Gloriaflyx | 17.03.2015 17:34 | Hi Schrauber,
Combofix hat (natürlich) gemeckert, als ich nach dem Schließen meiner Anti-Virussoftware es ausführen wolte. Sogar zweimal, dass Antivirus und Defense+ noch aktiv sind. Nachtrag bzgl. der ungewohnt kurzen Prüfung meines Anti-Virenprogramms: Die war so kurz, weil sie relativ schnell aufeinader folgten und sich die Dateien nicht verändert hatten. Ein Freund hat mir das erklärt, aber da ist mir eine Frage in den Sinn gekommen: Wie häufig verändern sich Systemdateien?
Hier kommt jetzt mein Bericht: Code:
ComboFix 15-03-14.03 - ***** 17.03.2015 17:18:50.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.7877.5677 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-17 bis 2015-03-17 ))))))))))))))))))))))))))))))
.
.
2015-03-17 16:23 . 2015-03-17 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 08:40 . 2015-03-17 09:29 -------- d-----w- C:\FRST
2015-03-17 08:26 . 2015-03-17 08:26 -------- d-----w- c:\users\*****\AppData\Roaming\Geek Uninstaller
2015-03-17 08:12 . 2015-03-17 08:12 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2015-03-17 08:05 . 2015-03-17 08:05 -------- d-----w- c:\users\*****\Tracing
2015-03-17 08:00 . 2015-03-17 08:01 -------- d-----w- C:\AdwCleaner
2015-03-17 07:52 . 2015-03-17 07:52 -------- d-----w- c:\users\*****\AppData\Roaming\Enigma Software Group
2015-03-17 06:42 . 2015-03-17 07:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-17 06:42 . 2015-03-17 06:42 -------- d-----w- c:\programdata\Malwarebytes
2015-03-17 06:35 . 2015-03-17 07:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-03-17 06:35 . 2015-03-17 08:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-03-17 06:33 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE09EC08-A690-4610-824D-C7B86A78BE0F}\mpengine.dll
2015-03-14 13:53 . 2015-03-14 14:08 -------- d-----w- c:\program files (x86)\Assassin's Creed Liberation
2015-03-11 12:52 . 2015-03-11 12:52 -------- d-----w- c:\windows\SysWow64\NV
2015-03-11 12:52 . 2015-03-11 12:52 -------- d-----w- c:\windows\system32\NV
2015-03-11 11:59 . 2015-03-11 11:59 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-03-11 11:58 . 2015-03-11 11:58 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 11:58 . 2015-03-11 11:58 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-25 15:41 . 2015-02-25 15:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-25 15:41 . 2015-02-25 15:40 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-25 15:40 . 2015-02-25 15:40 -------- d-----w- c:\program files (x86)\Java
2015-02-25 15:40 . 2015-02-25 15:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2015-02-25 10:33 . 2015-03-11 12:10 20989664 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-25 10:33 . 2015-03-11 12:10 18518392 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-19 13:06 . 2015-02-19 13:26 -------- d-----w- c:\users\*****\AppData\Roaming\Opera Software
2015-02-19 13:06 . 2015-02-19 13:26 -------- d-----w- c:\users\*****\AppData\Local\Opera Software
2015-02-19 13:06 . 2015-02-19 13:26 -------- d-----w- c:\program files (x86)\Opera
2015-02-19 12:31 . 2015-02-19 12:31 -------- d-----w- c:\users\*****\AppData\Local\Steam
2015-02-18 08:47 . 2015-02-18 08:47 17323192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-17 16:12 . 2014-12-12 18:37 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2015-03-17 16:12 . 2014-01-18 09:54 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2015-03-14 16:47 . 2014-11-12 20:19 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-14 16:47 . 2014-11-12 20:19 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-11 12:11 . 2014-01-17 16:22 934216 ----a-w- c:\windows\system32\nvvsvc.exe
2015-03-11 12:10 . 2014-01-17 16:22 989568 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-03-11 12:10 . 2014-01-17 16:22 3264832 ----a-w- c:\windows\system32\nvapi64.dll
2015-03-11 12:10 . 2014-03-26 20:54 872856 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-03-11 12:10 . 2014-01-17 16:22 174856 ----a-w- c:\windows\system32\nvinitx.dll
