c:\program files\Microsoft Office
2013-07-12 18:15 . 2013-07-12 18:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-07-12 18:14 . 2013-07-14 12:59 -------- d-----w- c:\programdata\Microsoft Help
2013-07-12 18:14 . 2013-07-12 18:14 -------- d-----r- C:\MSOCache
2013-07-12 18:00 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-07-12 17:59 . 2013-05-04 07:45 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-12 17:59 . 2013-03-02 09:59 411880 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-07-12 17:59 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-12 17:59 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-12 17:59 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-12 17:59 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-07-12 17:59 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-12 17:59 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-12 17:59 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-12 17:57 . 2012-10-06 04:53 2893824 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-12 17:57 . 2012-10-06 04:15 2400256 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-12 17:57 . 2013-06-01 09:25 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-12 17:57 . 2013-06-01 09:21 595968 ----a-w- c:\windows\system32\qedit.dll
2013-07-12 17:57 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe
2013-07-12 17:57 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2013-07-12 17:57 . 2013-03-02 08:23 375808 ----a-w- c:\windows\SysWow64\ReAgent.dll
2013-07-12 17:57 . 2013-03-02 02:44 1011200 ----a-w- c:\windows\system32\reseteng.dll
2013-07-12 17:57 . 2012-12-15 04:55 443392 ----a-w- c:\windows\system32\ReAgent.dll
2013-07-12 17:57 . 2012-11-03 05:26 132096 ----a-w- c:\windows\system32\sysreset.exe
2013-07-12 17:57 . 2012-11-03 05:25 945152 ----a-w- c:\windows\system32\resetengmig.dll
2013-07-12 17:55 . 2012-11-27 03:55 29952 ----a-w- c:\windows\system32\drivers\BthhfHid.sys
2013-07-12 17:53 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-07-12 17:46 . 2013-04-27 05:20 733184 ----a-w- c:\windows\system32\win32spl.dll
2013-07-12 17:46 . 2013-05-04 06:59 2842112 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-12 17:46 . 2013-05-04 04:57 2620928 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 17:44 . 2012-10-24 03:25 13312 ----a-w- c:\windows\system32\pcalua.exe
2013-07-12 17:44 . 2012-10-24 03:24 405504 ----a-w- c:\windows\system32\pcasvc.dll
2013-07-12 17:44 . 2012-10-24 03:24 31232 ----a-w- c:\windows\system32\pcadm.dll
2013-07-12 17:44 . 2012-10-24 03:05 11776 ----a-w- c:\windows\system32\pcaevts.dll
2013-07-12 17:42 . 2012-12-16 08:28 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-07-12 17:41 . 2012-11-01 04:40 2361344 ----a-w- c:\windows\system32\msxml6.dll
2013-07-12 17:41 . 2012-11-01 04:40 1836032 ----a-w- c:\windows\system32\msxml3.dll
2013-07-12 17:41 . 2012-11-01 04:41 1802240 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-07-12 17:41 . 2012-11-01 04:41 1438720 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-07-12 17:41 . 2012-11-01 04:21 2048 ----a-w- c:\windows\system32\msxml6r.dll
2013-07-12 17:41 . 2012-11-01 04:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-07-12 17:41 . 2012-11-01 04:20 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2013-07-12 17:41 . 2012-11-01 04:20 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2013-07-12 16:52 . 2013-07-14 13:21 -------- d-----w- C:\Eimer
2013-07-12 16:44 . 2013-07-12 16:44 -------- d-----w- c:\programdata\EgisTec
2013-07-12 16:37 . 2013-07-12 16:37 -------- d-----w- c:\program files (x86)\OEM
2013-07-12 16:37 . 2013-07-12 16:37 -------- d-----w- c:\program files\Preload
2013-07-12 16:36 . 2013-07-12 16:36 -------- d-----w- c:\program files\Accessory Store
2013-07-12 16:35 . 2013-07-27 14:15 -------- d-----w- c:\users\Monika
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 16:34 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-07-26 04:02 197912 ----a-w- c:\program files (x86)\Web Cake\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-07-23 02:50 311536 ----a-w- c:\program files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DEDAF650-12B8-48f5-A843-BBA100716106}]
2013-05-29 08:24 169304 ----a-w- c:\program files\Updater By Sweetpacks\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2013-05-30 16:50 1309456 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll" [2013-07-23 300952]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-05-30 1309456]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE" [2012-11-01 283232]
"NTRedirect"="c:\users\Monika\AppData\Roaming\BabSolution\Shared\NTRedirect.dll" [2013-07-18 121856]
"WebCake Desktop"="c:\users\Monika\AppData\Roaming\Web Cake\WebCakeDesktop.exe" [2013-07-26 52504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-28 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SSDMonitor"="c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe" [2012-09-29 104480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NAVx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SymELAM.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130727.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130727.001\IDSvia64.sys [x]
S1 MfeASKM;McAfee Application Statistics Device Driver;c:\program files\McAfee\AppStats\MfeASKM.sys;c:\program files\McAfee\AppStats\MfeASKM.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MfeASUM;McAfee Application Statistics Service;c:\program files\McAfee\AppStats\MfeASUM.exe;c:\program files\McAfee\AppStats\MfeASUM.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [x]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater By Sweetpacks;Updater By Sweetpacks;c:\program files\Updater By Sweetpacks\ExtensionUpdaterService.exe;c:\program files\Updater By Sweetpacks\ExtensionUpdaterService.exe [x]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
S2 WebCakeUpdater;WebCakeUpdater;c:\program files (x86)\Web Cake\WebCakeDesktop.Updater.exe;c:\program files (x86)\Web Cake\WebCakeDesktop.Updater.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-27 11:59]
.
2013-07-26 c:\windows\Tasks\LyricsContainer Update.job
- c:\program files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-25 16:12]
.
2013-07-30 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2013-07-27 20:49]
.
2013-07-27 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Symantec\Norton Utilities 16\nu.exe [2013-07-27 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-02 12921488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.web.de/
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={DCAB36ED-F61C-11E2-BE79-ECA86BDEB644}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\fscnqri9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - ExtSQL: 2013-07-26 13:02; Lyrics@LyricsContainer.co; c:\program files (x86)\LyricsContainer\125.xpi
FF - ExtSQL: 2013-07-26 19:08; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-07-26 20:00; {DEDAF650-12B8-48f5-A843-BBA100716106}; c:\program files\Updater By Sweetpacks\Firefox
FF - ExtSQL: 2013-07-27 08:00; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn
FF - ExtSQL: 2013-07-27 13:35; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{DA3D98A6-868D-4E1B-BB78-0887230DA405} - c:\program files (x86)\LyricsContainer\125.dll
Toolbar-Locked - (no file)
c:\users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-07-30 21:23:26
ComboFix-quarantined-files.txt 2013-07-30 19:23
.
Vor Suchlauf: 9 Verzeichnis(se), 184.085.925.888 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 182.812.700.672 Bytes frei
.
- - End Of File - - 5255160366EC06F96050CB51B0A6F3F6
--- --- ---
D41D8CD98F00B204E9800998ECF8427E
[/CODE] |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
