Boeingpilot | 02.02.2014 08:03 | Hier ist die Combofix.txt Code:
ComboFix 14-02-01.01 - Fabian 02.02.2014 7:32.1.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.3554.1742 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\install.exe
c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\SoFTonic.dll
c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoFTonictlbr.dll
c:\users\Fabian\AppData\Local\Microsoft\Windows\INetCache\logo-gamesrocket-gold.png
c:\users\Fabian\AppData\Roaming\Roaming
c:\users\Fabian\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Fabian\Documents\~yt90CE.tmp
c:\windows\SysWow64\frapsvid.dll
c:\windows\Tasks\WinZipDriverUpdater_UPDATES.job
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-01-02 bis 2014-02-02 ))))))))))))))))))))))))))))))
.
.
2014-02-02 06:55 . 2014-02-02 06:55 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-02-02 06:55 . 2014-02-02 06:55 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-02-01 14:25 . 2014-02-01 14:28 -------- d-----w- C:\FRST
2014-01-29 14:30 . 2014-01-29 14:30 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-01-29 14:23 . 2014-01-29 14:23 -------- d-----w- c:\users\Fabian\AppData\Roaming\PowerISO
2014-01-29 13:58 . 2014-01-31 18:01 -------- d-----w- c:\users\Fabian\AppData\Local\VMware
2014-01-29 13:58 . 2014-01-31 17:59 -------- d-----w- c:\users\Fabian\AppData\Roaming\VMware
2014-01-29 13:54 . 2013-10-08 17:21 67664 ----a-w- c:\windows\system32\vsocklib.dll
2014-01-29 13:54 . 2013-10-08 17:21 63568 ----a-w- c:\windows\SysWow64\vsocklib.dll
2014-01-29 13:54 . 2013-10-08 17:21 73296 ----a-w- c:\windows\system32\drivers\vsock.sys
2014-01-29 13:54 . 2013-10-18 11:46 64080 ----a-w- c:\windows\system32\drivers\vmx86.sys
2014-01-29 13:53 . 2013-10-18 11:44 32848 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2014-01-29 13:52 . 2013-10-18 11:45 358480 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2014-01-29 13:52 . 2013-10-18 11:45 437328 ----a-w- c:\windows\SysWow64\vmnat.exe
2014-01-29 13:52 . 2013-10-18 11:45 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2014-01-29 13:51 . 2013-10-18 11:45 930384 ----a-w- c:\windows\system32\vnetlib64.dll
2014-01-29 13:51 . 2013-10-09 07:04 53816 ----a-w- c:\windows\system32\drivers\hcmon.sys
2014-01-29 13:50 . 2014-01-29 13:50 -------- d-----w- c:\program files\Common Files\VMware
2014-01-29 13:50 . 2014-02-01 22:17 -------- d-----w- c:\programdata\VMware
2014-01-29 13:50 . 2014-01-29 13:50 -------- d-----w- c:\program files (x86)\VMware
2014-01-29 13:50 . 2014-01-29 13:50 -------- d-----w- c:\program files (x86)\Common Files\VMware
2014-01-26 12:57 . 2014-01-26 12:57 -------- d-----w- c:\programdata\Tarma Installer
2014-01-25 15:22 . 2014-01-25 15:22 -------- d-----w- c:\program files (x86)\Common Files\Screaming Bee
2014-01-25 15:22 . 2014-01-25 15:24 -------- d-----w- c:\programdata\Screaming Bee
2014-01-25 11:11 . 2014-01-25 11:11 53505 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstall_CT206H.exe
2014-01-25 11:11 . 2014-01-25 11:11 -------- d-----w- C:\Archivos de programa
2014-01-25 11:08 . 2014-01-25 11:08 97078 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
2014-01-25 07:30 . 2014-01-25 07:30 -------- d-----w- c:\programdata\McAfee Security Scan
2014-01-25 07:30 . 2014-01-25 07:30 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2014-01-24 19:34 . 2014-01-24 19:34 -------- d-----w- c:\windows\PCHEALTH
2014-01-23 12:33 . 2014-01-23 12:33 41504 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-01-22 17:08 . 2014-02-01 09:16 -------- d-----w- c:\users\Fabian\AppData\Local\ArmA 2
