API tools faq
paste
Advertisement
Guest User

Herrwuetent_Combofix.txt

a guest
Aug 20th, 2013
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.19 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 13-08-19.02 - Koester 20.08.2013 18:04:19.1.2 - x64
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.4095.2415 [GMT 2:00]
  3. ausgeführt von:: c:\users\Koester\Desktop\ComboFix.exe
  4. AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
  5. SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
  6. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. .
  8. [i] ADS - Windows: deleted 128 bytes in 1 streams. [/i]
  9. .
  10. (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. c:\program files (x86)\Google\Desktop\Install
  14. c:\program files (x86)\Google\Desktop\Install\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\9519~1\A535~1\E628~1\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\@
  15. c:\program files (x86)\Google\Desktop\Install\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\9519~1\A535~1\E628~1\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\L\00000004.@
  16. c:\program files (x86)\Google\Desktop\Install\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\9519~1\A535~1\E628~1\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\L\6715e287
  17. c:\program files (x86)\Google\Desktop\Install\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\9519~1\A535~1\E628~1\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\U\00000004.@
  18. c:\program files (x86)\Google\Desktop\Install\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\9519~1\A535~1\E628~1\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\U\00000008.@
  19. c:\program files (x86)\Google\Desktop\Install\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\9519~1\A535~1\E628~1\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\U\80000000.@
  20. c:\users\Koester\AppData\Local\Google\Desktop\Install
  21. c:\users\Koester\AppData\Local\Google\Desktop\Install\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\2E2F~1\28F0~1\E628~1\{d1dee550-bf9f-7857-48f8-f84b8e6ce300}\@
  22. c:\windows\Downloaded Program Files\IDropPTB.dll
  23. c:\windows\IsUn0407.exe
  24. c:\windows\PFRO.log
  25. c:\windows\RazorDOX
  26. c:\windows\RazorDOX\RazorDOX.dll
  27. .
  28. .
  29. ((((((((((((((((((((((( Dateien erstellt von 2013-07-20 bis 2013-08-20 ))))))))))))))))))))))))))))))
  30. .
  31. .
  32. 2013-08-20 16:14 . 2013-08-20 16:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
  33. 2013-08-20 16:14 . 2013-08-20 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
  34. 2013-08-20 11:09 . 2013-08-20 11:18 -------- d-----w- C:\AdwCleaner
  35. 2013-08-20 07:53 . 2013-08-20 07:53 -------- d-----w- c:\users\Koester\AppData\Roaming\Avira
  36. 2013-08-20 07:48 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
  37. 2013-08-20 07:48 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
  38. 2013-08-20 07:48 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  39. 2013-08-20 07:48 . 2013-08-20 07:48 -------- d-----w- c:\programdata\Avira
  40. 2013-08-20 07:48 . 2013-08-20 07:48 -------- d-----w- c:\program files (x86)\Avira
  41. 2013-08-19 12:04 . 2013-08-19 12:04 -------- d-----w- c:\users\Koester\AppData\Roaming\Malwarebytes
  42. 2013-08-19 10:57 . 2013-08-20 11:08 -------- d-----w- c:\users\Koester\AppData\Local\Google
  43. 2013-08-17 04:44 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
  44. 2013-08-17 04:44 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
  45. 2013-08-17 04:44 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
  46. 2013-08-17 04:44 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
  47. 2013-08-17 04:44 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
  48. 2013-08-17 04:44 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
  49. 2013-08-17 04:44 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
  50. 2013-08-17 04:44 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
  51. 2013-08-17 04:44 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
  52. 2013-08-17 04:44 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
  53. 2013-08-17 04:44 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
  54. 2013-08-16 17:45 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95C43306-1A46-4288-9E37-1E0E46E04826}\mpengine.dll
  55. 2013-08-16 17:30 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
  56. 2013-08-16 17:30 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
  57. 2013-08-16 17:30 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
  58. 2013-08-16 17:30 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
  59. 2013-08-16 17:30 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
  60. 2013-08-16 17:30 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
  61. 2013-08-16 17:30 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
  62. 2013-08-16 17:30 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
  63. 2013-08-16 17:30 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
  64. 2013-08-16 17:30 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
  65. 2013-08-16 17:30 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
  66. 2013-08-16 17:30 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
  67. 2013-08-16 17:29 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
  68. 2013-08-16 17:29 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
  69. 2013-08-16 17:29 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
  70. 2013-08-16 17:28 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
  71. 2013-08-12 05:58 . 2013-08-12 05:58 -------- d-----w- c:\program files\Common Files\EPSON
  72. 2013-08-12 05:56 . 2007-04-09 23:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
  73. 2013-08-12 05:56 . 2008-11-12 01:00 118784 ----a-w- c:\windows\system32\E_ILMGCE.DLL
  74. 2013-08-12 05:56 . 2009-10-01 01:01 88064 ----a-w- c:\windows\system32\E_IBCBGCE.DLL
  75. 2013-08-12 05:55 . 2013-08-12 05:58 -------- d-----w- c:\programdata\EPSON
  76. .
