ComboFix habe ich auch schon mal gestartet. AdwCleaner habe ich auch schon gestartet, falls das nun als nächstes kommen sollte: hatte 0 Funde.
Wenn ich jetzt nichts übersehen habe, wurde nirgendwo was gefunden aber der conhost.exe Prozess zu Beginn kommt weiterhin wie von Geisterhand(den ich danach sofort beende). Entweder das ist ne neue Variante von diesen dubiosen Bitcoin Minern oder... tja keine Ahnung. Code:
ComboFix 13-07-27.01 - pho 28.07.2013 18:24:21.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2526 [GMT 2:00]
ausgeführt von:: d:\eigene dateien\Download\-clean\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-28 bis 2013-07-28 ))))))))))))))))))))))))))))))
.
.
2013-07-28 16:32 . 2013-07-28 16:32 -------- d-----w- c:\users\UpdatusUser.pho-PC\AppData\Local\temp
2013-07-28 16:32 . 2013-07-28 16:32 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-07-28 16:32 . 2013-07-28 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-27 18:51 . 2013-07-27 18:51 -------- d-----w- c:\program files\CCleaner
2013-07-27 14:47 . 2013-07-27 14:47 -------- d-----w- c:\users\pho\AppData\Local\GHISLER
2013-07-27 14:37 . 2013-07-27 14:37 -------- d-----w- C:\FRST
2013-07-27 13:04 . 2013-07-27 13:05 -------- d-----w- C:\totalcmd
2013-07-27 13:04 . 2013-07-27 13:04 -------- d-----w- c:\users\pho\AppData\Roaming\GHISLER
2013-07-27 02:04 . 2013-07-28 09:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-27 01:57 . 2013-07-27 01:57 -------- d-----w- c:\users\pho\AppData\Roaming\Malwarebytes
2013-07-27 01:57 . 2013-07-27 01:57 -------- d-----w- c:\programdata\Malwarebytes
2013-07-27 01:57 . 2013-07-27 01:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-27 01:57 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-26 12:18 . 2013-07-26 12:18 -------- d-----w- c:\users\pho\AppData\Local\Harebrained Schemes
2013-07-26 12:18 . 2013-07-26 12:18 -------- d-----w- c:\users\pho\AppData\Local\EMU
2013-07-26 11:45 . 2013-07-27 01:28 10240 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
2013-07-26 11:45 . 2013-07-27 01:28 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-07-26 11:45 . 2013-07-27 01:28 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-07-26 11:45 . 2013-07-27 01:28 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll
2013-07-26 11:45 . 2013-07-27 01:28 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-07-26 11:45 . 2013-07-27 01:28 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-07-26 11:45 . 2013-07-27 01:28 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-07-26 11:01 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC417289-610B-41A3-AA08-EED3BAFA1C60}\mpengine.dll
2013-07-24 16:40 . 2013-07-24 16:40 -------- d-----w- c:\program files\Paint.NET
2013-07-24 16:39 . 2013-07-24 16:45 -------- d-----w- c:\users\pho\AppData\Local\Paint.NET
2013-07-21 21:52 . 2013-07-21 22:35 -------- d-----w- c:\users\pho\AppData\Roaming\GitHub
2013-07-21 21:40 . 2013-07-21 22:01 -------- d-----w- c:\users\pho\AppData\Local\GitHub
2013-07-21 17:04 . 2013-07-21 17:04 -------- d-----w- c:\program files (x86)\Android
2013-07-20 23:29 . 2013-07-21 02:18 -------- d-----w- c:\users\pho\AppData\Roaming\CodeBlocks
2013-07-20 23:29 . 2013-07-20 23:29 -------- d-----w- c:\program files (x86)\CodeBlocks
2013-07-19 14:08 . 2013-07-19 14:08 -------- d-----w- c:\program files (x86)\JSmooth 0.9.9-7
2013-07-19 00:54 . 2013-07-19 00:54 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-18 17:09 . 2013-07-18 17:09 -------- d-----w- c:\users\pho\.netbeans-derby
2013-07-18 15:55 . 2013-07-18 15:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-18 15:55 . 2013-07-18 15:55 -------- d-----w- c:\program files (x86)\Java
2013-07-18 14:21 . 2013-07-18 14:21 -------- d-----w- c:\users\pho\AppData\Roaming\NetBeans
2013-07-18 14:21 . 2013-07-18 14:21 -------- d-----w- c:\users\pho\AppData\Local\NetBeans
2013-07-18 14:14 . 2013-07-18 14:15 -------- d-----w- c:\program files\glassfish-4.0
2013-07-18 14:09 . 2013-07-19 10:58 -------- d-----w- c:\program files\NetBeans 7.4 Beta
2013-07-18 14:08 . 2013-07-18 14:08 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-18 14:08 . 2013-07-18 14:08 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-18 14:08 . 2013-07-18 14:08 188840 ----a-w- c:\windows\system32\java.exe
2013-07-18 14:08 . 2013-07-18 14:08 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-18 14:01 . 2013-07-18 14:21 -------- d-----w- c:\users\pho\.nbi
2013-07-18 12:07 . 2013-07-18 12:07 -------- d-----w- c:\users\pho\.swt
2013-07-18 11:51 . 2013-07-24 15:12 -------- d-----w- c:\users\pho\AppData\Local\Eclipse
2013-07-17 13:20 . 2013-07-17 13:20 -------- d-----w- c:\users\pho\AppData\Roaming\DevJET
2013-07-17 13:20 . 2013-07-17 13:20 -------- d-----w- c:\users\pho\AppData\Local\Embarcadero
2013-07-17 13:17 . 2011-08-28 03:00 506880 ----a-w- c:\windows\SysWow64\CodeSiteExpressPkg160.bpl
2013-07-17 13:17 . 2013-07-17 13:17 -------- d-----w- c:\programdata\Raize
2013-07-17 13:17 . 2011-08-28 03:00 36352 ----a-w- c:\windows\SysWow64\CodeSitePlugIns150.bpl
2013-07-17 13:17 . 2010-11-03 14:55 2457088 ----a-w- c:\windows\SysWow64\vcl150.bpl
2013-07-17 13:17 . 2010-11-03 14:55 2150400 ----a-w- c:\windows\SysWow64\rtl150.bpl
2013-07-17 13:17 . 2013-07-17 13:17 -------- d-----w- c:\program files (x86)\Raize
2013-07-17 13:01 . 2007-09-11 12:21 150528 ----a-w- c:\windows\SysWow64\TLBINF32.dll
2013-07-17 13:01 . 2013-07-17 13:01 -------- d-----w- c:\programdata\VSoft
2013-07-17 13:01 . 2013-07-17 13:01 -------- d-----w- c:\program files (x86)\FinalBuilder 7 XE2
2013-07-17 13:01 . 2013-07-17 13:01 -------- d-----w- c:\program files (x86)\Common Files\VSoft
2013-07-17 12:43 . 2013-07-17 12:43 -------- d-----w- c:\windows\SysWow64\Visual Studio 2008
2013-07-17 12:42 . 2013-07-17 12:59 -------- dc-h--w- c:\programdata\{EDA307AA-B5A4-4524-B840-2914497A9C3C}
2013-07-17 12:42 . 2011-08-15 07:10 1312768 ----a-w- c:\windows\SysWow64\Rave100VCL160.bpl
2013-07-17 12:42 . 2013-07-17 12:42 -------- d-----w- c:\program files (x86)\CollabNet
2013-07-17 12:42 . 2013-07-17 12:42 -------- d-----w- c:\program files (x86)\DevJet
2013-07-17 12:42 . 2013-07-17 12:42 -------- d-----w- c:\program files (x86)\FastReports
2013-07-17 12:39 . 2013-07-17 12:41 -------- dc-h--w- c:\programdata\{35EE5E86-AC52-4478-8471-0F555B0FB415}
2013-07-17 12:33 . 2013-07-17 12:33 -------- d-----w- c:\program files (x86)\Common Files\CodeGear Shared
2013-07-17 12:33 . 2013-07-17 12:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2013-07-17 12:33 . 2013-07-17 13:19 -------- d-----w- c:\programdata\Embarcadero
2013-07-17 12:33 . 2013-07-17 13:18 -------- d-----w- c:\users\pho\AppData\Roaming\Embarcadero
2013-07-17 12:32 . 2013-07-17 12:32 -------- d-----w- c:\program files (x86)\Embarcadero
2013-07-17 12:12 . 2013-07-17 13:00 -------- d--h--w- c:\programdata\{46A13B26-D605-4DC3-8770-D0F4A0C3565D}
2013-07-16 14:29 . 2013-07-16 14:29 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-15 23:41 . 2013-07-28 16:20 -------- d-----w- c:\users\pho\AppData\Roaming\.purple
2013-07-15 23:41 . 2013-07-15 23:41 -------- d-----w- c:\program files (x86)\Pidgin
2013-07-15 15:02 . 2013-07-15 15:02 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-15 15:02 . 2013-07-15 15:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-14 17:02 . 2013-07-14 17:02 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2013-07-12 15:59 . 2013-07-12 15:59 -------- d-----w- c:\program files (x86)\WinUAE
2013-07-12 10:57 . 2013-07-14 00:06 -------- d-----w- c:\users\pho\AppData\Roaming\Onlink
2013-07-12 10:57 . 2013-07-12 10:57 -------- d-----w- c:\program files (x86)\Onlink
2013-07-10 14:48 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-04 12:53 . 2013-07-04 23:54 1089792 ----a-w- c:\programdata\Microsoft\WDExpress\11.0\1031\ResourceCache.dll
