| |
| |||||||
Log-Analyse und Auswertung: Hab ich Spyware geladen? Advance System Protector, Disc Speedup, Registery Clean proWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.01.2014, 00:23
| #1 |
| |  Hab ich Spyware geladen? Advance System Protector, Disc Speedup, Registery Clean pro Ich habe gestern Registery Clean Pro und Disc Speedup gekauft, heute noch auf meinen Laptop geladen. Dabei installierte sich Advants System Protector. Nun las ich, dass es gefährliche Programme sind. Ich habe Combofix runtergeladen und auf beiden Rechnern durchlaufen lassen, erst hinterher gelesen, dass man es nicht selbständig machen soll. Ich sende beide log-Dateien: PC:Combofix Logfile: Code:
ATTFilter ComboFix 14-01-21.03 - Adelheid 21.01.2014 21:26:38.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1197 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Adelheid\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-21 bis 2014-01-21 ))))))))))))))))))))))))))))))
.
.
2014-01-18 11:13 . 2014-01-18 11:19 2502 ----a-w- c:\windows\system32\ASOROSet.bin
2014-01-17 16:07 . 2014-01-17 16:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Systweak
2014-01-17 16:07 . 2014-01-17 16:13 -------- d-----w- c:\programme\Disk Speedup
2014-01-17 13:56 . 2014-01-17 16:07 -------- d-----w- c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Systweak
2014-01-17 13:56 . 2014-01-17 16:05 -------- d-----w- c:\programme\RegClean Pro
2014-01-17 13:54 . 2014-01-17 13:54 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2014-01-17 13:54 . 2014-01-17 13:54 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-17 13:54 . 2014-01-17 13:54 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-13 16:30 . 2014-01-13 16:30 -------- d-----w- c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Search Settings
2014-01-13 16:30 . 2014-01-13 16:30 -------- d-----w- c:\programme\Application Updater
2014-01-13 16:30 . 2014-01-13 16:30 -------- d-----w- c:\programme\pdfforge Toolbar
2014-01-13 16:30 . 2014-01-13 16:30 -------- d-----w- c:\programme\Gemeinsame Dateien\Spigot
2013-12-29 20:15 . 2013-12-29 20:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 11:15 . 2012-11-03 12:03 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 11:15 . 2012-11-03 12:03 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-16 22:20 . 2013-08-16 19:11 5496 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-12-11 07:55 . 2012-04-02 08:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 07:55 . 2011-08-07 14:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-27 20:21 . 2004-08-10 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-27 10:51 . 2012-11-03 12:03 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-13 02:59 . 2004-08-10 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-10 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 05:25 8192 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2004-08-10 12:00 1879168 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2006-03-04 03:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2004-08-10 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-10 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-09-19 09:39 . 2010-09-19 09:38 19657194 ----a-w- c:\programme\vlc-1.1.4-win32.exe
2009-11-26 21:04 . 2009-11-23 12:52 28243334 ----a-w- c:\programme\FreeStudio.exe
2009-11-23 13:07 . 2009-11-23 13:06 7663192 ----a-w- c:\programme\FreeYouTubeToiPodConverter.exe
2009-11-23 12:40 . 2009-11-23 12:40 14702386 ----a-w- c:\programme\AudioBookConverter_018_Setup.exe
2009-11-23 12:38 . 2009-11-23 12:38 338624 ----a-w- c:\programme\switchsetup.exe
2009-11-23 12:32 . 2009-11-23 12:29 19816758 ----a-w- c:\programme\videora-ipod-503-setup.exe
2009-11-16 13:15 . 2009-11-16 13:15 93074728 ----a-w- c:\programme\iTunesSetup.exe
2009-11-14 15:28 . 2009-11-14 15:27 7919008 ----a-w- c:\programme\Firefox Setup 3.5.5.exe
2009-11-14 15:15 . 2009-11-14 15:15 7595863 ----a-w- c:\programme\FreeYouTubeDownload.exe
2009-07-17 17:15 . 2009-05-25 16:00 32467048 ----a-w- c:\programme\avira_antivir_personal_de.exe
2009-06-15 16:01 . 2009-06-15 16:01 4909440 ----a-w- c:\programme\Silverlight.2.0.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9FD6379A-EF46-4193-BC64-99F59DF1334F}]
2010-07-15 21:00 269824 ----a-w- c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\AdblockPlus\IE\AdblockPlus.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2013-11-06 11:59 226592 ----a-w- c:\programme\WiseConvert\prxtbWis0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\programme\WiseConvert\prxtbWis0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\programme\WiseConvert\prxtbWis0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-09 401491]
"PC Suite Tray"="d:\programme\NokiaSuite\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"NBCore"="c:\programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBCore.exe" [2008-09-24 1561896]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"AOL Fast Start"="c:\programme\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"vspdfprsrv.exe"="c:\programme\Avanquest\PDF Experte 7 Professional\vspdfprsrv.exe" [2011-06-23 4252160]
"Babylon Client"="h:\programme\Babylon\Babylon-Pro\Babylon.exe" [2013-02-26 3589712]
"Reader Application Helper"="h:\programme\appHelper\ReaderAppHelper.exe" [2013-03-18 899400]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-03-26 703888]
"PMBVolumeWatcher"="c:\programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2013-09-15 295512]
"SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe" [2013-12-27 1383232]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Belkin Wireless USB Utility.lnk - c:\programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe -T [2005-10-28 1404928]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico -user_logon [2013-7-29 6144]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Adelheid^Startmenü^Programme^Autostart^OpenOffice.org 3.2.lnk]
path=c:\dokumente und einstellungen\Adelheid\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Adelheid^Startmenü^Programme^Autostart^Picture Motion Browser Medien-Prüfung.lnk]
path=c:\dokumente und einstellungen\Adelheid\Startmenü\Programme\Autostart\Picture Motion Browser Medien-Prüfung.lnk
backup=c:\windows\pss\Picture Motion Browser Medien-Prüfung.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Adelheid^Startmenü^Programme^Autostart^StarOffice 7.lnk]
path=c:\dokumente und einstellungen\Adelheid\Startmenü\Programme\Autostart\StarOffice 7.lnk
backup=c:\windows\pss\StarOffice 7.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Nikon Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-04-09 18:14 136472 ----a-w- c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-04-09 18:23 909208 ----a-w- c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-04-30 16:22 64032 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyConnect SMC]
2013-03-26 15:43 703888 ----a-w- c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-06-21 12:42 70952 ----a-r- c:\programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-07-27 20:41 397992 ----a-w- c:\programme\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 15:05 311296 ----a-r- c:\programme\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-04 11:16 75048 ------w- c:\programme\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BiosNotice]
2010-06-15 13:57 994304 ----a-w- c:\programme\BIOSTAR\BiosNotice\BiosNotice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 01:50 2516296 ----a-w- c:\programme\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\programme\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-06-13 03:20 127036 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-17 17:50 976832 ----a-w- c:\programme\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 12:34 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 15:29 385024 ----a-w- c:\programme\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-09 09:32 401491 ----a-w- c:\programme\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\programme\Gemeinsame Dateien\aol\1229768934\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 12:54 1057064 ----a-w- c:\programme\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35 152392 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2009-04-16 17:56 62760 ----a-w- c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\programme\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBCore]
2008-09-24 12:57 1561896 ----a-w- c:\programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 12:57 2254120 ----a-w- c:\programme\Nero\Nero BackItUp 4\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- d:\programme\NokiaSuite\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2013-04-24 03:26 740888 ----a-w- c:\programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2009-09-10 21:57 1328424 ------w- c:\programme\CyberLink\PowerDVD\PowerDVD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2013-09-15 20:37 501328 ----a-w- c:\programme\real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2009-04-16 17:54 87336 ------w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-04-30 16:22 19523616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2013-12-27 16:04 1383232 ----a-w- c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 12:54 1629480 ----a-w- c:\programme\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-07-25 06:58 20684656 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-26 16:30 98304 ----a-w- c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2008-08-06 12:29 2281472 ----a-w- c:\programme\Vtune ATI\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-15 20:37 295512 ----a-w- c:\programme\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-04-09 18:11 2595792 ----a-w- c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-r- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Spindown Utility]
2004-08-09 14:15 278528 ----a-w- c:\programme\Western Digital Technologies\Spindown\ExSpinDn.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="d:\programme\NokiaSuite\Nokia PC Suite 7\PCSuite.exe" -onlytray
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"CanonMyPrinter"=c:\programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenuEx"=c:\programme\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"VX1000"=c:\windows\vVX1000.exe
"NSU_agent"="c:\programme\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1229768934\\ee\\aolsoftware.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\AOL 9.0 VR\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\21\\WinWrapIDE.exe"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\21\\stats.com"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\21\\stats.exe"=
"d:\\Programme\\IBM\\SPSS\\Statistics\\21\\JRE\\bin\\javaw.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Dokumente und Einstellungen\\Adelheid\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [03.11.2012 13:03 37352]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [19.12.2008 19:07 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [19.12.2008 20:52 6272]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.05.2009 16:07 759048]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [03.11.2012 13:03 440376]
