MasterofDesa | 21.12.2012 13:28 | Erst einmal schönen guten Morgen,
Der PC wurde nach dem Combofix Programmstart nach einer gewissen Zeit automatisch neugestartet. Beim Neustart wurden die Dateien erfolgreich hochgeladen.
Hier schon mal die Log Datei: Code:
Combofix Logfile:
Code:
ComboFix 12-12-20.02 - Paul 21.12.2012 13:04:46.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.7863.6072 [GMT 1:00]
ausgeführt von:: c:\users\Paul\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Paul\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\rasdlgr.dll
c:\windows\Tasks\vlpwcvxy.job
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-21 bis 2012-12-21 ))))))))))))))))))))))))))))))
.
.
2012-12-17 18:26 . 2012-12-17 18:26 -------- d-----w- c:\programdata\Malwarebytes
2012-12-17 18:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-17 18:26 . 2012-12-17 18:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-17 16:10 . 2012-12-17 16:52 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-17 16:05 . 2012-12-17 16:05 -------- d--h--w- c:\programdata\Common Files
2012-12-17 15:42 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\1075.tmp
2012-12-17 15:27 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\3745.tmp
2012-12-17 15:27 . 2012-12-18 16:06 -------- d-----w- c:\program files (x86)\Sophos
2012-12-15 21:18 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-15 21:18 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-15 21:18 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-15 21:18 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-15 21:07 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E873CAC6-FFA6-4978-B0AC-EAE45A734D76}\mpengine.dll
2012-12-15 20:56 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-15 20:56 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-15 20:56 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-15 20:56 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-15 20:56 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-15 20:56 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-15 20:56 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-15 20:55 . 2012-12-18 16:06 -------- d-----w- c:\program files (x86)\Happyneuron
2012-12-15 20:50 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-15 20:50 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 20:50 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-15 20:50 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 20:50 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-12-15 20:50 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-12-15 20:50 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-15 20:50 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-12-15 20:48 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-12-15 20:47 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-12-15 20:47 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-12-15 20:47 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-12-15 20:47 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-12-15 20:47 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-12-15 20:47 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-12-15 20:47 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-12-15 20:47 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-12-15 20:47 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-12-15 20:47 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-12-15 20:47 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-12-15 20:47 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-12-15 20:47 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-12-15 20:38 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-12-15 20:38 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-12-15 20:38 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-12-15 20:38 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-12-15 20:38 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-12-15 20:38 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-12-01 21:00 . 2012-12-17 16:10 -------- d-----w- c:\programdata\TuneUp Software
2012-12-01 20:56 . 2012-05-16 17:00 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-12-01 20:46 . 2012-12-17 16:52 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-12-01 20:36 . 2007-04-04 17:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll
2012-12-01 20:35 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-12-01 20:35 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-12-01 20:35 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-12-01 20:35 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-12-01 20:33 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-12-01 20:33 . 2012-12-01 20:34 -------- d-----w- C:\Directx
2012-12-01 20:33 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-12-01 20:33 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-12-01 20:33 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-12-01 20:33 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-12-01 20:33 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-12-01 20:33 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-12-01 20:31 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-12-01 20:30 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-12-01 20:23 . 2012-03-28 20:20 -------- d-----w- c:\programdata\MAGIX
2012-12-01 20:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-12-01 20:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-12-01 20:02 . 2012-12-15 21:28 -------- d-----w- c:\programdata\Microsoft Help
2012-12-01 19:54 . 2012-06-09 10:32 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-12-01 19:54 . 2012-06-16 15:51 -------- d-----w- c:\program files\DivX
2012-12-01 19:53 . 2012-06-16 15:51 -------- d-----w- c:\program files (x86)\DivX
2012-12-01 19:52 . 2012-06-16 15:51 -------- d-----w- c:\programdata\DivX