2015-03-11 12:10 . 2014-01-17 16:22 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-03-11 12:08 . 2014-01-17 16:51 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-06 13:29 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-03-04 19:58 . 2014-02-23 20:28 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-03-04 19:58 . 2014-01-18 12:03 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-02-12 16:30 . 2014-01-18 12:03 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-02-11 21:29 . 2015-02-11 21:29 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-11 21:29 . 2015-02-11 21:29 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-11 21:29 . 2015-02-11 21:29 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-11 21:29 . 2015-02-11 21:29 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-11 13:05 . 2015-02-11 13:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 13:05 . 2015-02-11 13:05 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 13:05 . 2015-02-11 13:05 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 13:05 . 2015-02-11 13:05 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-04 20:29 . 2014-01-17 16:22 6898832 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-04 20:29 . 2014-01-17 16:22 3533512 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-04 20:29 . 2014-01-17 16:22 2557640 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-04 20:29 . 2014-01-17 16:22 61640 ----a-w- c:\windows\system32\nvshext.dll
2015-02-04 20:29 . 2014-01-17 16:22 624968 ----a-w- c:\windows\SysWow64\oemdspif.dll
2015-02-04 20:29 . 2014-01-17 16:22 73928 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-02-04 20:29 . 2014-01-17 16:22 384200 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-04 20:29 . 2014-01-17 16:22 1093960 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-02-04 06:48 . 2014-01-17 16:22 4229548 ----a-w- c:\windows\system32\nvcoproc.bin
2015-01-30 12:27 . 2013-11-14 10:38 792648 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-01-30 12:27 . 2013-09-24 09:54 104608 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-01-30 12:27 . 2013-09-24 09:54 45880 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-01-30 12:27 . 2013-09-24 09:54 20184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-01-30 12:27 . 2013-11-14 10:38 40736 ----a-w- c:\windows\system32\cmdcsr.dll
2015-01-30 12:27 . 2013-09-24 09:53 481576 ----a-w- c:\windows\system32\guard64.dll
2015-01-30 12:27 . 2013-09-24 09:53 386768 ----a-w- c:\windows\SysWow64\guard32.dll
2015-01-30 12:27 . 2013-09-24 09:53 354520 ----a-w- c:\windows\system32\cmdvrt64.dll
2015-01-30 12:27 . 2013-09-24 09:53 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2015-01-30 12:27 . 2013-09-24 09:53 286424 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2015-01-30 12:27 . 2013-09-24 09:53 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2015-01-22 15:14 . 2015-02-03 08:16 114872 ----a-w- c:\windows\system32\pdfcmon.dll
2015-01-15 20:44 . 2014-12-04 12:36 20728 ----a-w- c:\windows\system32\drivers\browserMon.sys
2015-01-14 15:06 . 2015-01-14 15:06 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 15:06 . 2015-01-14 15:06 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 15:06 . 2015-01-14 15:06 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 15:06 . 2015-01-14 15:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 15:06 . 2015-01-14 15:06 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 15:06 . 2015-01-14 15:06 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-02-26 31344744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Integrated Camera_Monitor"="c:\program files (x86)\Integrated Camera\monitor.exe" [2013-09-27 1720696]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-08-15 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-25 508800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-4-15 247784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 16:47]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-17 17:33]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-17 17:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-16 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-16 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-16 444400]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-02-04 1297624]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.0.1
TCP: Interfaces\{674872C8-8B5A-47C5-887A-2BFEFF0D36C4}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\j5h72v37.default\
FF - prefs.js: browser.startup.homepage - hxxps://webmailer.hosteurope.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-blinzle - c:\users\*****\Desktop\blinzle.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Zeit der Fertigstellung: 2015-03-17 17:25:37
ComboFix-quarantined-files.txt 2015-03-17 16:25
.
Vor Suchlauf: 11 Verzeichnis(se), 61.620.936.704 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 61.340.086.272 Bytes frei
.
- - End Of File - - F29C2C2D5BA2D21B25D1B4B04D612E00
A36C5E4F47E84449FF07ED3517B43A31 |