R2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [03.11.2012 13:03 1011768]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [27.12.2013 17:00 807800]
R2 DeviceFinderService;DeviceFinderService;c:\programme\Sony\PlayMemories Home\dfs.exe [24.04.2013 04:31 149528]
R2 DSUDiskOptimizer;DSUDiskOptimizer;c:\programme\Disk Speedup\DSUDefragSrv.exe [17.01.2014 17:07 669480]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [24.04.2013 04:30 483864]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programme\RealNetworks\RealDownloader\rndlresolversvc.exe [14.08.2013 14:19 39056]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [08.12.2011 19:31 1527104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07.10.2010 11:34 10064]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [25.07.2013 07:52 162672]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [04.04.2013 18:08 39888]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [04.04.2013 18:08 58320]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.12.2008 20:15 1691480]
S3 BS_Flash;BS_Flash;\??\c:\programme\BIOS Update\Award\BS_Flash.sys --> c:\programme\BIOS Update\Award\BS_Flash.sys [?]
S3 cpuz130;cpuz130;\??\c:\dokume~1\Adelheid\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\Adelheid\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 16:48 235216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.10.2012 08:37 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.10.2012 08:37 8576]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NTMSSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-14 18:38 1211672 ----a-w- c:\programme\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:55]
.
2014-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-25 19:54]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-25 19:54]
.
2014-01-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-484763869-1425521274-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-484763869-1425521274-839522115-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-17 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-484763869-1425521274-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2013-12-30 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-484763869-1425521274-839522115-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1425521274-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1425521274-839522115-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1425521274-839522115-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1425521274-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1425521274-839522115-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2013-12-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1425521274-839522115-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
2014-01-20 c:\windows\Tasks\RegClean Prosch.job
- c:\programme\RegClean Pro\RegCleanPro.exe [2014-01-17 17:36]
.
2014-01-20 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\programme\RegClean Pro\RegCleanPro.exe [2014-01-17 17:36]
.
2014-01-17 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\programme\RegClean Pro\RegCleanPro.exe [2014-01-17 17:36]
.
2013-04-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2011-07-27 20:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Citavi Picker... - file://c:\dokumente und einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Translate this web page with Babylon - h:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - h:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: fernuni-hagen.de
Trusted Zone: fernuni-hagen.de\feuweb
Trusted Zone: fernuni-hagen.de\webvpn
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2E6D1503-DFA6-42CC-BE5B-CD53FCEB3FBB}: NameServer = 62.109.121.2 62.109.121.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.fernuni-hagen.de/+CSCOL+/csvrloader32.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://webvpn.fernuni-hagen.de/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Mozilla\Firefox\Profiles\klux6hai.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115284&tt=270912_ctrl2_3912_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v24300296412477390934662012101623025821');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e8e5915600000000000000173ffe44fa&q=
FF - user.js: extensions.BabylonToolbar.id - e8e5915600000000000000173ffe44fa
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15629
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.823:04
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e8e5915600000000000000173ffe44fa
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15748
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:16
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: extensions.searchgol.tlbrSrchUrl -
FF - user.js: extensions.searchgol.id - e8e5915600000000000000059a3c7a00
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15806
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1916:48
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef -
FF - user.js: extensions.searchgol.dfltLng - de
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2014-01-21 21:33
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programme\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,38,f6,2a,e8,3b,f0,4d,bd,53,f2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,38,f6,2a,e8,3b,f0,4d,bd,53,f2,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1296)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(4448)
h:\programme\Babylon\Babylon-Pro\Captlib.dll
c:\dokumente und einstellungen\Adelheid\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2014-01-21 21:35:13
ComboFix-quarantined-files.txt 2014-01-21 20:35
ComboFix2.txt 2014-01-21 20:09
.
