Advertisement
Guest User

herrwuetent_Combofix_2.txt

a guest
Aug 20th, 2013
111
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.78 KB | None | 0 0
  1. ComboFix 13-08-19.02 - Koester 20.08.2013 19:01:29.2.2 - x64
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.4095.2549 [GMT 2:00]
  3. ausgeführt von:: c:\users\Koester\Desktop\ComboFix.exe
  4. Benutzte Befehlsschalter :: c:\users\Koester\Desktop\CFScript.txt
  5. AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
  6. SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
  7. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. .
  9. [i] ADS - Windows: deleted 0 bytes in 1 streams. [/i]
  10. .
  11. ((((((((((((((((((((((( Dateien erstellt von 2013-07-20 bis 2013-08-20 ))))))))))))))))))))))))))))))
  12. .
  13. .
  14. 2013-08-20 17:11 . 2013-08-20 17:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
  15. 2013-08-20 17:11 . 2013-08-20 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp
  16. 2013-08-20 11:09 . 2013-08-20 11:18 -------- d-----w- C:\AdwCleaner
  17. 2013-08-20 07:53 . 2013-08-20 07:53 -------- d-----w- c:\users\Koester\AppData\Roaming\Avira
  18. 2013-08-20 07:48 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
  19. 2013-08-20 07:48 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
  20. 2013-08-20 07:48 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  21. 2013-08-20 07:48 . 2013-08-20 07:48 -------- d-----w- c:\programdata\Avira
  22. 2013-08-20 07:48 . 2013-08-20 07:48 -------- d-----w- c:\program files (x86)\Avira
  23. 2013-08-19 12:04 . 2013-08-19 12:04 -------- d-----w- c:\users\Koester\AppData\Roaming\Malwarebytes
  24. 2013-08-19 10:57 . 2013-08-20 11:08 -------- d-----w- c:\users\Koester\AppData\Local\Google
  25. 2013-08-17 04:44 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
  26. 2013-08-17 04:44 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
  27. 2013-08-17 04:44 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
  28. 2013-08-17 04:44 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
  29. 2013-08-17 04:44 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
  30. 2013-08-17 04:44 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
  31. 2013-08-17 04:44 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
  32. 2013-08-17 04:44 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
  33. 2013-08-17 04:44 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
  34. 2013-08-17 04:44 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
  35. 2013-08-17 04:44 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
  36. 2013-08-16 17:45 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95C43306-1A46-4288-9E37-1E0E46E04826}\mpengine.dll
  37. 2013-08-16 17:30 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
  38. 2013-08-16 17:30 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
  39. 2013-08-16 17:30 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
  40. 2013-08-16 17:30 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
  41. 2013-08-16 17:30 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
  42. 2013-08-16 17:30 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
  43. 2013-08-16 17:30 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
  44. 2013-08-16 17:30 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
  45. 2013-08-16 17:30 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
  46. 2013-08-16 17:30 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
  47. 2013-08-16 17:30 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
  48. 2013-08-16 17:30 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
  49. 2013-08-16 17:29 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
  50. 2013-08-16 17:29 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
  51. 2013-08-16 17:29 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
  52. 2013-08-16 17:28 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
  53. 2013-08-12 05:58 . 2013-08-12 05:58 -------- d-----w- c:\program files\Common Files\EPSON
  54. 2013-08-12 05:56 . 2007-04-09 23:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
  55. 2013-08-12 05:56 . 2008-11-12 01:00 118784 ----a-w- c:\windows\system32\E_ILMGCE.DLL
  56. 2013-08-12 05:56 . 2009-10-01 01:01 88064 ----a-w- c:\windows\system32\E_IBCBGCE.DLL
  57. 2013-08-12 05:55 . 2013-08-12 05:58 -------- d-----w- c:\programdata\EPSON
  58. .
  59. .
  60. .
  61. (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  62. .
  63. 2013-08-19 11:02 . 2012-03-29 11:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  64. 2013-08-19 11:02 . 2011-05-27 16:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  65. 2013-08-16 17:31 . 2010-02-10 06:16 78161360 ----a-w- c:\windows\system32\MRT.exe
  66. 2013-07-09 04:45 . 2013-08-17 04:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
  67. 2013-06-21 16:39 . 2013-06-21 16:39 119808 ----a-r- c:\users\Koester\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
  68. 2013-06-05 03:34 . 2013-07-11 00:43 3153920 ----a-w- c:\windows\system32\win32k.sys
  69. 2013-06-04 06:00 . 2013-07-11 00:43 624128 ----a-w- c:\windows\system32\qedit.dll
  70. 2013-06-04 04:53 . 2013-07-11 00:43 509440 ----a-w- c:\windows\SysWow64\qedit.dll
  71. 2013-05-28 13:05 . 2013-06-22 13:22 163328 ----a-w- c:\windows\SysWow64\FlashPlayerUpdateService.exe
  72. .
