Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
posadi17 im IE

posadi17 im IE


Plagegeister aller Art und deren Bekämpfung: posadi17 im IE

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.05.2014, 16:26   #1
schrauber
/// the machine
/// TB-Ausbilder
 
posadi17 im IE - Standard

posadi17 im IE


hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.05.2014, 19:13   #2
lillimucki
 
posadi17 im IE - Standard

posadi17 im IE


Code:
ATTFilter
ComboFix 14-05-07.03 - Heiner 08.05.2014  19:46:56.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8179.5423 [GMT 2:00]
ausgeführt von:: c:\users\Heiner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\programdata\1360059849.bdinstall.bin
c:\programdata\1361789707.bdinstall.bin
c:\programdata\1375123999.bdinstall.bin
c:\programdata\1375125864.bdinstall.bin
c:\programdata\1375127725.bdinstall.bin
c:\programdata\1375163116.bdinstall.bin
c:\programdata\1375164939.bdinstall.bin
c:\programdata\1375166760.bdinstall.bin
c:\programdata\1375168582.bdinstall.bin
c:\programdata\1375170453.bdinstall.bin
c:\programdata\1375172319.bdinstall.bin
c:\programdata\1375174181.bdinstall.bin
c:\programdata\1375176048.bdinstall.bin
c:\programdata\1375211915.bdinstall.bin
c:\programdata\1375213805.bdinstall.bin
c:\programdata\1375215677.bdinstall.bin
c:\programdata\1375292848.bdinstall.bin
c:\programdata\1375294670.bdinstall.bin
c:\programdata\1375296573.bdinstall.bin
c:\programdata\1375298477.bdinstall.bin
c:\programdata\1375300381.bdinstall.bin
c:\programdata\1375302251.bdinstall.bin
c:\programdata\1375337207.bdinstall.bin
c:\programdata\1375339048.bdinstall.bin
c:\programdata\1375384680.bdinstall.bin
c:\programdata\1385017842.bdinstall.bin
c:\programdata\1385019667.bdinstall.bin
c:\programdata\1385021488.bdinstall.bin
c:\programdata\1385023308.bdinstall.bin
c:\programdata\1385025129.bdinstall.bin
c:\programdata\1385026950.bdinstall.bin
c:\programdata\1385028863.bdinstall.bin
c:\programdata\1385030684.bdinstall.bin
c:\programdata\1385032505.bdinstall.bin
c:\programdata\1385106047.bdinstall.bin
c:\programdata\1385154955.bdinstall.bin
c:\programdata\1385156777.bdinstall.bin
c:\programdata\1385241206.bdinstall.bin
c:\programdata\1385243032.bdinstall.bin
c:\programdata\1385244853.bdinstall.bin
c:\programdata\1385246673.bdinstall.bin
c:\programdata\1385248495.bdinstall.bin
c:\programdata\1385250320.bdinstall.bin
c:\programdata\1385252146.bdinstall.bin
c:\programdata\1385254012.bdinstall.bin
c:\programdata\1385287188.bdinstall.bin
c:\programdata\1385289011.bdinstall.bin
c:\programdata\1385290832.bdinstall.bin
c:\programdata\1385292652.bdinstall.bin
c:\programdata\1385294472.bdinstall.bin
c:\programdata\1385296292.bdinstall.bin
c:\programdata\1385298112.bdinstall.bin
c:\programdata\1385299930.bdinstall.bin
c:\programdata\1385301753.bdinstall.bin
c:\programdata\1385303592.bdinstall.bin
c:\programdata\1385353308.bdinstall.bin
c:\programdata\1385355128.bdinstall.bin
c:\programdata\1385356948.bdinstall.bin
c:\programdata\1385358768.bdinstall.bin
c:\programdata\1385360588.bdinstall.bin
c:\programdata\1385362409.bdinstall.bin
c:\programdata\1385364229.bdinstall.bin
c:\programdata\1385366050.bdinstall.bin
c:\programdata\1385367870.bdinstall.bin
c:\programdata\1385369690.bdinstall.bin
c:\programdata\1385371510.bdinstall.bin
c:\programdata\1385373330.bdinstall.bin
c:\programdata\1385375150.bdinstall.bin
c:\programdata\1385376971.bdinstall.bin
c:\programdata\1385378793.bdinstall.bin
c:\programdata\1385380613.bdinstall.bin
c:\programdata\1385382433.bdinstall.bin
c:\programdata\1385384379.bdinstall.bin
c:\programdata\1385386229.bdinstall.bin
c:\programdata\1385388050.bdinstall.bin
c:\programdata\1385389876.bdinstall.bin
c:\programdata\1385391696.bdinstall.bin