Vor Suchlauf: 19 Verzeichnis(se), 23.717.548.032 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 23.694.704.640 Bytes frei
.
- - End Of File - - 0750BA32C8598EC261087B738FC32054
72B8CE41AF0DE751C946802B3ED844B4 vom Laptop:Combofix Logfile: Code:
ATTFilter ComboFix 14-01-21.03 - Adele 21.01.2014 22:24:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1033.18.1015.669 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Adele\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Adele\Application Data\PriceGong
c:\documents and settings\Adele\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\8044.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Adele\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Adele\Application Data\PriceGong\Data\z.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\program files\avira_free_antivirus_2890de.exe
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET41.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-21 bis 2014-01-21 ))))))))))))))))))))))))))))))
.
.
2014-01-21 21:09 . 2014-01-21 21:09 20080 ----a-w- c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-01-21 21:09 . 2014-01-21 21:09 2106216 ----a-w- c:\program files\Mozilla Firefox\updated\D3DCompiler_43.dll
2014-01-21 21:09 . 2014-01-21 21:09 75376 ----a-w- c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2014-01-21 21:09 . 2014-01-21 21:09 272496 ----a-w- c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-01-21 19:35 . 2014-01-21 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Allmyapps
2014-01-21 19:33 . 2014-01-21 19:57 -------- d-----w- c:\program files\Systweak Support Dock
2014-01-21 16:21 . 2014-01-21 16:28 3084 ----a-w- c:\windows\system32\ASOROSet.bin
2014-01-21 15:22 . 2014-01-21 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2013-12-29 12:31 . 2013-12-29 12:31 -------- d-----w- c:\program files\Dropbox
2013-12-29 12:29 . 2014-01-21 19:55 -------- d-----w- c:\documents and settings\Adele\Application Data\Dropbox
2013-12-24 07:50 . 2013-12-24 07:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\WiseConvert_1.3
2013-12-24 07:50 . 2013-12-24 07:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\FileConverter_1.3
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 16:51 . 2012-06-21 20:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-18 16:51 . 2012-06-21 20:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 15:40 . 2013-01-10 17:23 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 15:40 . 2013-01-10 17:23 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-05 20:55 . 2013-01-10 17:23 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-27 20:21 . 2008-08-01 16:37 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2008-08-01 16:37 150528 ------w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2008-08-01 16:37 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-11-11 10:02 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2008-08-01 16:37 1879040 ------w- c:\windows\system32\win32k.sys
2013-10-25 11:24 . 2008-08-01 16:37 841216 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 11:24 . 2008-08-01 16:37 78336 ------w- c:\windows\system32\ieencode.dll
2013-10-25 11:24 . 2008-08-01 16:37 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-10-25 11:24 . 2008-08-01 16:37 17408 ------w- c:\windows\system32\corpol.dll
2013-10-23 23:45 . 2008-08-01 16:37 172032 ------w- c:\windows\system32\scrrun.dll
2013-04-22 22:40 . 2013-04-22 22:20 2619253594 ----a-w- c:\program files\SPSSStatistics_21_Windows.exe
2013-04-17 10:54 . 2013-04-17 10:39 22936040 ----a-w- c:\program files\Mendeley-Desktop-1.8.4-win32.exe
2009-12-12 18:09 . 2009-12-12 18:09 119760212 ------w- c:\program files\OOo_2.4.1_Win32Intel_install_de.exe
2009-09-25 18:14 . 2009-09-25 18:14 34119048 ------w- c:\program files\avira_antivir_personal408_de.exe
2008-05-07 08:34 . 2009-03-08 06:49 15523560 ------w- c:\program files\U1 Setup.exe
2013-04-10 06:57 . 2013-04-25 11:17 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFil2.dll" [2013-05-20 231712]
"{213c8ed6-1d78-4d8f-8729-25006aa86a76}"= "c:\program files\WiseConvert_1.3\prxtbWis2.dll" [2013-05-20 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
2013-05-20 09:21 231712 ----a-w- c:\program files\WiseConvert_1.3\prxtbWis2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
2013-05-20 09:21 231712 ----a-w- c:\program files\FileConverter_1.3\prxtbFil2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFil2.dll" [2013-05-20 231712]
