Code:
ComboFix 15-05-19.01 - Volker 22.05.2015 20:15:48.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2163 [GMT 2:00]
ausgeführt von:: c:\users\Volker\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-22 bis 2015-05-22 ))))))))))))))))))))))))))))))
.
.
2015-05-22 18:24 . 2015-05-22 18:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-21 18:33 . 2015-05-21 18:35 -------- d-----w- C:\FRST
2015-05-13 08:36 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:36 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:28 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-15 19:38 . 2014-12-28 19:30 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-07 12:16 . 2015-02-17 19:42 152744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-07 12:16 . 2015-02-17 19:42 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-04-27 19:04 . 2015-05-13 08:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-14 18:27 . 2015-03-22 13:32 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 18:27 . 2015-03-22 13:32 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-12-20 18:36 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-12-20 18:36 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-12-20 18:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 01:38 . 2015-04-14 01:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-03-25 03:24 . 2015-04-14 23:31 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 23:31 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 23:31 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 23:31 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 23:31 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 23:31 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 23:31 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 23:31 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 23:31 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 23:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 23:31 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 23:31 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 23:31 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 23:31 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 23:31 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 23:31 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-14 23:28 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-14 23:28 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-14 23:28 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-14 23:28 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-14 23:28 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-14 23:28 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-14 23:28 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-14 23:28 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-14 23:27 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-14 23:27 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-14 23:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-14 23:27 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-14 23:28 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-14 23:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 13:14 . 2015-02-17 19:42 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-04 04:55 . 2015-04-14 22:15 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-14 22:15 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 08:28 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:41 . 2015-05-13 08:28 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:10 . 2015-04-14 22:15 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 08:28 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 08:28 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 08:28 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-14 23:25 754688 ----a-w- c:\windows\system32\drivers\http.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2014-11-07 2425632]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"SPM15 Chrome Autofill Relay"="c:\program files (x86)\Steganos Password Manager 15\passwordmanagercom.exe" [2014-06-25 480120]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-07 728312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 cpuz137;cpuz137;c:\users\Volker\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Volker\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22 18:27]
.
2015-04-09 c:\windows\Tasks\WebReg Officejet J4680 Series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2010-05-27 23:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-12-23 19:36 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-12-25 13774040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\9ApJ2Y0Z.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Perfect Effects 9 PE - c:\windows\sysnative\wscript.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,1a,23,53,f5,cc,c8,40,8a,a4,de,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,1a,23,53,f5,cc,c8,40,8a,a4,de,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-22 20:36:39
ComboFix-quarantined-files.txt 2015-05-22 18:36
.
Vor Suchlauf: 11 Verzeichnis(se), 574.695.989.248 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 574.546.382.848 Bytes frei
.
- - End Of File - - E5F3988A9F8D23C607CFF45E05CA5479
A36C5E4F47E84449FF07ED3517B43A31 |