Schön und unschön.
Kann man denn sagen ob die Reste für eine Kommunikation zwischen Sinkhole und meinem PC ausreichten?
ComboFix lief ohne Probleme. Vielen Dank dafür.
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 15-01-04.01 - Deniz 04.01.2015 14:25:35.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6142.4460 [GMT 1:00]
Running from: c:\users\Deniz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-12-04 to 2015-01-04 )))))))))))))))))))))))))))))))
.
.
2015-01-04 13:31 . 2015-01-04 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-04 04:06 . 2015-01-04 04:06 -------- d-----w- C:\TDSSKiller_Quarantine
2015-01-04 01:05 . 2014-09-17 08:58 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34D38645-75D4-48B0-B01A-2BFE84E12273}\gapaengine.dll
2015-01-04 01:05 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{216CDCA9-1183-4D58-8168-299EDAB577AF}\mpengine.dll
2015-01-03 13:42 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-24 13:47 . 2014-12-24 13:47 -------- d-----w- c:\program files (x86)\Cheat Engine 6.4
2014-12-18 13:35 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-18 13:35 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-11 22:33 . 2014-12-11 22:33 -------- d-----w- c:\program files\CCleaner
2014-12-10 12:19 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 12:19 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 12:19 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 12:19 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-10 12:19 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-10 12:19 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 12:19 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 12:19 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-10 12:19 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-10 12:19 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 11:50 . 2014-12-10 11:50 3981488 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-10 10:44 . 2014-11-22 02:50 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-12-10 10:43 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 15:31 . 2014-09-08 15:35 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-19 15:15 . 2014-08-17 13:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-19 15:15 . 2014-08-17 13:51 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 12:21 . 2013-03-11 15:26 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-21 05:14 . 2014-09-08 15:35 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-09-08 15:35 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-02-10 19:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:08 . 2014-11-20 16:34 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 16:34 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-20 16:34 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 16:34 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-06 17:06 . 2014-11-07 13:59 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-11-06 17:06 . 2014-11-07 13:59 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-11-06 17:06 . 2014-11-07 13:59 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
2014-11-06 17:06 . 2014-11-07 13:59 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-04 00:04 . 2014-11-14 00:09 870624 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-11-04 00:04 . 2014-11-14 00:09 31891784 ----a-w- c:\windows\system32\nvoglv64.dll
2014-11-04 00:04 . 2014-11-14 00:09 14031448 ----a-w- c:\windows\system32\nvopencl.dll
2014-11-04 00:04 . 2014-11-14 00:09 11397208 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-11-04 00:04 . 2014-11-14 00:09 962704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-11-04 00:04 . 2014-11-14 00:09 934216 ----a-w- c:\windows\system32\NvFBC64.dll
2014-11-04 00:04 . 2014-11-14 00:09 922256 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-11-04 00:04 . 2014-11-14 00:09 898192 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-11-04 00:04 . 2014-11-14 00:09 501064 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-11-04 00:04 . 2014-11-14 00:09 4289168 ----a-w- c:\windows\system32\nvcuvid.dll
2014-11-04 00:04 . 2014-11-14 00:09 417096 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-11-04 00:04 . 2014-11-14 00:09 4009672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-11-04 00:04 . 2014-11-14 00:09 391824 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-11-04 00:04 . 2014-11-14 00:09 352016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-11-04 00:04 . 2014-11-14 00:09 349504 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-11-04 00:04 . 2014-11-14 00:09 303600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-11-04 00:04 . 2014-11-14 00:09 24555208 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-11-04 00:04 . 2014-11-14 00:09 20923712 ----a-w- c:\windows\system32\nvcompiler.dll
2014-11-04 00:04 . 2014-11-14 00:09 19966344 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-11-04 00:04 . 2014-11-14 00:09 1876296 ----a-w- c:\windows\system32\nvdispco6434465.dll
2014-11-04 00:04 . 2014-11-14 00:09 174856 ----a-w- c:\windows\system32\nvinitx.dll