  77. .
  78. .
  79. (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  80. .
  81. 2013-08-19 11:02 . 2012-03-29 11:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  82. 2013-08-19 11:02 . 2011-05-27 16:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  83. 2013-08-16 17:31 . 2010-02-10 06:16 78161360 ----a-w- c:\windows\system32\MRT.exe
  84. 2013-07-09 04:45 . 2013-08-17 04:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
  85. 2013-06-21 16:39 . 2013-06-21 16:39 119808 ----a-r- c:\users\Koester\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
  86. 2013-06-05 03:34 . 2013-07-11 00:43 3153920 ----a-w- c:\windows\system32\win32k.sys
  87. 2013-06-04 06:00 . 2013-07-11 00:43 624128 ----a-w- c:\windows\system32\qedit.dll
  88. 2013-06-04 04:53 . 2013-07-11 00:43 509440 ----a-w- c:\windows\SysWow64\qedit.dll
  89. 2013-05-28 13:05 . 2013-06-22 13:22 163328 ----a-w- c:\windows\SysWow64\FlashPlayerUpdateService.exe
  90. .
  91. .
  92. (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
  93. .
  94. .
  95. *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
  96. REGEDIT4
  97. .
  98. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  99. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  100. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  101. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  102. .
  103. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  104. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  105. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  106. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  107. .
  108. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  109. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  110. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  111. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  112. .
  113. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  114. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  115. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  116. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  117. .
  118. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  119. "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
  120. "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
  121. "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
  122. "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
  123. .
  124. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  125. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  126. "ConsentPromptBehaviorUser"= 3 (0x3)
  127. "EnableLUA"= 0 (0x0)
  128. "EnableUIADesktopToggle"= 0 (0x0)
  129. "DisplayLastLogonInfo"= 1 (0x1)
  130. .
  131. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  132. "LoadAppInit_DLLs"=1 (0x1)
  133. .
  134. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  135. BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
  136. .
  137. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
  138. R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
  139. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
  140. R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
  141. R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
  142. R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
  143. R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
  144. R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
  145. R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
  146. R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
  147. R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
  148. R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
  149. R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
  150. R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
  151. R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
  152. R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
  153. R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys;c:\windows\SYSNATIVE\DRIVERS\niede.sys [x]
  154. R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]
  155. R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
  156. R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
  157. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
  158. R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
  159. R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
  160. R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
  161. R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
  162. R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
  163. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
  164. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
  165. R3 tsusbhub;tsusbhub;tsusbhub [x]
  166. R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
  167. S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
  168. S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
  169. S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
  170. S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
  171. S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
  172. S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x]
  173. S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
  174. S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
  175. S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
  176. S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
  177. S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
  178. S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
  179. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
  180. S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
  181. S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
  182. S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
  183. S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
  184. S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
  185. S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
  186. S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
  187. S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
  188. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
  189. .
  190. .
  191. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  192. getPlusHelper REG_MULTI_SZ getPlusHelper
  193. .
  194. Inhalt des "geplante Tasks" Ordners
  195. .
  196. .
  197. --------- X64 Entries -----------
  198. .
  199. .
  200. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  201. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  202. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  203. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  204. .
  205. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  206. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  207. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  208. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  209. .
  210. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  211. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  212. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  213. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  214. .
  215. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  216. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  217. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  218. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  219. .
  220. ------- Zusätzlicher Suchlauf -------
  221. .
  222. uLocal Page = c:\windows\system32\blank.htm
  223. IE: E&xport to Microsoft Excel
  224. IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  225. Trusted Zone: microsoft.com
  226. Trusted Zone: microsoft.com\*.update
  227. Trusted Zone: microsoft.com\*.windowsupdate
  228. Trusted Zone: windowsupdate.com
  229. TCP: DhcpNameServer = 192.168.2.1
  230. .
  231. - - - - Entfernte verwaiste Registrierungseinträge - - - -
  232. .
  233. AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
  234. AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
  235. .
  236. .
  237. .
  238. --------------------- Gesperrte Registrierungsschluessel ---------------------
  239. .
  240. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*t*h*e*o*r*8$õ?\OpenWithList]
  241. @Class="Shell"
  242. "a"="vlc.exe"
  243. "MRUList"="a"
  244. .
  245. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*QÏLo]
  246. @Class="Shell"
  247. @Allowed: (Read) (RestrictedCode)
  248. .
  249. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*QÏLo\OpenWithList]
  250. @Class="Shell"
  251. "a"="vlc.exe"
  252. "MRUList"="a"
  253. .
