MillionInc | 21.07.2013 12:47 | Hallo Ryder
danke nochmal, der normale Boot hat funktioniert und anbei beide logs : Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by SYSTEM at 2013-07-22 13:21:57 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
HKU\MillionInc\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\MillionInc\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\MillionInc\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\MillionInc\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\MillionInc\AppData\Local\2433f433 => Moved successfully.
C:\ProgramData\ej7r3.* => Moved successfully.
==== End of Fixlog ==== Code:
ComboFix 13-07-20.03 - MillionInc 22.07.2013 13:36:25.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8089.6254 [GMT 2:00]
ausgeführt von:: c:\users\MillionInc\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\caOnutinuetOOsave
c:\programdata\caOnutinuetOOsave\518aed5a19b2c.dll
c:\programdata\caOnutinuetOOsave\518aed5a19b2c.tlb
c:\programdata\caOnutinuetOOsave\data\caOnutinuetOOsave.dat
c:\programdata\caOnutinuetOOsave\settings.ini
c:\programdata\caOnutinuetOOsave\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\caOnutinuetOOsave
c:\programdata\Microsoft\Windows\Start Menu\Programs\caOnutinuetOOsave\caOnutinuetOOsave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\caOnutinuetOOsave\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\ntuser.dat
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\518aed6f66061.dll
c:\programdata\SearchNewTab\518aed6f66061.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\users\MillionInc\AppData\Roaming\PnkBstrB.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-22 bis 2013-07-22 ))))))))))))))))))))))))))))))
.
.
2013-07-22 11:42 . 2013-07-22 11:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-22 11:42 . 2013-07-22 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-22 00:03 . 2013-07-22 00:03 -------- d-----w- C:\FRST
2013-07-21 13:02 . 2013-07-21 15:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-07-12 16:17 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37E39DD3-9661-4B71-B4A2-1E9E9C522271}\mpengine.dll
2013-07-11 16:22 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 16:10 . 2012-08-22 16:03 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-14 12:22 . 2012-08-21 16:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-14 12:22 . 2012-03-15 06:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 12:22 . 2012-08-21 17:19 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-13 05:51 . 2013-06-13 20:27 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 20:27 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 20:27 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 20:27 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 20:27 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 20:27 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 20:27 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-13 20:27 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 20:27 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 20:27 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-13 20:27 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 20:27 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-13 20:27 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-07 21:14 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-07 18:29 . 2013-05-07 18:29 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-07 18:29 . 2013-05-07 18:29 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-07 18:29 . 2013-05-07 18:29 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-07 18:29 . 2013-05-07 18:29 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-07 18:29 . 2013-05-07 18:29 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-07 18:29 . 2013-05-07 18:29 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-07 18:29 . 2013-05-07 18:29 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-07 18:29 . 2013-05-07 18:29 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-07 18:29 . 2013-05-07 18:29 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-07 18:29 . 2013-05-07 18:29 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-07 18:29 . 2013-05-07 18:29 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-07 18:29 . 2013-05-07 18:29 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-07 18:29 . 2013-05-07 18:29 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-07 18:29 . 2013-05-07 18:29 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-07 18:29 . 2013-05-07 18:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-07 18:29 . 2013-05-07 18:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-07 18:29 . 2013-05-07 18:29 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-07 18:29 . 2013-05-07 18:29 441856 ----a-w- c:\windows\system32\html.iec
2013-05-07 18:29 . 2013-05-07 18:29 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-07 18:29 . 2013-05-07 18:29 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-07 18:29 . 2013-05-07 18:29 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-07 18:29 . 2013-05-07 18:29 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 18:29 . 2013-05-07 18:29 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-07 18:29 . 2013-05-07 18:29 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-07 18:29 . 2013-05-07 18:29 235008 ----a-w- c:\windows\system32\url.dll
2013-05-07 18:29 . 2013-05-07 18:29 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-07 18:29 . 2013-05-07 18:29 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-07 18:29 . 2013-05-07 18:29 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-07 18:29 . 2013-05-07 18:29 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-07 18:29 . 2013-05-07 18:29 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-07 18:29 . 2013-05-07 18:29 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-07 18:29 . 2013-05-07 18:29 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-07 18:29 . 2013-05-07 18:29 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-07 18:29 . 2013-05-07 18:29 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 18:29 . 2013-05-07 18:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-07 18:29 . 2013-05-07 18:29 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-07 18:29 . 2013-05-07 18:29 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-07 18:29 . 2013-05-07 18:29 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-07 18:29 . 2013-05-07 18:29 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-07 18:29 . 2013-05-07 18:29 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-07 18:29 . 2013-05-07 18:29 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-07 18:29 . 2013-05-07 18:29 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-07 18:29 . 2013-05-07 18:29 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-07 18:29 . 2013-05-07 18:29 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-07 18:29 . 2013-05-07 18:29 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-07 18:29 . 2013-05-07 18:29 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-07 18:29 . 2013-05-07 18:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-07 18:29 . 2013-05-07 18:29 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-07 18:29 . 2013-05-07 18:29 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-13 20:27 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-13 20:27 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-13 20:27 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\MillionInc\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-20 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-11-03 5499392]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]
"KLM"="c:\program files (x86)\MSI\KLM\KLM.exe" [2011-12-19 1522376]
"VGAOCAP"="c:\program files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe" [2012-01-31 88576]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-10-13 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-10-13 230696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\MillionInc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\MillionInc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-3-8 549888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BlueStacks Agent"=c:\program files (x86)\BlueStacks\HD-Agent.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"NortonOnlineBackup"=c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 12:22]
.
2013-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-292428003-2259065586-3797903103-1001Core.job
- c:\users\MillionInc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-20 18:38]
.
2013-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-292428003-2259065586-3797903103-1001UA.job
- c:\users\MillionInc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-20 18:38]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292428003-2259065586-3797903103-1001Core.job
- c:\users\MillionInc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 14:46]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292428003-2259065586-3797903103-1001UA.job
- c:\users\MillionInc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 14:46]
.
2013-07-22 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-05-08 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/08&hid=888326732&lg=EN&cc=DE&unqvl=14
mStart Page = hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/08&hid=888326732&lg=EN&cc=DE&unqvl=14
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=c047d7ed-0bb6-4a93-b748-006ee26faed4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate={installDate}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\MillionInc\AppData\Roaming\Mozilla\Firefox\Profiles\4ozl9kal.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/08&hid=888326732&lg=EN&cc=DE&unqvl=14&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/08&hid=888326732&lg=EN&cc=DE&unqvl=14
FF - prefs.js: keyword.URL - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/08&hid=888326732&lg=EN&cc=DE&unqvl=14&l=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{77668751-0385-2D5F-7347-81DE56F58210} - c:\programdata\caOnutinuetOOsave\518aed5a19b2c.dll
BHO-{B201577E-F4E6-CDCC-2BCA-4DB98D84A642} - c:\programdata\SearchNewTab\518aed6f66061.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SpybotSD TeaTimer - c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\caOnutinuetOOsave\uninstall.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-22 13:44:02
ComboFix-quarantined-files.txt 2013-07-22 11:44
.
Vor Suchlauf: 12 Verzeichnis(se), 218.491.875.328 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 218.396.487.680 Bytes frei
.
- - End Of File - - 17BE00D14350ABDA1230B58DE56A35E3
D41D8CD98F00B204E9800998ECF8427E |