"{213c8ed6-1d78-4d8f-8729-25006aa86a76}"= "c:\program files\WiseConvert_1.3\prxtbWis2.dll" [2013-05-20 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{78E516EF-11DE-47A1-8364-A99B917EC5EE}"= "c:\program files\FileConverter_1.3\prxtbFil2.dll" [2013-05-20 231712]
"{213C8ED6-1D78-4D8F-8729-25006AA86A76}"= "c:\program files\WiseConvert_1.3\prxtbWis2.dll" [2013-05-20 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Adele\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Adele\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Adele\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Adele\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-09-24 3129184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-08-03 27760]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-07 210216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-09-28 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"HostManager"="c:\program files\Common Files\AOL\1273586992\ee\AOLSoftware.exe" [2006-09-26 50736]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-07-21 295512]
"PCSUITE BACKUP"="c:\program files\MARKEMENT\PCSUITE BACKUP\bin\backupClient-pcsb.exe" [2013-10-22 112504]
.
c:\documents and settings\Adele\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Adele\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray-Symbol.lnk - c:\program files\AOL 9.0\aoltray.exe -check [2010-2-21 156784]
Asus Power Management Utility.lnk - c:\program files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe [2009-3-8 294912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\1273586992\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Adele\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10.01.2013 18:23 37352]
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [01.06.2010 09:14 21504]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [10.01.2013 18:23 440376]
R2 pcsuite_backup;PCSUITE BACKUP;c:\program files\MARKEMENT\PCSUITE BACKUP\bin\backupService-pcsb.exe [22.10.2013 18:54 20856]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16.04.2013 02:07 39056]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [20.12.2011 11:49 31848]
S2 DSUDiskOptimizer;DSUDiskOptimizer;c:\program files\Disk Speedup\DSUDefragSrv.exe --> c:\program files\Disk Speedup\DSUDefragSrv.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.07.2012 12:28 160944]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [20.12.2011 11:49 31848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-21 15:24 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 16:51]
.
2013-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2014-01-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 17:37]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 17:37]
.
2014-01-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-461096270-683511245-1749226496-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]
.
2013-11-10 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-461096270-683511245-1749226496-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]
.
2014-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-461096270-683511245-1749226496-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]
.
2013-08-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-461096270-683511245-1749226496-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3242337
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Adele\Application Data\Mozilla\Firefox\Profiles\kgink2wc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2012-01-14 19:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-RDReminder - d:\regclean pro\RegCleanPro.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2014-01-21 22:37
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2014-01-21 22:41:29
ComboFix-quarantined-files.txt 2014-01-21 21:41
.
Vor Suchlauf: 23.996.112.896 bytes free
Nach Suchlauf: 24.749.031.424 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 562D875213F48CA54E54A3E75E8B4F59
6D589CFCE97527CE5D3B291F4D2D54CB Wie groß ist die Infektionsgefahr über Word dateien? Ich bin gerade mitten in einer Abschlussarbeit. Wie kann ich die Daten sichern? Was muss ich löschen? Muss der PC völlig neu aufgebaut werden? Mit freundlichen Grüßen Adele |
| Themen zu Hab ich Spyware geladen? Advance System Protector, Disc Speedup, Registery Clean pro |
| advents system protector; registery clean pro, adware/vattalia.ab, adware/yontoogen, avira, browser, combofix, disc speedup, downloader, fast start, firefox, flash player, google, helper, home, internet explorer, malware, mozilla, preferences, security, software, svchost, swf/dldr.adsechost.a, system, tr/trash.gen, windows, windows xp |
Baum-Darstellung