vielen Dank, et voilà:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 13-07-31.02 - Me 01.08.2013 10:30:52.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2009.1186 [GMT 2:00]
ausgeführt von:: c:\users\Me\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Me\AppData\Local\TempDIR
c:\users\Me\AppData\Local\TempDIR\securew2_xp.exe
c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Me\DelayInst.exe
c:\users\Me\g2mdlhlpx.exe
c:\users\Me\installservice.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-01 bis 2013-08-01 ))))))))))))))))))))))))))))))
.
.
2013-07-31 16:47 . 2013-07-31 16:47 -------- d-----w- C:\FRST
2013-07-31 06:44 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C52B497-1B7F-47F0-A928-C5E916F69312}\mpengine.dll
2013-07-29 20:37 . 2013-07-29 20:37 -------- d-----w- c:\users\Me\AppData\Roaming\Malwarebytes
2013-07-29 20:37 . 2013-07-29 20:37 -------- d-----w- c:\programdata\Malwarebytes
2013-07-29 20:37 . 2013-07-29 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-29 20:37 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-29 20:36 . 2013-07-29 20:36 -------- d-----w- c:\users\Me\AppData\Local\Programs
2013-07-12 08:40 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-12 08:40 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-12 08:40 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-12 08:40 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-12 08:39 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 08:39 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 08:39 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 08:39 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 08:39 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-12 08:39 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-12 08:39 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 12:42 . 2012-06-08 10:38 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-06-11 22:54 . 2012-12-27 09:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 22:54 . 2011-09-06 05:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 22:54 . 2013-06-11 22:54 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-13 04:45 . 2013-06-13 07:23 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 07:23 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-13 07:23 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-13 07:23 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 07:23 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-13 07:23 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-13 07:23 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-13 07:23 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-06 05:06 . 2013-06-13 07:23 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-09 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2010-02-10 171104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-02-20 356376]
.
c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2008-10-25 98696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico -user_logon [2011-5-18 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
R3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [2009-07-14 82272]
R3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\DRIVERS\SE1008mdm.sys [2009-02-18 58536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 13824]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-07 1343400]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-07-07 44000]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-04-23 145040]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 17920]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 54544]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-09 13336]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 726288]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 541968]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-02-20 25944]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-02-20 25944]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-11-05 982528]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 22:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=4e53fd780000000000001c4bd64d2364
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\ylqvsx99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A0a148bef-c03b-4895-a74b-87a0fe871ea8&locale=us
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-01 11:02:45
ComboFix-quarantined-files.txt 2013-08-01 09:02
.
Vor Suchlauf: 9 Verzeichnis(se), 216.662.810.624 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 216.958.439.424 Bytes frei
.
- - End Of File - - 31CB2A572A586E885BB3AA0C5882324D
4624822E540EC83CD0819525C65846BA
01.08.2013, 10:07
Baum-Darstellung