Ist doch soweit, alles ok? Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-07-29.02 - PSB PuLa 29.07.2012 23:58:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2013.923 [GMT 2:00]
ausgeführt von:: c:\users\PSB PuLa\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PSB PuLa\AppData\Roaming\ddfffefdf.txt
c:\users\PSB PuLa\AppData\Roaming\Help\coredb\storage
c:\users\PSB PuLa\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\L\00000004.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\n
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\00000004.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\00000008.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\000000cb.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\80000000.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\80000032.@
c:\windows\Installer\{ac90cc4a-8dfb-c30e-b58d-427c55aeeeac}\U\80000064.@
c:\windows\SysWow64\svdhalp.exe.ini0
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-28 bis 2012-07-29 ))))))))))))))))))))))))))))))
.
.
2012-07-29 21:47 . 2012-07-29 21:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-29 21:42 . 2012-07-29 21:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-29 21:27 . 2012-07-29 21:27 -------- d-----w- c:\programdata\PLAV
2012-07-29 21:27 . 2012-07-29 21:58 -------- d-----w- c:\program files (x86)\Common Files\PLAV
2012-07-29 21:27 . 2012-07-29 21:27 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-07-29 21:27 . 2012-07-29 22:11 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-07-29 20:47 . 2012-07-29 20:47 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Malwarebytes
2012-07-29 20:46 . 2012-07-29 20:46 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 20:46 . 2012-07-29 20:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 20:46 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 23:03 . 2012-07-28 23:03 -------- d-----w- c:\program files (x86)\SXTrader
2012-07-26 19:52 . 2012-07-26 19:52 -------- d-----w- C:\found.000
2012-07-25 22:09 . 2012-07-25 22:34 -------- d--h--w- c:\windows\AxInstSV
2012-07-25 11:15 . 2012-07-25 11:15 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 22:35 . 2012-07-20 23:31 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Heev
2012-07-20 22:35 . 2012-07-20 22:36 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Locagu
2012-07-20 10:23 . 2012-07-20 10:23 -------- d-----w- c:\users\PSB PuLa\temp
2012-07-19 00:21 . 2012-07-21 01:23 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-18 21:53 . 2012-07-18 21:53 -------- d-----w- c:\programdata\abpespsmeaynkye
2012-07-14 21:41 . 2003-02-02 18:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-07-14 21:41 . 2002-03-05 23:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-07-14 21:41 . 2012-07-14 21:41 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-07-14 21:41 . 2012-07-14 21:41 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Simply Super Software
2012-07-14 21:41 . 2012-07-14 21:41 -------- d-----w- c:\programdata\Simply Super Software
2012-07-14 13:03 . 2012-07-14 13:03 -------- d-----w- c:\program files\SXTrader
2012-07-12 10:40 . 2012-07-13 20:03 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Google Inc
2012-07-12 02:24 . 2012-07-13 01:20 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Apple
2012-07-12 01:52 . 2012-07-13 00:00 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Microsoft Corporation
2012-07-11 13:57 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:15 . 2012-07-13 04:32 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Windows Desktop Search
2012-07-10 16:43 . 2012-07-13 06:08 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Windows Search
2012-07-10 08:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-10 08:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-10 08:04 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-10 08:03 . 2012-07-26 13:13 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\vlc
2012-07-09 09:57 . 2012-07-13 05:20 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Dropbox
2012-07-08 11:24 . 2012-07-08 11:24 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\TuneUp Software
2012-07-08 11:23 . 2012-07-08 11:25 -------- d-----w- c:\programdata\TuneUp Software
2012-07-08 11:23 . 2012-07-08 11:23 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-08 11:23 . 2012-07-08 11:23 -------- d--h--w- c:\programdata\Common Files
2012-07-02 14:59 . 2012-07-02 14:59 -------- d-----w- c:\program files (x86)\Citrix
2012-07-02 11:13 . 2012-07-02 11:13 -------- d-----w- c:\users\PSB PuLa\AppData\Roaming\Avira
2012-07-02 11:06 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-02 11:06 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-02 11:06 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-02 11:06 . 2012-07-02 11:06 -------- d-----w- c:\programdata\Avira
2012-07-02 11:06 . 2012-07-02 11:06 -------- d-----w- c:\program files (x86)\Avira
2012-06-30 13:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-30 13:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-30 13:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-30 13:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-30 13:41 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-30 13:41 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-30 13:41 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-30 13:41 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-30 13:40 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-30 13:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-30 13:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-30 13:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-30 13:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-30 13:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-30 13:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-30 13:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-30 13:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 13:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 13:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 13:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 13:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-30 13:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 13:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 13:09 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 13:09 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-30 13:07 . 2012-06-30 13:07 -------- d-----w- c:\users\PSB PuLa\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 13:52 . 2011-08-10 12:51 59701280 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-14 1240848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2007-08-09 29696]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX264.sys [2010-03-09 894336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-29 117520]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-05-26 1121632]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [2008-07-31 98304]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [2009-09-16 98352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-13 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-17 270912]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-02-16 113264]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Hama\Common\RaRegistry64.exe [2010-06-01 211296]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3929754596-1530834394-1261489252-1001Core.job
- c:\users\PSB PuLa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:00]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3929754596-1530834394-1261489252-1001UA.job
- c:\users\PSB PuLa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:00]
.
2012-07-13 c:\windows\Tasks\HPCeeScheduleForPSB PuLa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=127.0.0.1:10276
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE: &Translate - c:\program files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} -
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - {A3400175-12F9-4220-83BF-A7210CA4003E} -
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\PSB PuLa\AppData\Roaming\Mozilla\Firefox\Profiles\vv2inu6z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com/?sp=hp
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=faddr&q=
FF - prefs.js: network.proxy.socks - 98.228.85.60
FF - prefs.js: network.proxy.socks_port - 1320
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-ParetoLogic Anti-Virus PLUS - c:\program files (x86)\ParetoLogic\PLAV\Pareto_AV.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{8F0116C6-375C-4557-BF03-CFCBE56E3147} - c:\program files (x86)\ParetoLogic\PLAV\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Hama\Common\RaRegistry.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-30 00:17:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-29 22:17
.
Vor Suchlauf: 17 Verzeichnis(se), 43.022.737.408 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 43.626.074.112 Bytes frei
.
- - End Of File - - B3CF1ACE6FF344D6AB0F57766180E85C
--- --- ---
23.08.2012, 19:38
Hybrid-Darstellung