c:\users\Heiner\AppData\Roaming\1&1
c:\users\Heiner\AppData\Roaming\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\users\Heiner\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml
c:\users\Heiner\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\users\Heiner\GoToAssistDownloadHelper.exe
c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-08 bis 2014-05-08  ))))))))))))))))))))))))))))))
.
.
2014-05-08 17:59 . 2014-05-08 17:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-08 10:49 . 2014-05-08 10:49	--------	d-----w-	c:\programdata\Logitech
2014-05-08 10:49 . 2014-05-08 10:49	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Leadertech
2014-05-08 10:49 . 2014-05-08 10:49	53248	----a-r-	c:\users\Heiner\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-05-08 10:49 . 2014-05-08 10:49	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2014-05-08 10:48 . 2014-05-08 10:48	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-05-08 10:47 . 2014-05-08 10:49	--------	d-----w-	c:\programdata\Logishrd
2014-05-08 10:47 . 2014-05-08 10:47	--------	d-----w-	c:\program files\Logitech
2014-05-08 10:47 . 2014-05-08 10:48	--------	d-----w-	c:\program files\Common Files\LogiShrd
2014-05-08 10:46 . 2014-05-08 10:49	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Logitech
2014-05-08 10:46 . 2014-05-08 10:47	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Logishrd
2014-05-07 07:51 . 2014-05-07 07:54	--------	d-----w-	C:\FRST
2014-05-07 06:36 . 2014-05-07 06:36	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Solvusoft
2014-05-06 23:02 . 2014-05-06 23:01	313256	----a-w-	c:\windows\system32\javaws.exe
2014-05-06 23:02 . 2014-05-06 23:01	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-06 23:02 . 2014-05-06 23:01	189352	----a-w-	c:\windows\system32\javaw.exe
2014-05-06 23:02 . 2014-05-06 23:01	189352	----a-w-	c:\windows\system32\java.exe
2014-05-06 21:51 . 2014-04-17 03:31	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2613D108-F098-4BDA-A0E3-D21386E14F4C}\mpengine.dll
2014-05-06 14:48 . 2014-05-06 14:48	--------	d-----w-	c:\users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 14:48 . 2014-05-06 14:47	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-05-06 14:48 . 2014-05-06 14:47	85328	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-05-06 14:48 . 2014-05-06 14:47	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-05-06 14:48 . 2014-05-06 14:47	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-05-06 14:48 . 2014-05-06 14:47	423240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-05-06 14:48 . 2014-05-06 14:47	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-05-06 14:48 . 2014-05-06 14:47	208416	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-05-06 14:48 . 2014-05-06 14:47	1039096	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-05-06 14:48 . 2014-05-06 14:47	28184	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2014-05-06 14:47 . 2014-05-06 14:47	334648	----a-w-	c:\windows\system32\aswBoot.exe
2014-05-06 14:47 . 2014-05-06 14:47	43152	----a-w-	c:\windows\avastSS.scr
2014-05-06 14:47 . 2014-05-06 14:47	447888	----a-w-	c:\windows\system32\drivers\aswNdisFlt.sys
2014-05-06 14:47 . 2014-05-06 14:47	--------	d-----w-	c:\program files\AVAST Software
2014-05-06 14:44 . 2014-05-06 14:44	--------	d-----w-	c:\programdata\AVAST Software
2014-05-06 14:43 . 2014-05-06 14:43	--------	d-----w-	c:\windows\SysWow64\wbem\Logs
2014-05-05 14:21 . 2014-05-06 14:42	--------	d-----w-	c:\program files (x86)\G Data
2014-05-05 14:20 . 2014-05-06 14:41	--------	d-----w-	c:\programdata\G Data
2014-05-05 14:14 . 2014-05-05 14:14	--------	d-----w-	c:\program files\CCleaner
2014-05-03 18:37 . 2014-05-03 18:37	--------	d-----w-	c:\users\Heiner\AppData\Local\Trend Micro
