Obwohl ich mittlerweile Avira schon deinstalliert habe und stattdessen avast drauf habe zeigt mir combofix, dass avira desktop für antivirus und antispyware noch läuft! :wtf:
Ok, das Avira Problem habe ich gelöst und Combofix laufen lassen.
Hier das Logfile: Code:
ComboFix 13-09-10.01 - g780 10.09.2013 13:39:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1251.7.1031.18.8092.6342 [GMT 2:00]
Running from: c:\users\g780\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-08-10 to 2013-09-10 )))))))))))))))))))))))))))))))
.
.
2013-09-10 11:46 . 2013-09-10 11:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-10 11:46 . 2013-09-10 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-10 11:43 . 2013-09-10 11:43 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD642DE8-4505-4560-BCB7-9A94B65F24BF}\offreg.dll
2013-09-10 09:37 . 2013-09-10 09:37 -------- d-----w- c:\users\g780\AppData\Local\Apps
2013-09-10 09:35 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-10 09:35 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-10 09:35 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-10 09:35 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-10 09:35 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-10 09:35 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-10 09:35 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-10 09:35 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-10 09:35 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-10 09:34 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-10 09:34 . 2013-09-10 09:34 -------- d-----w- c:\program files\AVAST Software
2013-09-10 09:33 . 2013-09-10 09:34 -------- d-----w- c:\programdata\AVAST Software
2013-09-09 22:04 . 2013-09-09 22:04 -------- d-----w- c:\program files (x86)\ESET
2013-09-09 21:37 . 2013-09-09 21:37 -------- d-----w- c:\windows\ERUNT
2013-09-09 21:29 . 2013-09-10 09:09 -------- d-----w- C:\AdwCleaner
2013-09-09 19:11 . 2013-09-09 19:11 -------- d-----w- c:\users\g780\AppData\Roaming\Malwarebytes
2013-09-09 19:10 . 2013-09-09 19:10 -------- d-----w- c:\programdata\Malwarebytes
2013-09-09 19:10 . 2013-09-09 19:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-09 19:10 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-09 18:50 . 2013-09-09 18:50 -------- d-----w- C:\FRST
2013-09-06 17:08 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD642DE8-4505-4560-BCB7-9A94B65F24BF}\mpengine.dll
2013-08-14 00:52 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 00:52 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 00:52 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 00:52 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 00:52 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 00:52 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 00:52 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 00:52 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-27 03:08 . 2012-08-25 20:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-27 03:08 . 2012-08-25 20:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-14 01:02 . 2012-08-31 19:56 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-14 00:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-26 05:33 . 2013-06-26 05:33 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 05:33 . 2012-08-25 18:47 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 05:33 . 2012-08-25 18:47 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
2013-02-28 06:58 214896 ----a-w- c:\users\g780\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2011-12-09 548864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-07-03 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-25 337776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cpo.sys [x]
R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys;c:\windows\SYSNATIVE\DRIVERS\DamageGuardX64.sys [x]
R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [x]
R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys;c:\windows\SYSNATIVE\drivers\dgFltrX64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
S3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_acm.sys [x]
S3 zte_cdc_ecm;zte_cdc_ecm;c:\windows\system32\DRIVERS\zte_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_ecm.sys [x]
S3 zte_ecm_enum;ZTE All DC Enumerator;c:\windows\system32\DRIVERS\zte_ecm_enum.sys;c:\windows\SYSNATIVE\DRIVERS\zte_ecm_enum.sys [x]
S3 zte_ecm_enum_filter;zte_ecm_enum_filter;c:\windows\system32\DRIVERS\zte_ecm_enum_filter.sys;c:\windows\SYSNATIVE\DRIVERS\zte_ecm_enum_filter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-09-10 07:47]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 15:15]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 15:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-07-03 15:15 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-07-03 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-07-03 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-07-03 206176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 10.96.131.41
FF - ProfilePath - c:\users\g780\AppData\Roaming\Mozilla\Firefox\Profiles\bd2okbd1.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/|hxxp://www.funkysnooker.com/forums
FF - ExtSQL: 2013-09-10 11:35; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2102161896-4051846735-262110208-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-10 13:49:33
ComboFix-quarantined-files.txt 2013-09-10 11:49
.
Pre-Run: 13 Verzeichnis(se), 283.576.459.264 Bytes frei
Post-Run: 20 Verzeichnis(se), 284.389.945.344 Bytes frei
.
- - End Of File - - 79459EF75E18B22EFA65709B231618CE edit:
Ich habe ja jetzt Avira deinstalliert obwohl ich die infizierten Dateien darüber in Quarantäne hatte. Da war ich vielleicht etwas voreilig mit dem Aufspielen von avast! |