  254. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\SecuROM\License information*]
  255. "datasecu"=hex:31,3b,27,a8,ad,1b,bc,2e,e2,4e,02,c8,5f,0a,bf,47,5c,c7,a2,74,8e,
  256. 76,48,e5,45,e3,11,59,a8,91,b0,f4,c3,d7,a4,4f,6c,d3,16,db,5d,96,d8,4c,ac,66,\
  257. "rkeysecu"=hex:1c,75,48,6a,a5,bc,15,64,d7,0c,b4,12,64,dd,14,bf
  258. .
  259. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  260. @Denied: (A 2) (Everyone)
  261. @="FlashBroker"
  262. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
  263. .
  264. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  265. "Enabled"=dword:00000001
  266. .
  267. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  268. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
  269. .
  270. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  271. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  272. .
  273. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  274. @Denied: (A 2) (Everyone)
  275. @="IFlashBroker5"
  276. .
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  278. @="{00020424-0000-0000-C000-000000000046}"
  279. .
  280. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  281. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  282. "Version"="1.0"
  283. .
  284. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  285. @Denied: (A 2) (Everyone)
  286. @="FlashBroker"
  287. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
  288. .
  289. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  290. "Enabled"=dword:00000001
  291. .
  292. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  293. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
  294. .
  295. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  296. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  297. .
  298. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  299. @Denied: (A 2) (Everyone)
  300. @="Shockwave Flash Object"
  301. .
  302. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  303. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
  304. "ThreadingModel"="Apartment"
  305. .
  306. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  307. @="0"
  308. .
  309. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  310. @="ShockwaveFlash.ShockwaveFlash.11"
  311. .
  312. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  313. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
  314. .
  315. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  316. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  317. .
  318. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  319. @="1.0"
  320. .
  321. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  322. @="ShockwaveFlash.ShockwaveFlash"
  323. .
  324. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  325. @Denied: (A 2) (Everyone)
  326. @="Macromedia Flash Factory Object"
  327. .
  328. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  329. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
  330. "ThreadingModel"="Apartment"
  331. .
  332. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  333. @="FlashFactory.FlashFactory.1"
  334. .
  335. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  336. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
  337. .
  338. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  339. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  340. .
  341. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  342. @="1.0"
  343. .
  344. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  345. @="FlashFactory.FlashFactory"
  346. .
  347. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  348. @Denied: (A 2) (Everyone)
  349. @="IFlashBroker5"
  350. .
  351. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  352. @="{00020424-0000-0000-C000-000000000046}"
  353. .
  354. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  355. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  356. "Version"="1.0"
  357. .
  358. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  359. @Denied: (A) (Everyone)
  360. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  361. .
  362. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  363. @Denied: (A) (Everyone)
  364. .
  365. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  366. "Key"="ActionsPane3"
  367. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  368. .
  369. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  370. @Denied: (A) (Users)
  371. @Denied: (A) (Everyone)
  372. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  373. "BlindDial"=dword:00000000
  374. .
  375. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  376. @Denied: (A) (Users)
  377. @Denied: (A) (Everyone)
  378. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  379. "BlindDial"=dword:00000000
  380. .
  381. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  382. @Denied: (A) (Users)
  383. @Denied: (A) (Everyone)
  384. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  385. "BlindDial"=dword:00000000
  386. .
  387. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
  388. @Denied: (A) (Users)
  389. @Denied: (A) (Everyone)
  390. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  391. "BlindDial"=dword:00000000
  392. .
  393. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  394. @Denied: (Full) (Everyone)
  395. .
  396. ------------------------ Weitere laufende Prozesse ------------------------
  397. .
  398. c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
  399. c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
  400. c:\program files\ATKGFNEX\GFNEXSrv.exe
  401. c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  402. c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  403. c:\windows\SysWOW64\lkads.exe
  404. c:\program files (x86)\National Instruments\MAX\nimxs.exe
  405. c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
  406. c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
  407. c:\windows\SysWOW64\PnkBstrA.exe
  408. c:\windows\SysWOW64\lkcitdl.exe
  409. c:\windows\SysWOW64\lktsrv.exe
  410. c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
  411. c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
  412. c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
  413. c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
  414. c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
  415. .
  416. **************************************************************************
  417. .
  418. Zeit der Fertigstellung: 2013-08-20 18:32:16 - PC wurde neu gestartet
  419. ComboFix-quarantined-files.txt 2013-08-20 16:32
  420. .
  421. Vor Suchlauf: 22 Verzeichnis(se), 32.964.943.872 Bytes frei
  422. Nach Suchlauf: 28 Verzeichnis(se), 32.997.613.568 Bytes frei
  423. .
  424. - - End Of File - - 6E742AC52D1F915D340CACAF969CC526
  425. A36C5E4F47E84449FF07ED3517B43A31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!