Hallo,
Während Combofix lief, erschien zwei mal ein Avira-Fenster, mit dem sinngemäßen Inhalt, dass ein zweifelhafter Zugriff - oder so ähnlich - blockiert wurde. Avira Antivirus war aber ausgeschaltet! Nach dem von Combofix durchgeführten Neustart öffnete sich - kurz bevor im Combofix-Fenster der Hinweis erschien, dass man bevor Combofix fertig ist, keine Programme öffnen soll - der Windows-Explorer (macht er bei mir immer nach dem Hochfahren). Kurz danach öffnete sich dann noch der nervige Java Auto Updater.
Ich habe das Programm "Windows 8 Starter", dass das bei Windows 8 nicht vorhandene Startmenu im Desktop ersetzt. Seitdem ich Combofix habe laufen lassen, funktioniert es nicht mehr. Beim Versuch es zu öffnen erscheint eine Fehlermeldung mit folgendem Text:
C:\Program Files (x86)\Engelmann Media\Win8Starter\Win8Starter.exe
Ein an das System angeschlossenes Gerät funktioniert nicht. Code:
ComboFix 14-07-11.04 - User 11.07.2014 17:13:42.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.8112.6536 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7AD2883B-AB15-48C5-AF8B-51F6EEDE1FA7}.xps
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BD42E442-C312-438D-9044-DC09A7B9CD88}.xps
c:\users\User\AppData\Roaming\Windows Net Data
c:\users\User\AppData\Roaming\Windows Net Data\id.dat
c:\users\User\AppData\Roaming\Windows Net Data\net.exe
c:\users\User\AppData\Roaming\Windows Net Data\uninstaller.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_acedrv11
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-11 bis 2014-07-11 ))))))))))))))))))))))))))))))
.
.
2014-07-11 15:20 . 2014-07-11 15:20 -------- d-----w- c:\users\User\AppData\Local\temp
2014-07-11 15:20 . 2014-07-11 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-10 18:16 . 2014-07-10 18:18 -------- d-----w- C:\FRST
2014-07-09 10:04 . 2014-06-17 23:27 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-07-09 10:03 . 2014-06-19 04:18 775320 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-07-07 14:10 . 2014-07-11 02:24 100352 ----a-w- c:\windows\system32\wudriver.dll
2014-07-07 14:10 . 2014-07-11 02:24 86528 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-07-07 14:10 . 2014-07-11 02:24 176640 ----a-w- c:\windows\system32\storewuauth.dll
2014-07-07 14:10 . 2014-07-11 02:24 773632 ----a-w- c:\windows\system32\wuapi.dll
2014-07-07 14:10 . 2014-07-11 02:24 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-07-07 14:10 . 2014-07-11 02:24 1623040 ----a-w- c:\windows\system32\wucltux.dll
2014-07-07 14:10 . 2014-07-11 02:24 59416 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-07 14:10 . 2014-07-11 02:24 3286528 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-07 14:10 . 2014-07-11 02:24 629248 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-07-07 14:09 . 2014-07-11 02:24 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-07-07 14:09 . 2014-07-11 02:24 128000 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-07-07 14:09 . 2014-07-11 02:24 40448 ----a-w- c:\windows\system32\wuapp.exe
2014-07-07 14:09 . 2014-07-11 02:24 144384 ----a-w- c:\windows\system32\wuwebv.dll
2014-06-11 20:49 . 2014-06-11 20:49 18636480 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 12:31 . 2013-10-15 17:26 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-09 15:25 . 2013-10-18 00:23 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 17:36 . 2013-12-10 20:39 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-03 19:36 . 2013-10-15 17:26 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-26 20:53 . 2013-12-15 14:18 703968 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 20:53 . 2013-12-15 14:18 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-27 14:02 . 2013-10-15 17:26 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-03 05:47 . 2014-06-11 09:57 3246592 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-03 03:34 . 2014-06-11 09:57 235520 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-29 22:32 . 2014-06-11 09:57 1301504 ----a-w- c:\windows\system32\gdi32.dll
2014-04-29 22:22 . 2014-06-11 09:57 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-04-19 09:39 . 2014-05-06 13:08 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-01 13:16 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-01 13:16 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-01 13:16 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2012-11-29 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-02-07 490480]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-01-07 597880]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-3-15 553984]
ShowDesktop.scf [2012-6-28 78]
Win8Starter.lnk - c:\program files (x86)\Engelmann Media\Win8Starter\Win8Starter.exe [2013-7-3 840480]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-7-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bwcW8x64.sys;c:\windows\SYSNATIVE\DRIVERS\bwcW8x64.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\SCM\MSIService.exe;c:\program files (x86)\SCM\MSIService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e22w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w8x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16 17:36]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16 11:51]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16 11:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-01 13:16 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-01 13:16 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-01 13:16 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-04-27 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-04-27 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-04-27 442696]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-27 13519432]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-01-28 452608]
"Radio Manager"="c:\program files (x86)\SCM\Radio Manager.exe" [2013-04-23 406920]
"SCM"="c:\program files (x86)\SCM\SCM.exe" [2013-04-23 406944]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-01-07 27648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gz1diwo7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk - c:\users\User\AppData\Roaming\Windows Net Data\net.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Windows Utils - c:\users\User\AppData\Roaming\Windows Net Data\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-11 17:30:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-11 15:30
.
Vor Suchlauf: 16 Verzeichnis(se), 140.615.491.584 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 141.315.014.656 Bytes frei
.
- - End Of File - - ABCC69A546A5086FE72FCB74949A4465
5FB38429D5D77768867C76DCBDB35194 Edit: Das Problem mit dem Windows 8 Starter ist nach einem Neustart verschwunden. |