  73. .
  74. (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
  75. .
  76. .
  77. *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
  78. REGEDIT4
  79. .
  80. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  81. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  82. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  83. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  84. .
  85. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  86. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  87. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  88. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  89. .
  90. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  91. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  92. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  93. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  94. .
  95. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  96. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  97. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  98. 2013-05-25 00:36 130736 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
  99. .
  100. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  101. "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
  102. "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
  103. "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
  104. "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
  105. .
  106. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  107. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  108. "ConsentPromptBehaviorUser"= 3 (0x3)
  109. "EnableLUA"= 0 (0x0)
  110. "EnableUIADesktopToggle"= 0 (0x0)
  111. "DisplayLastLogonInfo"= 1 (0x1)
  112. .
  113. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  114. "LoadAppInit_DLLs"=1 (0x1)
  115. .
  116. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  117. BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
  118. .
  119. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
  120. R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
  121. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
  122. R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
  123. R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
  124. R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
  125. R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
  126. R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
  127. R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
  128. R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
  129. R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
  130. R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
  131. R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
  132. R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
  133. R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
  134. R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
  135. R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys;c:\windows\SYSNATIVE\DRIVERS\niede.sys [x]
  136. R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]
  137. R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
  138. R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
  139. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
  140. R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
  141. R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
  142. R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
  143. R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
  144. R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
  145. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
  146. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
  147. R3 tsusbhub;tsusbhub;tsusbhub [x]
  148. R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
  149. S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
  150. S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
  151. S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
  152. S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
  153. S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
  154. S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x]
  155. S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
  156. S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
  157. S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
  158. S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
  159. S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
  160. S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
  161. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
  162. S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
  163. S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
  164. S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
  165. S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
  166. S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
  167. S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
  168. S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
  169. S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
  170. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
  171. .
  172. .
  173. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  174. getPlusHelper REG_MULTI_SZ getPlusHelper
  175. .
  176. .
  177. --------- X64 Entries -----------
  178. .
  179. .
  180. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  181. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  182. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  183. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  184. .
  185. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  186. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  187. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  188. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  189. .
  190. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  191. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  192. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  193. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  194. .
  195. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  196. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  197. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  198. 2013-05-25 00:36 164016 ----a-w- c:\users\Koester\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
  199. .
  200. ------- Zusätzlicher Suchlauf -------
  201. .
  202. uLocal Page = c:\windows\system32\blank.htm
  203. IE: E&xport to Microsoft Excel
  204. IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  205. Trusted Zone: microsoft.com
  206. Trusted Zone: microsoft.com\*.update
  207. Trusted Zone: microsoft.com\*.windowsupdate
  208. Trusted Zone: windowsupdate.com
  209. TCP: DhcpNameServer = 192.168.2.1
  210. .
  211. - - - - Entfernte verwaiste Registrierungseinträge - - - -
  212. .
  213. AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
  214. .
  215. .
  216. .
  217. --------------------- Gesperrte Registrierungsschluessel ---------------------
  218. .
  219. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*t*h*e*o*r*8$õ?\OpenWithList]
  220. @Class="Shell"
  221. "a"="vlc.exe"
  222. "MRUList"="a"
  223. .
  224. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*QÏLo]
  225. @Class="Shell"
  226. @Allowed: (Read) (RestrictedCode)
  227. .
  228. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*QÏLo\OpenWithList]
  229. @Class="Shell"
  230. "a"="vlc.exe"
  231. "MRUList"="a"
  232. .
  233. [HKEY_USERS\S-1-5-21-2304036826-2203788415-1893340992-1001\Software\SecuROM\License information*]
  234. "datasecu"=hex:31,3b,27,a8,ad,1b,bc,2e,e2,4e,02,c8,5f,0a,bf,47,5c,c7,a2,74,8e,
  235. 76,48,e5,45,e3,11,59,a8,91,b0,f4,c3,d7,a4,4f,6c,d3,16,db,5d,96,d8,4c,ac,66,\
  236. "rkeysecu"=hex:1c,75,48,6a,a5,bc,15,64,d7,0c,b4,12,64,dd,14,bf
  237. .