2014-01-21 18:20 . 2014-01-21 18:20 -------- d-----w- c:\programdata\OMSI AM
2014-01-21 18:14 . 2014-01-25 15:17 -------- d-----w- c:\program files (x86)\OMSI Addon Manager
2014-01-21 18:14 . 2014-01-21 18:14 -------- d-----w- c:\users\Fabian\AppData\Local\OMSI AM
2014-01-21 15:32 . 2014-01-25 15:24 -------- d-----w- c:\users\Fabian\AppData\Roaming\Screaming Bee
2014-01-21 15:29 . 2014-01-25 15:41 -------- d-----w- c:\program files (x86)\Screaming Bee
2014-01-20 21:33 . 2014-01-20 21:33 -------- d-----w- c:\program files (x86)\7-Zip
2014-01-20 21:24 . 2014-01-20 21:24 -------- d-----w- c:\program files (x86)\Universal Extractor
2014-01-20 17:04 . 2014-01-20 17:04 -------- d-----w- C:\Aerosoft
2014-01-18 15:12 . 2014-01-18 15:13 -------- d-----w- c:\program files (x86)\Skiregion Simulator 2012 Demo
2014-01-16 17:53 . 2014-01-16 17:53 -------- d-----w- c:\users\Fabian\AppData\Roaming\Avira
2014-01-16 17:49 . 2013-12-18 08:32 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-16 17:49 . 2013-12-18 08:32 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-16 17:49 . 2013-12-18 08:32 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-16 17:49 . 2014-01-16 17:53 -------- d-----w- c:\program files (x86)\Avira
2014-01-16 17:49 . 2014-01-16 17:49 -------- d-----w- c:\programdata\Avira
2014-01-14 19:04 . 2014-01-14 19:04 -------- d-----w- c:\users\Fabian\AppData\Roaming\Quest3D
2014-01-14 18:50 . 2014-01-14 18:50 -------- d-----w- c:\program files (x86)\Vstep
2014-01-12 11:48 . 2008-08-15 14:42 41984 ----a-w- c:\windows\system32\tmffbdrv.dll
2014-01-12 11:48 . 2008-08-15 08:30 276992 ----a-w- c:\windows\system32\tmffbcpl.dll
2014-01-12 11:48 . 2008-08-15 14:43 34304 ----a-w- c:\windows\SysWow64\tmffbdrv.dll
2014-01-12 11:18 . 2006-05-16 14:07 99840 ----a-w- c:\windows\system32\_IsRes.dll
2014-01-12 11:18 . 2007-01-20 03:44 208304 ----a-w- c:\windows\system32\isrt.dll
2014-01-10 22:52 . 2014-01-10 22:52 45056 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2014-01-10 22:52 . 2014-01-10 22:52 45056 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2014-01-10 22:52 . 2014-01-10 22:52 40960 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2014-01-10 22:52 . 2014-01-10 22:52 -------- d-----w- c:\program files (x86)\GameShadow
2014-01-10 22:45 . 2014-01-10 22:46 -------- d-----w- c:\program files (x86)\Ubisoft
2014-01-10 22:04 . 2014-01-10 22:04 -------- d-----w- c:\users\Fabian\AppData\Local\Nexway
2014-01-10 20:11 . 2014-01-10 20:11 -------- d-----w- c:\program files\CPUID
2014-01-10 17:35 . 2014-01-10 17:35 -------- d-----w- C:\Games
2014-01-06 17:39 . 2014-01-06 17:39 -------- d-----w- c:\programdata\HP
2014-01-06 17:28 . 2014-01-06 17:28 -------- d-----w- c:\users\Fabian\AppData\Roaming\CAD-KAS
2014-01-06 17:27 . 2014-01-06 17:27 -------- d-----w- c:\program files (x86)\PDF Editor 4
2014-01-06 17:27 . 2014-01-06 17:27 87704 ----a-w- c:\windows\cadkasdeinst01.exe
2014-01-06 11:30 . 2014-01-06 11:58 -------- d-----w- c:\users\Fabian\AppData\Roaming\Craften Terminal
2014-01-06 11:30 . 2014-01-06 11:30 -------- d-----w- c:\users\Fabian\AppData\Local\Craften.de
2014-01-04 13:32 . 2014-01-04 13:32 -------- d-----w- c:\users\Fabian\AppData\Roaming\WinZip
2014-01-04 13:31 . 2014-01-04 13:31 -------- d-----w- c:\users\Fabian\AppData\Roaming\Nico Mak Computing
2014-01-04 13:31 . 2012-02-08 09:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2014-01-04 13:31 . 2014-01-04 15:53 -------- d-----w- c:\users\Fabian\AppData\Roaming\FileZilla
2014-01-04 09:31 . 2014-01-22 14:17 -------- d-----w- c:\users\Fabian\AppData\Roaming\.minecraft
2014-01-03 10:51 . 2012-01-25 21:08 7680 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\TrafficInfo.dll