2012-12-01 19:51 . 2012-12-01 19:51 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-12-01 19:50 . 2012-05-19 12:54 -------- d-----w- c:\program files\Adobe
2012-12-01 19:49 . 2012-12-01 19:50 -------- d-----w- c:\program files\Common Files\Adobe
2012-12-01 19:44 . 2012-05-19 12:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-12-01 19:42 . 2012-12-01 19:42 -------- d-----w- c:\program files (x86)\Audacity
2012-12-01 19:40 . 2012-12-01 19:40 -------- d-----w- c:\program files (x86)\VideoLAN
2012-12-01 18:47 . 2012-12-01 18:47 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-12-01 18:47 . 2012-12-01 18:47 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-12-01 18:46 . 2012-12-15 21:06 200384 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2012-12-01 18:45 . 2012-12-01 18:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-12-01 18:35 . 2012-12-01 18:35 -------- d-----w- c:\program files\Elantech
2012-12-01 18:35 . 2010-04-13 10:15 135560 ----a-w- c:\windows\system32\drivers\ETD.sys
2012-12-01 18:35 . 2010-02-03 06:03 4677512 ----a-w- c:\windows\system32\ETDUI.cpl
2012-12-01 18:25 . 2012-12-01 18:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-12-01 17:05 . 2012-12-14 18:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-01 17:05 . 2012-12-01 17:05 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-01 17:05 . 2012-12-01 17:05 -------- d-----w- c:\windows\system32\Macromed
2012-12-01 16:38 . 2009-11-18 08:03 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-12-01 16:37 . 2012-12-01 16:37 -------- d-----w- c:\windows\SysWow64\sda
2012-12-01 16:37 . 2010-07-20 09:42 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2012-12-01 16:37 . 2012-12-20 17:27 -------- d-sh--w- c:\windows\Installer
2012-12-01 16:36 . 2010-09-22 01:47 243712 ----a-r- c:\windows\system32\drivers\RtsUStor.sys
2012-12-01 16:36 . 2010-07-20 09:42 9112168 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-12-01 16:34 . 2012-01-28 13:36 -------- d-----w- c:\program files (x86)\Intel
2012-12-01 16:34 . 2012-01-10 20:19 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-12-01 16:34 . 2012-01-10 20:19 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-12-01 16:34 . 2012-01-10 20:18 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-12-01 16:34 . 2010-07-20 00:14 90112 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
2012-12-01 16:33 . 2009-09-17 05:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-12-01 16:32 . 2010-05-11 10:11 2229608 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-11-26 19:29 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 16:18 . 2012-11-24 16:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-24 16:18 . 2012-11-24 16:18 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 18:19 . 2012-04-07 08:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 14:58 . 2009-10-14 05:12 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-12-15 20:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-15 20:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-15 20:49 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:08 . 2012-10-09 17:09 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-10-04 16:40 . 2012-12-15 20:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETD Control Center"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 649608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1075.tmp [2009-06-18 6144]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 OAfilt;OAfilt;c:\windows\system32\drivers\OAfilt.sys [2010-03-09 27136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 243712]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-28 868848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys [2010-05-14 343080]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:19]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 17:10]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 17:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"EzPrint"="c:\program files (x86)\Lexmark Pro700 Series\ezprint.exe" [2011-01-23 148280]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page =
uStart Page = hxxp://de.ask.com/?l=dis&o=102875&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8DE48309-9898-46A9-B8FC-639DDB3B91BA}: NameServer = 192.168.178.103,192.168.178.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\fyuzp2lz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - ExtSQL: 2012-12-17 17:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\fyuzp2lz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1075.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*za]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*za\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*za]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,3a,5c,4d,75,73,69,6b,5c,53,6f,6e,73,74,69,67,65,5c,41,6c,65,78,20,
43,2e,20,2d,20,44,75,20,48,61,73,74,20,64,65,6e,20,73,63,68,c3,b6,6e,73,74,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,40,05,e0,bf,03,b5,e5,38,0f,e4,b9,ba,c4,4b,4e,db,6a,ef,98,fe,
9d,f9,f6,ed,88,1e,53,da,35,3d,f8,ad,e7,fa,2e,a2,2f,4d,5f,f3,80,51,61,ae,5e,\
"rkeysecu"=hex:44,b1,ac,69,d8,8a,a4,33,a3,ec,6f,3d,82,95,e5,cf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\xampp\mysql\bin\mysqld.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-21 13:15:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-21 12:15
.
Vor Suchlauf: 12 Verzeichnis(se), 433.211.285.504 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 432.955.490.304 Bytes frei
.
- - End Of File - - 4E8EADC4B918F1120CAF1C8D86E9FC04 --- --- ---
Hochladen war erfolgreich Die Dateien in dem Ordner werde ich gleich hochladen.
Das Sicherheitscenter, welches Deaktiviert war und nicht Aktiviert werden konnte ist nun wieder aktiviert (Die Warnmeldung unten in der Taskleiste ist verschwunden)
Mit freundlichen Grüßen,
MasterofDesaster |