  238. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  239. @Denied: (A 2) (Everyone)
  240. @="FlashBroker"
  241. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
  242. .
  243. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  244. "Enabled"=dword:00000001
  245. .
  246. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  247. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
  248. .
  249. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  250. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  251. .
  252. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  253. @Denied: (A 2) (Everyone)
  254. @="IFlashBroker5"
  255. .
  256. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  257. @="{00020424-0000-0000-C000-000000000046}"
  258. .
  259. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  260. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  261. "Version"="1.0"
  262. .
  263. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  264. @Denied: (A 2) (Everyone)
  265. @="FlashBroker"
  266. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
  267. .
  268. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  269. "Enabled"=dword:00000001
  270. .
  271. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  272. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
  273. .
  274. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  275. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  276. .
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  278. @Denied: (A 2) (Everyone)
  279. @="Shockwave Flash Object"
  280. .
  281. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  282. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
  283. "ThreadingModel"="Apartment"
  284. .
  285. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  286. @="0"
  287. .
  288. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  289. @="ShockwaveFlash.ShockwaveFlash.11"
  290. .
  291. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  292. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
  293. .
  294. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  295. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  296. .
  297. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  298. @="1.0"
  299. .
  300. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  301. @="ShockwaveFlash.ShockwaveFlash"
  302. .
  303. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  304. @Denied: (A 2) (Everyone)
  305. @="Macromedia Flash Factory Object"
  306. .
  307. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  308. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
  309. "ThreadingModel"="Apartment"
  310. .
  311. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  312. @="FlashFactory.FlashFactory.1"
  313. .
  314. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  315. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
  316. .
  317. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  318. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  319. .
  320. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  321. @="1.0"
  322. .
  323. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  324. @="FlashFactory.FlashFactory"
  325. .
  326. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  327. @Denied: (A 2) (Everyone)
  328. @="IFlashBroker5"
  329. .
  330. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  331. @="{00020424-0000-0000-C000-000000000046}"
  332. .
  333. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  334. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  335. "Version"="1.0"
  336. .
  337. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  338. @Denied: (A) (Everyone)
  339. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  340. .
  341. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  342. @Denied: (A) (Everyone)
  343. .
  344. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  345. "Key"="ActionsPane3"
  346. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  347. .
  348. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  349. @Denied: (A) (Users)
  350. @Denied: (A) (Everyone)
  351. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  352. "BlindDial"=dword:00000000
  353. .
  354. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  355. @Denied: (A) (Users)
  356. @Denied: (A) (Everyone)
  357. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  358. "BlindDial"=dword:00000000
  359. .
  360. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  361. @Denied: (A) (Users)
  362. @Denied: (A) (Everyone)
  363. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  364. "BlindDial"=dword:00000000
  365. .
  366. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
  367. @Denied: (A) (Users)
  368. @Denied: (A) (Everyone)
  369. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  370. "BlindDial"=dword:00000000
  371. .
  372. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  373. @Denied: (Full) (Everyone)
  374. .
  375. ------------------------ Weitere laufende Prozesse ------------------------
  376. .
  377. c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
  378. c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
  379. c:\program files\ATKGFNEX\GFNEXSrv.exe
  380. c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  381. c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  382. c:\windows\SysWOW64\lkads.exe
  383. c:\program files (x86)\National Instruments\MAX\nimxs.exe
  384. c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
  385. c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
  386. c:\windows\SysWOW64\PnkBstrA.exe
  387. c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
  388. c:\windows\SysWOW64\lkcitdl.exe
  389. c:\windows\SysWOW64\lktsrv.exe
  390. c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
  391. c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
  392. c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
  393. c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
  394. c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
  395. .
  396. **************************************************************************
  397. .
  398. Zeit der Fertigstellung: 2013-08-20 19:28:31 - PC wurde neu gestartet
  399. ComboFix-quarantined-files.txt 2013-08-20 17:28
  400. ComboFix2.txt 2013-08-20 16:32
  401. .
  402. Vor Suchlauf: 26 Verzeichnis(se), 33.070.579.712 Bytes frei
  403. Nach Suchlauf: 28 Verzeichnis(se), 32.631.062.528 Bytes frei
  404. .
  405. - - End Of File - - F83C81AA607B750E9BCD20FBADB057FE
  406. A36C5E4F47E84449FF07ED3517B43A31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement