oki,hier das combofix logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 16-02-15.01 - admin 16.02.2016 11:19:01.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.1805 [GMT 1:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Emsisoft Internet Security *Enabled/Updated* {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
FW: Emsisoft Internet Security *Enabled* {2D6A8CB8-2F5F-DB71-0910-D29443028C23}
SP: Emsisoft Internet Security *Enabled/Updated* {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\programdata\47fa08765bf4a72b8c965e87572abba09b09f7dc
c:\programdata\d
c:\programdata\d\43DBA3A8.license.log
c:\users\admin\AppData\Roaming\Secure-Soft Stealer
c:\windows\Install
c:\windows\SysWow64\MSDCSC
c:\windows\SysWow64\nso206E.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2016-01-16 bis 2016-02-16 ))))))))))))))))))))))))))))))
.
.
2016-02-16 10:29 . 2016-02-16 10:29 -------- d-----w- c:\users\schinken42.ddns.net\AppData\Local\temp
2016-02-16 10:29 . 2016-02-16 10:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-02-16 10:29 . 2016-02-16 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-13 12:36 . 2016-02-13 12:36 -------- d-----w- c:\programdata\Emsisoft
2016-02-13 12:25 . 2015-12-07 21:30 312064 ----a-w- c:\windows\system32\drivers\fwndislwf64.sys
2016-02-13 12:25 . 2016-02-16 10:33 -------- d-----w- c:\program files\Emsisoft Internet Security
2016-02-13 10:12 . 2015-10-18 16:53 68288 ----a-w- c:\windows\system32\vsocklib.dll
2016-02-13 10:12 . 2015-10-18 16:53 64192 ----a-w- c:\windows\SysWow64\vsocklib.dll
2016-02-13 10:12 . 2015-10-18 16:53 75512 ----a-w- c:\windows\system32\drivers\vsock.sys
2016-02-13 10:12 . 2015-10-18 17:33 66752 ----a-w- c:\windows\system32\drivers\vmx86.sys
2016-02-13 10:12 . 2015-10-18 17:33 33472 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2016-02-13 10:11 . 2015-10-18 17:33 31936 ----a-w- c:\windows\system32\drivers\VMparport.sys
2016-02-13 10:11 . 2015-10-18 17:33 358080 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2016-02-13 10:11 . 2015-10-18 17:33 391872 ----a-w- c:\windows\SysWow64\vmnat.exe
2016-02-13 10:11 . 2015-10-18 17:11 26816 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2016-02-13 10:10 . 2015-10-18 17:33 934080 ----a-w- c:\windows\system32\vnetlib64.dll
2016-02-13 10:10 . 2015-10-06 07:02 57536 ----a-w- c:\windows\system32\drivers\hcmon.sys
2016-02-13 10:10 . 2016-02-13 10:10 -------- d-----w- c:\program files\Common Files\VMware
2016-02-13 10:09 . 2016-02-13 10:09 -------- d-----w- c:\program files (x86)\Common Files\ThinPrint
2016-02-13 10:09 . 2016-02-13 10:09 -------- d-----w- c:\program files (x86)\VMware
2016-02-13 10:07 . 2016-02-13 10:09 -------- d-----w- c:\program files (x86)\Common Files\VMware
2016-02-11 01:13 . 2016-02-11 01:13 -------- d-----w- c:\users\admin\AppData\Roaming\ProductData
2016-02-10 03:00 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 02:59 . 2016-01-22 06:20 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-02-09 08:26 . 2016-02-09 08:26 -------- d-----w- c:\users\Neuer Ordner
2016-02-09 03:40 . 2016-02-09 03:40 -------- d-----w- C:\Program Settings
2016-02-08 20:50 . 2016-02-08 20:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-02-08 16:24 . 2016-02-08 16:35 -------- d-----w- c:\programdata\FAZ
2016-02-08 16:22 . 2016-02-08 17:45 -------- d-----w- c:\programdata\URR
2016-02-08 15:34 . 2016-02-08 15:34 3584 ----a-w- c:\windows\system32\thunk.dll
2016-02-08 15:34 . 2016-02-08 15:34 1536 ----a-w- c:\windows\SysWow64\thunk.dll
2016-02-08 01:32 . 2016-02-08 01:32 -------- d-----w- c:\programdata\Sophos
2016-02-08 01:30 . 2016-02-08 01:30 -------- d-----w- c:\program files (x86)\Sophos
2016-02-07 23:40 . 2016-02-08 00:33 -------- d-----w- c:\users\admin\AppData\Local\gtk-2.0
2016-02-07 23:36 . 2016-02-13 10:40 -------- d-----w- c:\users\admin\AppData\Roaming\.purple
2016-02-07 23:35 . 2016-02-08 00:04 -------- d-----w- c:\program files (x86)\Pidgin
2016-02-04 00:26 . 2016-02-04 01:44 -------- d-----w- c:\programdata\Nimoru
2016-02-03 20:46 . 2016-02-03 20:47 -------- d-----w- c:\programdata\IObit
2016-02-03 20:46 . 2016-02-03 20:46 -------- d-----w- c:\programdata\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-02-03 20:46 . 2016-02-03 20:46 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-02-03 20:46 . 2016-02-03 20:46 -------- d-----w- c:\program files (x86)\Common Files\IObit
2016-02-03 20:46 . 2016-02-06 01:11 -------- d-----w- c:\program files (x86)\IObit
2016-02-03 20:46 . 2016-02-03 20:47 -------- d-----w- c:\users\admin\AppData\Roaming\IObit
2016-01-26 21:20 . 2016-01-26 21:21 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2016-01-26 21:19 . 2016-01-26 21:19 -------- d-----w- c:\programdata\NuGet
2016-01-26 21:19 . 2016-01-26 21:19 -------- d-----w- c:\program files (x86)\NuGet
