prinzcharmin | 13.12.2013 10:49 | Danke für die Antwort! Ich hatte möglichst alles deaktiviert, aber während ComboFix lief, kam ein Antivir-Popup, dass versucht wird die Registry zu bearbeiten. Ist das normal ? Code:
ComboFix 13-12-13.01 - Muhammed 13.12.2013 10:40:21.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.8078.6331 [GMT 1:00]
ausgeführt von:: c:\users\Muhammed\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.VBS
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-13 bis 2013-12-13 ))))))))))))))))))))))))))))))
.
.
2013-12-13 09:43 . 2013-12-13 09:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-13 09:43 . 2013-12-13 09:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-12 13:38 . 2013-10-19 05:45 62976 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 13:38 . 2013-10-19 04:04 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-12 13:38 . 2013-12-12 13:38 -------- d-----w- c:\program files\CCleaner
2013-12-12 13:38 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 13:37 . 2013-10-25 06:18 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-12 13:37 . 2013-10-25 06:17 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-12-12 13:37 . 2013-10-25 06:17 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-12-12 13:37 . 2013-10-25 04:43 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-12 13:37 . 2013-10-25 06:19 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-12-12 13:37 . 2013-10-25 06:17 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-12-12 13:35 . 2013-10-08 22:27 3279872 ----a-w- c:\windows\system32\wuaueng.dll
2013-12-12 13:34 . 2013-10-10 09:24 143872 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 13:34 . 2013-10-10 09:22 222720 ----a-w- c:\windows\system32\scrobj.dll
2013-12-12 13:34 . 2013-10-10 09:22 194048 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 13:34 . 2013-10-10 09:32 115712 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-12 13:34 . 2013-10-10 09:30 162304 ----a-w- c:\windows\SysWow64\scrobj.dll
2013-12-12 13:34 . 2013-10-10 09:30 156160 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-12 13:34 . 2013-10-10 09:23 146944 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 13:34 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2013-12-12 13:34 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-12 13:34 . 2013-11-23 06:43 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-12 13:34 . 2013-11-23 05:05 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-12 11:52 . 2013-12-12 11:52 -------- d-----w- C:\FRST
2013-12-04 13:24 . 2013-12-04 13:27 -------- d-----w- c:\program files\OpenVPN
2013-11-23 11:35 . 2013-11-23 11:35 280752 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-22 17:58 . 2013-12-12 11:35 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-11-20 10:00 . 2013-11-20 10:00 -------- d-----w- c:\users\Muhammed\AppData\Roaming\JKI
2013-11-20 08:45 . 2013-11-20 08:45 -------- d-----w- c:\users\Muhammed\AppData\Roaming\DVDVideoSoft
2013-11-20 08:45 . 2013-11-20 08:45 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-11-20 08:42 . 2013-11-20 08:42 -------- d-----w- c:\users\Muhammed\AppData\Local\Programs
2013-11-14 14:36 . 2013-10-10 09:21 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 14:36 . 2013-10-10 11:53 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-11-14 14:36 . 2013-10-10 09:20 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-11-14 14:35 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-11-14 14:35 . 2013-07-24 23:10 10799104 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll
2013-11-14 14:35 . 2013-08-30 05:20 1173504 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-11-14 14:35 . 2013-08-29 23:48 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2013-11-14 14:35 . 2013-09-13 22:33 328192 ----a-w- c:\windows\system32\ubpm.dll
2013-11-14 14:35 . 2013-08-10 06:30 151896 ----a-w- c:\windows\system32\drivers\tpm.sys
2013-11-14 14:35 . 2013-08-21 06:39 465240 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-11-14 14:35 . 2013-08-10 05:21 817152 ----a-w- c:\windows\system32\kerberos.dll
2013-11-14 14:35 . 2013-09-13 22:36 247296 ----a-w- c:\windows\SysWow64\ubpm.dll
2013-11-14 14:34 . 2013-08-30 05:43 61784 ----a-w- c:\windows\system32\drivers\crashdmp.sys
2013-11-14 14:34 . 2013-07-12 01:38 599040 ----a-w- c:\windows\system32\WSDApi.dll
2013-11-14 14:34 . 2013-07-12 01:30 485376 ----a-w- c:\windows\SysWow64\WSDApi.dll
2013-11-14 14:34 . 2013-08-10 03:58 656896 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-11-14 14:33 . 2013-10-02 23:25 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 14:33 . 2013-10-01 22:22 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-14 14:33 . 2013-10-01 23:37 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-14 14:33 . 2013-10-01 23:26 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 14:33 . 2013-09-04 03:11 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-14 14:33 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2013-11-14 14:33 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-14 14:33 . 2013-09-23 22:30 419328 ----a-w- c:\windows\system32\schannel.dll