2013-07-04 12:53 . 2013-07-04 12:53 -------- d-----w- c:\windows\SysWow64\Visual Studio 2012
2013-07-04 12:53 . 2013-07-04 12:53 -------- d-----w- c:\program files (x86)\NuGet
2013-07-04 12:51 . 2013-07-04 13:11 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2013-07-04 12:50 . 2013-07-04 12:50 -------- d-----w- c:\windows\symbols
2013-07-04 12:49 . 2013-07-04 12:49 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2013-07-04 12:49 . 2013-07-04 12:49 -------- d-----w- c:\program files (x86)\Windows Kits
2013-07-04 12:48 . 2013-07-04 12:48 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2013-07-04 12:48 . 2013-07-04 13:07 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-07-04 12:48 . 2013-07-04 12:48 -------- d-----w- c:\windows\SysWow64\1033
2013-07-04 12:48 . 2013-07-04 12:48 -------- d-----w- c:\windows\SysWow64\1031
2013-07-04 12:48 . 2013-07-04 12:48 -------- d-----w- c:\windows\system32\1033
2013-07-04 12:48 . 2013-07-04 12:48 -------- d-----w- c:\windows\system32\1031
2013-07-04 12:48 . 2013-07-04 12:48 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-07-04 12:48 . 2013-07-04 12:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-07-04 12:47 . 2013-07-04 13:07 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 15:55 . 2013-03-15 11:19 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-18 15:55 . 2013-03-15 11:19 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-18 14:08 . 2012-11-27 17:49 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-18 14:08 . 2012-11-27 17:49 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-11 08:54 . 2012-11-27 16:37 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-25 12:35 . 2012-12-02 04:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-25 11:24 . 2013-05-30 16:22 25640 ----a-w- c:\windows\etdrv.sys
2013-06-25 11:24 . 2013-05-30 16:22 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-06-25 11:24 . 2013-05-30 16:13 25640 ----a-w- c:\windows\gdrv.sys
2013-06-21 12:06 . 2013-05-31 11:49 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-05-31 11:49 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-05-31 11:48 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-05-31 11:48 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-05-31 11:48 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-05-31 11:48 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-05-31 11:48 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 10:23 . 2013-05-31 11:50 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-05-31 11:50 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-05-31 11:50 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-05-31 11:50 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-05-31 11:50 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-05-31 11:50 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-20 04:17 . 2013-05-31 11:50 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
2013-06-11 19:46 . 2012-11-14 23:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 19:46 . 2012-11-14 23:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-09 17:53 . 2013-06-09 17:53 83024 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2013-06-09 17:53 . 2013-06-09 17:53 83016 ----a-w- c:\windows\SysWow64\mfcm110.dll
2013-06-09 17:53 . 2013-06-09 17:53 8247888 ----a-w- c:\windows\SysWow64\mfc110ud.dll
2013-06-09 17:53 . 2013-06-09 17:53 8177224 ----a-w- c:\windows\SysWow64\mfc110d.dll