2014-01-03 10:51 . 2012-01-25 21:07 40960 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\GaugeSound.dll
2014-01-03 10:51 . 2012-01-25 21:07 155648 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\TCAS2v7.dll
2014-01-03 10:51 . 2012-01-25 21:08 8704 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\FSSound.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 16:26 . 2014-01-24 16:26 246960 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin
2014-01-15 19:34 . 2013-10-28 21:51 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-15 17:31 . 2013-11-13 23:05 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-01-09 08:02 . 2013-11-13 22:28 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-09 08:02 . 2013-11-13 22:28 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-30 08:03 . 2013-12-30 08:03 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-12-30 08:03 . 2013-12-30 08:03 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-12-30 08:03 . 2013-12-30 08:03 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-12-13 14:21 . 2013-12-13 14:21 65536 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{2AB0360C-AB63-423C-9C4A-7079110CD17F}\manual.PDF_2AB0360CAB63423C9C4A7079110CD17F.exe
2013-12-04 03:28 . 2014-01-16 17:44 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27B86A91-B536-4740-8051-053459C9455E}\mpengine.dll
2013-11-29 16:44 . 2013-12-08 20:28 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-11-29 16:43 . 2013-12-08 20:27 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-11-29 16:43 . 2013-11-29 16:43 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-11-29 16:43 . 2013-11-29 16:43 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-11-29 16:40 . 2013-11-29 16:40 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-11-23 06:43 . 2013-12-11 14:54 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-11 14:54 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-19 10:21 . 2013-11-05 22:40 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-10 14:08 . 2013-10-27 09:35 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-06 23:18 . 2013-12-11 14:55 4036608 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\prxtbHots.dll" [2013-10-15 226592]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49 184400 ----a-w- c:\program files (x86)\Avira\Internet Explorer\avira32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2013-10-15 07:01 226592 ----a-w- c:\program files (x86)\Hotspot_Shield\prxtbHots.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\prxtbHots.dll" [2013-10-15 226592]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Fabian\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-16 900440]
"BackgroundContainer"="c:\users\Fabian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-10-15 319264]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-01-27 1815976]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-11-29 3551576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"CyberGhost"="c:\program files\CyberGhost 5\CyberGhost.EXE" [2014-01-16 358000]
"Akamai NetSession Interface"="c:\users\Fabian\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-01-10 1778640]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-10-28 185896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"UIExec"="c:\program files (x86)\Orange Mobiles Internet\UIExec.exe" [2012-07-25 157000]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-11-18 623376]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-10-23 377368]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-01-23 3813200]
.