2014-05-03 18:34 . 2014-05-03 18:40	--------	d-----w-	c:\programdata\Trend Micro Installer
2014-05-03 18:30 . 2014-05-03 18:30	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-03 18:30 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-05-03 18:30 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-03 18:23 . 2014-05-03 18:23	--------	d-----w-	c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-03 07:00 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-03 07:00 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-03 07:00 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-01 17:34 . 2014-05-07 06:29	--------	d-----w-	C:\AdwCleaner
2014-04-30 13:57 . 2014-05-08 16:17	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 09:31 . 2014-04-29 09:31	--------	d-----w-	c:\program files (x86)\StartupStar
2014-04-29 07:48 . 2014-04-29 07:48	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 07:48 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-29 07:48 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-29 07:42 . 2013-10-21 13:36	583048	----a-w-	c:\windows\AmPUn0.exe
2014-04-29 07:42 . 2014-04-29 07:42	--------	d-----w-	c:\program files\AmP
2014-04-26 12:36 . 2014-04-26 12:36	--------	d-----w-	c:\users\Heiner\AppData\Roaming\InetStat
2014-04-26 12:35 . 2014-04-26 12:49	--------	d-----w-	c:\users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-24 19:54 . 2014-04-24 19:54	--------	d-sh--w-	c:\users\Heiner\AppData\Local\EmieUserList
2014-04-24 19:54 . 2014-04-24 19:54	--------	d-sh--w-	c:\users\Heiner\AppData\Local\EmieSiteList
2014-04-22 17:36 . 2014-04-22 17:37	--------	d-----w-	c:\program files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 10:24 . 2014-04-22 10:24	--------	d-----w-	c:\program files\Microsoft Mouse and Keyboard Center
2014-04-12 08:46 . 2014-04-12 08:46	--------	d-----w-	c:\users\Heiner\AppData\Roaming\DataDesign
2014-04-12 08:31 . 2014-04-12 08:45	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Lexware
2014-04-12 08:30 . 2014-04-12 08:30	--------	d-----w-	c:\program files (x86)\Common Files\DataDesign
2014-04-12 08:29 . 2014-04-12 08:30	--------	d-----w-	c:\program files (x86)\Lexware
2014-04-12 08:29 . 2014-04-12 08:31	--------	d-----w-	c:\programdata\Lexware
2014-04-12 08:28 . 2014-04-12 08:30	--------	d-----w-	c:\program files (x86)\Common Files\Lexware
2014-04-12 08:28 . 2014-04-12 08:31	--------	d-----w-	c:\users\Heiner\AppData\Local\Lexware
2014-04-10 09:49 . 2014-04-10 09:49	--------	d-----w-	c:\windows\CryptoGuard
2014-04-09 11:19 . 2014-01-23 03:21	206080	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2014-04-09 11:19 . 2014-01-23 03:21	108800	----a-w-	c:\windows\system32\drivers\ssudbus.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 21:29 . 2012-03-30 12:25	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 21:29 . 2012-01-03 04:26	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 07:00 . 2014-02-21 22:01	17931952	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-04-10 09:41 . 2013-10-19 16:42	93144	----a-w-	c:\windows\system32\drivers\hmpalert.sys
2014-04-10 09:41 . 2013-10-19 16:42	548424	----a-w-	c:\windows\system32\hmpalert.dll
2014-04-10 09:41 . 2013-10-19 16:42	477008	----a-w-	c:\windows\SysWow64\hmpalert.dll
2014-04-09 07:01 . 2012-03-11 08:55	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-04-08 14:15 . 2014-03-25 08:40	10	----a-w-	c:\users\Heiner\AppData\Roaming\pdfdrawcodec.dll
2014-04-03 07:50 . 2012-09-25 08:58	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-19 13:23 . 2014-03-19 13:23	862664	----a-w-	c:\windows\SysWow64\msvcr110.dll
2014-03-19 13:23 . 2014-03-19 13:23	828872	----a-w-	c:\windows\system32\msvcr110.dll
2014-03-19 13:23 . 2014-03-19 13:23	661448	----a-w-	c:\windows\system32\msvcp110.dll