2016-01-25 19:03 . 2016-01-25 19:03 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-12 07:39 . 2015-06-24 00:14 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-12 07:38 . 2015-06-24 00:14 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-10 04:47 . 2015-05-19 17:47 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-10 04:47 . 2015-05-19 17:47 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-08 20:57 . 2015-10-17 15:23 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-01-26 21:26 . 2015-07-21 14:59 2539616 ----a-w- c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2016-01-22 05:59 . 2016-02-10 02:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-08 21:54 . 2016-01-13 14:49 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-13 14:49 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-13 14:49 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-13 14:49 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-13 14:49 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-13 14:49 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-13 14:49 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-13 14:49 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-13 14:49 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-13 14:49 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-13 14:49 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-13 14:49 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-13 14:49 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-13 14:49 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-13 14:49 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-13 14:49 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-13 14:49 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-13 14:49 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-13 14:49 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-13 14:49 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-13 14:49 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-13 14:49 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-13 14:49 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-13 14:49 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-13 14:49 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-13 14:49 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-13 14:49 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-13 14:49 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-13 14:49 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-13 14:49 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-13 14:49 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-13 14:49 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-13 14:49 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-13 14:49 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-13 14:49 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-13 14:48 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-13 14:49 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-13 14:49 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-13 14:49 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-13 14:49 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 19:07 . 2016-01-13 14:49 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-13 14:49 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-13 14:49 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 19:07 . 2016-01-13 14:49 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-13 14:49 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-13 14:49 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-13 14:49 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-13 14:49 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-13 14:49 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-13 14:49 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-13 14:49 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-13 14:49 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-13 14:49 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-13 14:49 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-13 14:49 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-13 14:49 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-13 14:49 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-13 14:49 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-13 14:49 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-13 14:48 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-13 14:49 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-13 14:49 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-13 14:49 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-13 14:49 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-13 14:49 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-13 14:49 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-13 14:49 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 18:12 . 2016-01-13 14:49 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 18:11 . 2016-01-13 14:49 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2015-12-05 06:55 . 2015-12-05 06:55 192216 ----a-w- c:\windows\system32\drivers\2EBA4885.sys