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OMSI Addon Manager.lnk - c:\program files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe -silent [2014-1-21 737280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-12-30 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys;c:\windows\SYSNATIVE\drivers\ggflt.sys [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\System32\drivers\leath_hid.sys;c:\windows\SYSNATIVE\drivers\leath_hid.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\System32\drivers\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\drivers\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_acm.sys [x]
R3 zte_cdc_ecm;zte_cdc_ecm;c:\windows\system32\DRIVERS\zte_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_ecm.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cpo.sys [x]
R3 zte_ecm_enum;ZTE All DC Enumerator;c:\windows\System32\drivers\zte_ecm_enum.sys;c:\windows\SYSNATIVE\drivers\zte_ecm_enum.sys [x]
R3 zte_ecm_enum_filter;zte_ecm_enum_filter;c:\windows\System32\drivers\zte_ecm_enum_filter.sys;c:\windows\SYSNATIVE\drivers\zte_ecm_enum_filter.sys [x]
R4 ????????t;????4????t;???????????????????????????;??????????????????????????? [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Orange Mobiles Internet\AssistantServices.exe;c:\program files (x86)\Orange Mobiles Internet\AssistantServices.exe [x]
S2 Update WebSparkle;Update WebSparkle;c:\program files (x86)\WebSparkle\updateWebSparkle.exe;c:\program files (x86)\WebSparkle\updateWebSparkle.exe [x]
S2 Util WebSparkle;Util WebSparkle;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 19:05 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-26 07:30]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 17:45]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-15 17:33 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-15 17:33 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-15 17:33 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"BtPreLoad"="c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe" [2012-08-19 64640]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-14 21720]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/analytics/web/?et&authuser=0#realtime/rt-overview/a46668730w77731111p80356051/%3Ffilter.list%3D1%3D%3DAustria%3B%26mapMode.type%3DgeoChart/
FF - ExtSQL: 2013-12-07 02:20; firefox@websparkle.biz; c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\extensions\firefox@websparkle.biz.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E87806B5-E908-45FD-AF5E-957D83E58E68} - c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll
Toolbar-{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKLM-Run-ClockGen - c:\users\Fabian\Desktop\ClockGen.exe
Wow6432Node-HKLM-Run-IR_SERVER - c:\progra~2\Realtek\REALTE~2\IR_SERVER.exe
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Minecraft 1.6.1 - c:\users\Fabian\AppData\Roaming\.minecraft\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{EAEDE38E-4126-42B7-BC6D-93E3A2EC06E9}_is1 - c:\users\Fabian\Downloads\FSCloud\unins000.exe
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLVirtualDrive]
"ImagePath"="\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="c:\users\Fabian\Downloads\FSX_Acceleration.iso"
Binary file temp00 matches
"ImagePath"="\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="c:\users\Fabian\Downloads\FSX_Acceleration.iso"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WiseBootAssistant ]
"ImagePath"="???????????????????????????"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4d,49,
cd,5f,cf,3b,03,f3,6f,94,76,df,44,9f,79
"{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}"=hex:51,66,7a,6c,4c,1d,38,12,fa,ba,fe,
14,ca,09,99,06,d1,80,b1,aa,66,b7,bd,1b
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=hex:51,66,7a,6c,4c,1d,38,12,bc,cc,0b,
54,7f,ce,f7,09,e0,97,66,aa,ef,79,2d,ca
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{A18A516C-AA41-46A9-92DB-60208917E442}"=hex:51,66,7a,6c,4c,1d,38,12,02,52,99,
a5,73,e4,c7,03,ed,cd,23,60,8c,49,a0,56
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
"{E87806B5-E908-45FD-AF5E-957D83E58E68}"=hex:51,66,7a,6c,4c,1d,38,12,db,05,6b,
ec,3a,a7,93,00,d0,48,d6,3d,86,bb,ca,7c
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,8a,27,f0,64,18,cf,01
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,1d,b7,7f,a1,f7,7e,4a,8d,5b,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,1d,b7,7f,a1,f7,7e,4a,8d,5b,64,\
.
[HKEY_USERS\S-1-5-21-3660341198-1247186543-1459392912-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:59,e6,01,38,45,48,59,7a,fb,9a,ee,b0,8a,40,d6,57,37,3a,6e,cb,7d,
c3,d0,34,fa,7c,96,1d,1c,08,d6,d1,b3,e6,07,86,3c,41,56,3d,6d,ee,91,3d,7d,85,\
"rkeysecu"=hex:be,a1,50,6d,0e,f0,e7,5f,4f,22,b5,07,59,3c,fc,b5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WiseBootAssistant*]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=expand:"???????????????????????????"
"DisplayName"="????4????t\""
"WOW64"=dword:00000001
"ObjectName"="LocalSystem"
.
Zeit der Fertigstellung: 2014-02-02 08:00:41
ComboFix-quarantined-files.txt 2014-02-02 07:00
.
Vor Suchlauf: 21 Verzeichnis(se), 157*904*760*832 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 163*105*042*432 Bytes frei
.
- - End Of File - - 3DC05E4632D25E52B340AC4D58248FBA
5FB38429D5D77768867C76DCBDB35194 MfG |