2013-11-14 14:33 . 2013-09-23 22:30 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2013-11-14 14:33 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-14 14:33 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-13 12:36 . 2007-12-07 01:08 108032 ----a-w- c:\windows\system32\E_ILMCDE.DLL
2013-11-13 12:36 . 2007-12-07 01:01 81408 ----a-w- c:\windows\system32\E_IBCBCDE.DLL
2013-11-13 12:36 . 2005-02-02 11:05 8704 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-11-13 12:36 . 2013-11-13 12:37 -------- d-----w- c:\programdata\EPSON
2013-11-13 12:33 . 2013-11-13 12:33 -------- d-----w- c:\users\Muhammed\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-13 09:34 . 2013-11-02 15:02 62 ----a-w- c:\users\Muhammed\AppData\Roaming\sp_data.sys
2013-12-12 12:09 . 2013-11-02 17:35 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-12 12:09 . 2013-11-02 17:35 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-12 12:09 . 2013-11-02 17:35 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-04 00:53 . 2013-11-05 08:32 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2013-11-05 08:32 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-17 17:24 . 2013-11-02 20:55 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-02 15:02 . 2013-11-02 15:02 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-02 15:02 . 2013-11-02 15:02 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-02 14:59 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-10-10 18:14 . 2013-11-02 17:35 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-10-08 08:28 . 2013-10-08 08:28 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-02 15:17 222832 ----a-w- c:\users\Muhammed\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-02 15:17 222832 ----a-w- c:\users\Muhammed\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-02 15:17 222832 ----a-w- c:\users\Muhammed\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Muhammed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Muhammed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Muhammed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="d:\labview\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2013-04-19 847000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2013-04-25 3187360]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe" [2012-12-19 3576784]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]
"NI Update Service"="d:\labview\Shared\Update Service\NIUpdateService.exe" [2013-05-28 857888]
.
c:\users\Muhammed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Muhammed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
NI Error Reporting.lnk - d:\labview\Shared\NI Error Reporting\nierserver.exe [2013-6-7 663896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;d:\labview\Shared\NI WebServer\ApplicationWebServer.exe;d:\labview\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;d:\labview\Shared\mDNS Responder\nimdnsResponder.exe;d:\labview\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NINetworkDiscovery;NI Network Discovery;d:\labview\Shared\NI Network Discovery\niDiscSvc.exe;d:\labview\Shared\NI Network Discovery\niDiscSvc.exe [x]
S2 NISystemWebServer;NI System Web Server;d:\labview\Shared\NI WebServer\SystemWebServer.exe;d:\labview\Shared\NI WebServer\SystemWebServer.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 13:18 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 15:07]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 15:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-02 15:17 261744 ----a-w- c:\users\Muhammed\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-02 15:17 261744 ----a-w- c:\users\Muhammed\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-02 15:17 261744 ----a-w- c:\users\Muhammed\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Muhammed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Muhammed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Muhammed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Muhammed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-13 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-13 399984]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-30 13550152]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-12-13 10:45:27
ComboFix-quarantined-files.txt 2013-12-13 09:45
.
Vor Suchlauf: 10 Verzeichnis(se), 235.464.265.728 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 235.205.345.280 Bytes frei
.
- - End Of File - - 29B441CA5F2F7900FE1C41BEFCFFE19E Gruß! |