2015-11-23 19:46 . 2015-11-23 19:46 192216 ----a-w- c:\windows\system32\drivers\0EC06DB0.sys
2015-11-23 19:46 . 2015-11-23 19:46 192216 ----a-w- c:\windows\system32\drivers\16EB6D88.sys
2015-11-20 14:01 . 2015-11-20 14:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4A2343F-6E6D-41BF-9AFD-C209624674C8}\offreg.2456.dll
2015-11-19 10:08 . 2015-12-02 21:32 122400 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2015-11-19 10:07 . 2015-12-02 21:32 35328 ----a-w- c:\windows\system32\LMIport.dll
2015-11-19 10:07 . 2015-12-02 21:32 107008 ----a-w- c:\windows\system32\LMIinit.dll
2015-11-19 10:01 . 2015-11-19 10:01 35616 ----a-w- c:\windows\system32\lmimirr.dll
2015-11-19 10:01 . 2015-11-19 10:01 14624 ----a-w- c:\windows\system32\lmimirr2.dll
2015-11-19 10:01 . 2015-11-19 10:01 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2013-04-10 08:20 . 2016-01-01 21:24 2782320 --sha-w- c:\program files (x86)\Common Files\~sauwjpv.ibo
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2015-05-19 152872]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-02 8551848]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-09-13 4468056]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-10-22 787592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConsoleApplication5"="c:\programdata\ConsoleApplication5\ConsoleApplication5\1.0.0.0\msdcsc.exe" [2015-11-14 0]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 596016]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2015-10-18 104128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0"
.
R1 epp64;epp64;c:\eek\bin\epp64.sys;c:\eek\bin\epp64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 fwlanusb6_860;AVM FRITZ!WLAN AC 860;c:\windows\system32\DRIVERS\fwlanusb6_860.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb6_860.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 epp;epp;c:\program files\EMSISOFT INTERNET SECURITY\epp.sys;c:\program files\EMSISOFT INTERNET SECURITY\epp.sys [x]
S1 FWNDIS_LWF;Emsisoft NDIS packet filter;c:\windows\system32\DRIVERS\fwndislwf64.sys;c:\windows\SYSNATIVE\DRIVERS\fwndislwf64.sys [x]
S1 fwwfp;Emsisoft Firewall WFP Filter;c:\program files\Emsisoft Internet Security\fwwfp764.sys;c:\program files\Emsisoft Internet Security\fwwfp764.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Internet Security\a2service.exe;c:\program files\Emsisoft Internet Security\a2service.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NoIPDUCService4;NO-IP DUC v4.1.1;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2016-02-13 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-10 04:47]
.
2016-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19 04:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-13 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-13 1514528]
"emsisoft anti-malware"="c:\program files\emsisoft internet security\a2guard.exe" [2016-01-27 9235928]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://search.avira.net/#web/result?source=art&q=
uDefault_Search_URL = https://search.avira.net/#web/result?source=art&q=
mDefault_Search_URL = https://search.avira.net/#web/result?source=art&q=
mDefault_Page_URL = https://search.avira.net/#web/result?source=art&q=
mStart Page = https://search.avira.net/#web/result?source=art&q=
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://search.avira.net/#web/result?source=art&q=
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5F5F453A-D4F4-4706-A6F5-2CA516EBDD64}: NameServer = 37.221.175.198,95.169.183.219
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.goggle.de/
FF - prefs.js: network.proxy.ftp - 120.29.217.46
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 120.29.217.46
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 120.29.217.46
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 120.29.217.46
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updates.lnk - c:\programdata\sLcDNCe\lqbHBThsSg\1.1.2.1\Key.exe
HKLM_Wow6432Node-ActiveSetup-{L73XMP72-1623-4TXF-6O63-V78MING167X2} - c:\windows\install\server.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2016-02-16 11:48:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2016-02-16 10:48
.
Vor Suchlauf: 18 Verzeichnis(se), 755.984.183.296 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 755.259.285.504 Bytes frei
.
- - End Of File - - 879B65028A261CB47DB97350394507FE
A36C5E4F47E84449FF07ED3517B43A31
wenn ich jetzt im taskmanager gucke sind alle prozesse wieder normal,
aber wenn ich auf "prozesse alle benutzer" klicke sind es immernoch 62 stück,
vor combofix waren es 79 prozesse.
16.02.2016, 12:00
Baum-Darstellung