| tidus1915 | 17.12.2013 12:58 |
Hat funktioniert, Code:
ComboFix 13-12-16.01 - admin 17.12.2013 12:36:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.5896 [GMT 1:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DNSErrorHelper\bhO.dll
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-17 bis 2013-12-17 ))))))))))))))))))))))))))))))
.
.
2013-12-17 11:46 . 2013-12-17 11:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-17 09:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37B0C010-85F0-411F-BD25-57F4D53E51BF}\mpengine.dll
2013-12-17 09:05 . 2013-12-17 09:05 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-12-17 09:04 . 2013-12-17 09:04 -------- d-----w- c:\programdata\Malwarebytes
2013-12-17 09:04 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-17 09:04 . 2013-12-17 09:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-16 19:19 . 2013-12-16 19:19 -------- d-----w- C:\FRST
2013-12-16 09:22 . 2013-12-16 09:30 -------- d-----w- c:\users\admin\AppData\Roaming\.clamwin
2013-12-16 09:22 . 2013-12-16 09:22 -------- d-----w- c:\programdata\.clamwin
2013-12-16 09:22 . 2013-12-16 09:22 -------- d-----w- c:\program files (x86)\ClamWin
2013-12-12 23:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 23:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 23:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 23:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 23:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-12 07:55 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-09 13:46 . 2013-12-13 21:06 -------- d-----w- c:\users\admin\AppData\Roaming\.technic
2013-11-27 11:35 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-27 11:35 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-26 21:44 . 2013-11-26 21:44 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 21:44 . 2013-11-26 21:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 15:27 . 2013-11-26 15:27 -------- d-----w- c:\windows\SysWow64\VirtualMIDISynth
2013-11-26 15:27 . 2013-11-26 15:27 -------- d-----w- c:\windows\system32\VirtualMIDISynth
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 21:28 . 2012-10-14 22:27 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 12:48 . 2012-08-25 12:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 12:48 . 2012-08-25 12:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 12:44 . 2013-10-21 06:34 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 16:54 . 2012-09-23 16:08 5284208 ----a-w- c:\windows\SysWow64\GameMon.des
2013-10-30 15:48 . 2012-09-23 16:08 5584 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2013-10-14 17:00 . 2013-03-14 22:06 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 07:03 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 07:03 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 07:03 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 07:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 07:03 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 05:50 . 2013-10-17 17:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-13 07:03 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 07:03 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 07:03 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 07:03 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 07:03 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 07:03 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 07:03 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 07:03 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 07:03 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 07:03 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 07:03 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-13 07:03 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 07:03 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 07:03 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 07:03 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 07:03 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 07:03 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 07:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 07:03 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 07:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 07:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 07:03 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 07:03 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 07:03 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-21 06:40 222712 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-21 06:40 222712 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-21 06:40 222712 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-08-30 703888]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\91eaeb01-6e69-45e1-96ba-c97aea7ca8c1.exe" [2013-11-23 180184]
"ClamWin"="c:\program files (x86)\ClamWin\bin\ClamTray.exe" [2013-04-27 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AddonsHelper;AddonsHelper;c:\users\admin\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe;c:\users\admin\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys;c:\windows\SYSNATIVE\Drivers\StkCMini.sys [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys;c:\windows\SYSNATIVE\drivers\SynUSB64.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys;c:\windows\SYSNATIVE\DRIVERS\tinspusb.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys;c:\windows\SYSNATIVE\DRIVERS\vcd10bus.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55 7680 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 12:48]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 11:17]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 11:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-21 06:40 261624 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-21 06:40 261624 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-21 06:40 261624 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-12-11 12:45 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-12-11 12:45 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-12-11 12:45 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"Ocs_SM"="c:\users\admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-10-25 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.firetab.org/?type=ds3nt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{31639CA0-A702-4D5A-8C25-1279C33F1FAE}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jrztla7y.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-10-25 22:49; firejump@firejump.net; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jrztla7y.default\extensions\firejump@firejump.net
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 40b89b3000000000000000112fd503d1
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15907
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:44
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119821&tt=210713_nt&tsp=4950
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{9B6B03F1-16CF-4491-BBBB-E872802DD717} - c:\programdata\DNSErrorHelper\bho.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2067041484-2943148122-4288552979-1000\Software\SecuROM\License information*]
"datasecu"=hex:01,df,a5,cd,80,22,33,98,4a,77,c6,0b,7c,6c,43,e1,19,6f,8c,2c,32,
56,62,c9,77,47,59,ec,1e,44,cf,b1,5b,18,79,13,73,32,55,42,17,0d,45,94,60,77,\
"rkeysecu"=hex:a7,cd,ef,bf,dc,4c,51,32,f5,e9,02,c9,70,fa,8c,38
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-17 12:56:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-12-17 11:56
.
Vor Suchlauf: 14 Verzeichnis(se), 279.040.643.072 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 277.821.022.208 Bytes frei
.
- - End Of File - - BFF7314E61A9FFCAAE5E36AA7A0BB15A
A36C5E4F47E84449FF07ED3517B43A31
|
Lesestoff:
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