2013-06-09 17:53 . 2013-06-09 17:53 74832 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2013-06-09 17:53 . 2013-06-09 17:53 74832 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2013-06-09 17:53 . 2013-06-09 17:53 73808 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2013-06-09 17:53 . 2013-06-09 17:53 72784 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2013-06-09 17:53 . 2013-06-09 17:53 70736 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2013-06-09 17:53 . 2013-06-09 17:53 65104 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2013-06-09 17:53 . 2013-06-09 17:53 53840 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2013-06-09 17:53 . 2013-06-09 17:53 53328 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2013-06-09 17:53 . 2013-06-09 17:53 46160 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2013-06-09 17:53 . 2013-06-09 17:53 46160 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2013-06-09 17:53 . 2013-06-09 17:53 4456520 ----a-w- c:\windows\SysWow64\mfc110u.dll
2013-06-09 17:53 . 2013-06-09 17:53 4421192 ----a-w- c:\windows\SysWow64\mfc110.dll
2013-06-09 17:53 . 2013-06-09 17:53 164424 ----a-w- c:\windows\SysWow64\atl110.dll
2013-06-09 17:53 . 2013-06-09 17:53 111696 ----a-w- c:\windows\SysWow64\mfcm110d.dll
2013-06-09 17:53 . 2013-06-09 17:53 110672 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
2013-06-09 13:59 . 2013-06-09 13:59 90192 ----a-w- c:\windows\system32\mfcm110u.dll
2013-06-09 13:59 . 2013-06-09 13:59 90184 ----a-w- c:\windows\system32\mfcm110.dll
2013-06-09 13:59 . 2013-06-09 13:59 74832 ----a-w- c:\windows\system32\mfc110fra.dll
2013-06-09 13:59 . 2013-06-09 13:59 74832 ----a-w- c:\windows\system32\mfc110deu.dll
2013-06-09 13:59 . 2013-06-09 13:59 73808 ----a-w- c:\windows\system32\mfc110esn.dll
2013-06-09 13:59 . 2013-06-09 13:59 72784 ----a-w- c:\windows\system32\mfc110ita.dll
2013-06-09 13:59 . 2013-06-09 13:59 70736 ----a-w- c:\windows\system32\mfc110rus.dll
2013-06-09 13:59 . 2013-06-09 13:59 65104 ----a-w- c:\windows\system32\mfc110enu.dll
2013-06-09 13:59 . 2013-06-09 13:59 5619784 ----a-w- c:\windows\system32\mfc110u.dll
2013-06-09 13:59 . 2013-06-09 13:59 5592648 ----a-w- c:\windows\system32\mfc110.dll
2013-06-09 13:59 . 2013-06-09 13:59 53840 ----a-w- c:\windows\system32\mfc110jpn.dll
2013-06-09 13:59 . 2013-06-09 13:59 53328 ----a-w- c:\windows\system32\mfc110kor.dll
2013-06-09 13:59 . 2013-06-09 13:59 46160 ----a-w- c:\windows\system32\mfc110cht.dll
2013-06-09 13:59 . 2013-06-09 13:59 46160 ----a-w- c:\windows\system32\mfc110chs.dll
2013-06-09 13:59 . 2013-06-09 13:59 192584 ----a-w- c:\windows\system32\atl110.dll
2013-06-09 13:59 . 2013-06-09 13:59 120912 ----a-w- c:\windows\system32\mfcm110d.dll
2013-06-09 13:59 . 2013-06-09 13:59 119376 ----a-w- c:\windows\system32\mfcm110ud.dll
2013-06-09 13:59 . 2013-06-09 13:59 10932304 ----a-w- c:\windows\system32\mfc110ud.dll
2013-06-09 13:59 . 2013-06-09 13:59 10860616 ----a-w- c:\windows\system32\mfc110d.dll
2013-05-27 13:02 . 2013-05-29 17:22 18464 ----a-w- c:\windows\system32\drivers\awealloc.sys
2013-05-27 13:02 . 2013-05-29 17:22 41000 ----a-w- c:\windows\system32\drivers\imdisk.sys
2013-05-27 13:02 . 2013-05-29 17:22 11776 ----a-w- c:\windows\system32\imdsksvc.exe
2013-05-27 13:02 . 2013-05-29 17:22 44544 ----a-w- c:\windows\system32\imdisk.exe
2013-05-27 13:02 . 2013-05-29 17:22 40448 ----a-w- c:\windows\SysWow64\imdisk.exe
2013-05-27 13:02 . 2013-05-29 17:22 105472 ----a-w- c:\windows\system32\imdisk.cpl
2013-05-27 13:02 . 2013-05-29 17:22 94720 ----a-w- c:\windows\SysWow64\imdisk.cpl
2013-05-13 05:51 . 2013-06-12 10:21 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 10:21 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 10:21 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 10:21 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 10:21 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 10:21 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 10:21 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 10:21 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:21 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:21 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-12 21:42 . 2013-05-31 11:48 1832224 ----a-w- c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-05-31 11:48 1511712 ----a-w- c:\windows\system32\nvdispgenco6432018.dll