2014-11-04 00:04 . 2014-11-14 00:09 17259848 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-11-04 00:04 . 2014-11-14 00:09 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-11-04 00:04 . 2014-11-14 00:09 1539272 ----a-w- c:\windows\system32\nvdispgenco6434465.dll
2014-11-04 00:04 . 2014-11-14 00:09 13943904 ----a-w- c:\windows\system32\nvcuda.dll
2014-11-04 00:04 . 2014-11-14 00:09 13207184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-11-04 00:04 . 2014-11-14 00:09 11335408 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-11-04 00:04 . 2014-08-19 20:15 18514080 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-11-04 00:04 . 2014-08-19 20:14 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-11-04 00:04 . 2014-08-19 20:13 2849736 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-11-04 00:04 . 2013-03-11 16:28 20985544 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-04 00:04 . 2013-03-11 16:04 73872 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-04 00:04 . 2013-03-11 16:04 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-04 00:04 . 2013-02-25 23:32 3238040 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-04 00:04 . 2013-02-25 23:32 987520 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-03 22:02 . 2013-03-11 16:04 6882448 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-03 22:02 . 2013-03-11 16:04 3531464 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-03 22:02 . 2013-03-11 16:04 935232 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-03 22:02 . 2013-03-11 16:04 61640 ----a-w- c:\windows\system32\nvshext.dll
2014-11-03 22:02 . 2013-03-11 16:04 385352 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-03 22:02 . 2013-03-11 16:04 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-03 20:25 . 2014-11-14 00:11 615568 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-11-03 11:58 . 2013-03-11 16:04 4099264 ----a-w- c:\windows\system32\nvcoproc.bin
2014-10-30 11:25 . 2013-03-11 15:02 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-30 08:56 . 2014-11-07 13:56 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-10-30 08:56 . 2014-11-07 13:56 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-10-30 08:56 . 2014-02-14 05:14 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-10-30 04:53 . 2014-11-07 13:56 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-07 13:56 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-10-25 01:57 . 2014-11-12 23:46 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 23:46 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 01:38 . 2013-03-31 01:36 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-10-20 01:38 . 2013-03-31 01:36 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-10-18 02:05 . 2014-11-12 23:46 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 23:46 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-16 13:33 . 2014-10-16 13:33 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-14 02:16 . 2014-11-12 23:47 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 23:47 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 23:46 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 23:47 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 23:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 23:47 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 23:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 23:46 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 23:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 23:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 23:47 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 23:46 3198976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;d:\origin\OriginClientService.exe;d:\origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 01:51 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17 15:15]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24 19:45]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24 19:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: secunia.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\6876cet9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Grand Theft Auto - d:\gta\Uninst.isu
AddRemove-The_Sims_2_+14_Trainer_1.0 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3798611794-575905458-939947547-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3798611794-575905458-939947547-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,63,db,3a,5f,33,93,d7,43,a0,32,b5,e5,ff,63,d5,75,f3,13,a5,e4,
5d,e0,f6,b3,ce,9b,b2,dd,db,86,8a,79,33,22,6c,14,bb,7f,d4,00,ae,06,ab,3c,3b,\
"rkeysecu"=hex:e9,9a,4d,d2,96,c1,90,20,a4,eb,4d,73,51,33,c7,4d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-04 14:34:13
ComboFix-quarantined-files.txt 2015-01-04 13:34
.
Pre-Run: 11 Verzeichnis(se), 95.782.907.904 Bytes frei
Post-Run: 15 Verzeichnis(se), 95.329.988.608 Bytes frei
.
- - End Of File - - F7F5BCCC9A33B4FAECED4BE28EB0E80B
A36C5E4F47E84449FF07ED3517B43A31
04.01.2015, 14:38
Kann man denn sagen ob die Reste für eine Kommunikation zwischen Sinkhole und meinem PC ausreichten?
Da waren noch Reste eines Bootkits drauf. 
Baum-Darstellung