2013-05-10 05:49 . 2013-06-12 10:21 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 10:21 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 10:21 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-11 19:58 . 2013-04-11 19:58 14880256 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:35 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:35 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:35 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 759384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\pho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
JoyToKey.lnk - d:\joy2key\JoyToKey.exe [2003-1-4 636928]
PhonerLite.lnk - c:\program files (x86)\PhonerLite\PhonerLite.exe [2012-11-15 3058680]
SparkleShare.lnk - c:\program files (x86)\SparkleShare\SparkleShare.exe [2012-12-6 585216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 CM2793;CM2793 Filter;c:\windows\system32\DRIVERS\CM2793.sys;c:\windows\SYSNATIVE\DRIVERS\CM2793.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys;c:\windows\SYSNATIVE\DRIVERS\awealloc.sys [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys;c:\windows\SYSNATIVE\DRIVERS\imdisk.sys [x]
S2 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe;c:\windows\SYSNATIVE\imdsksvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys;c:\windows\SYSNATIVE\DRIVERS\PPJoyBus64.sys [x]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys;c:\windows\SYSNATIVE\DRIVERS\PPortJoy64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 01:54 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-14 19:46]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 23:26]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 23:26]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2445318442-2371699524-3787205221-1000Core.job
- c:\users\pho\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-21 20:14]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2445318442-2371699524-3787205221-1000UA.job
- c:\users\pho\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-21 20:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:33 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:33 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:33 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: LastPass - file://c:\users\pho\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Ausfüllformulare - file://c:\users\pho\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.42.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\pho\AppData\Roaming\Mozilla\Firefox\Profiles\gm7vovva.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-31 14:09; {d9284e50-81fc-11da-a72b-0800200c9a66}; c:\users\pho\AppData\Roaming\Mozilla\Firefox\Profiles\gm7vovva.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-07-21 20:02; gwt-dev-plugin@google.com; c:\users\pho\AppData\Roaming\Mozilla\Firefox\Profiles\gm7vovva.default\extensions\gwt-dev-plugin@google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-Crossfire 1.9 - c:\program files (x86)\Freelancer Mod Manager\uninstall.exe
AddRemove-TorrentStream - c:\users\pho\AppData\Roaming\TorrentStream\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2445318442-2371699524-3787205221-1000\Software\SecuROM\License information*]
"datasecu"=hex:28,af,50,6e,2f,a0,b0,9a,09,f5,d3,6b,55,4b,6d,d6,a6,0b,23,a1,80,
8a,69,db,19,d4,e3,35,85,1c,d5,88,32,b2,b1,96,26,cc,34,32,3a,02,07,88,32,19,\
"rkeysecu"=hex:9d,3e,5c,f0,9a,dd,fc,d9,c3,f2,4f,6b,b1,82,d7,6c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-28 18:34:16
ComboFix-quarantined-files.txt 2013-07-28 16:34
.
Vor Suchlauf: 20 Verzeichnis(se), 13.348.376.576 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 13.375.639.552 Bytes frei
.
- - End Of File - - 5F7ECABC0AFA9FA9C4AE641A494A51F7
A36C5E4F47E84449FF07ED3517B43A31
|
FRST 32-Bit | FRST 64-Bit
So funktioniert es:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.