2014-03-19 13:23 . 2014-03-19 13:23	534480	----a-w-	c:\windows\SysWow64\msvcp110.dll
2014-03-19 13:23 . 2014-03-19 13:23	50896	----a-w-	c:\windows\system32\drivers\point64.sys
2014-03-19 13:23 . 2014-03-19 13:23	354264	----a-w-	c:\windows\system32\vccorlib110.dll
2014-03-19 13:23 . 2014-03-19 13:23	251864	----a-w-	c:\windows\SysWow64\vccorlib110.dll
2014-03-19 13:23 . 2014-03-19 13:23	2276560	----a-w-	c:\windows\system32\coin95ip.dll
2014-03-19 13:23 . 2014-03-19 13:23	1795952	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2014-03-04 09:17 . 2014-04-09 05:53	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-02-28 08:51 . 2014-02-28 08:51	825696	----a-w-	c:\windows\SysWow64\Ddbaccpl.cpl
2014-02-28 08:51 . 2014-02-28 08:51	227680	----a-w-	c:\windows\SysWow64\ddBACCTM.cpl
2014-02-26 15:37 . 2012-03-20 13:13	9728	----a-w-	c:\windows\SysWow64\WindowsClosingService.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Klebezettel NG"="c:\program files (x86)\Klebezettel NG\klebez.exe" [2014-02-20 4418048]
"Alle meine Passworte"="c:\progra~2\AMP\AMP.EXE" [2011-05-25 3792776]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
"pdiface"="c:\program files\Bitdefender\60-Second Virus Scanner\pdiface.exe" [2013-10-30 283608]
"KiesPDLR.exe"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-02-14 845120]
"SOS_Agent"="c:\program files (x86)\Steganos Online Shield\OnlineShieldClient.exe" [2014-04-09 4709720]
"InetStat"="c:\users\Heiner\AppData\Roaming\InetStat\inetstat.exe" [2014-04-26 1260648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-01 336384]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Z-defragRAM"="d:\z-defrag ram\zdefrag27\z-defrag\Z-defrag.EXE" [2011-03-17 233536]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-06 3873704]
.
c:\users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Geburtstagsmahner.lnk - d:\zehbesoft\Geburtstagsmahner\GebAlert.exe [2012-3-11 493056]
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Meine Dienste.lnk - c:\program files\Telekom\Meine Dienste\StartMeineDienste.exe Autostart [2012-8-30 269944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService;c:\windows\SYSNATIVE\WindowsClosingService [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys;c:\windows\SYSNATIVE\DRIVERS\jddrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 CryptBox;CryptBox;c:\windows\SysWOW64\drivers\CryptBox.sys;c:\windows\SysWOW64\drivers\CryptBox.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Online Shield Starter Service;Online Shield Starter Service;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:29]
.
2014-05-07 c:\windows\Tasks\DriverDoc_UPDATES.job
- c:\program files (x86)\DriverDoc\Solvusoftdd.exe [2013-07-26 17:06]
.
2014-05-02 c:\windows\Tasks\HPCeeScheduleForHEINER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-05-05 c:\windows\Tasks\HPCeeScheduleForHeiner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-05-08 c:\windows\Tasks\StartupStar Firewall.job
- c:\program files (x86)\StartupStar\StartupStar.exe [2014-04-29 11:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-06 14:47	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 13:55	187672	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:02	308736	----a-w-	c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\quicken8\inet\common\blank.htm
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/|hxxp://www.onlinetvrecorder.com/v2/?go=list&tab=search&station=&date=sinceregister&year=2014&fd=1&fm=1&td=31&tm=12&actor=&director=&minutes=&title=&times=0&intext=0&cbde=0&cbsing=0&cben=0&cbxy=0&cbfav=0&rating=0&weekday=&searchmethod=match&indatefrom=0&indateto=0&intimefrom=&intimeto=&genre=0&format=&source=my&filestate=&wdh=&fsk=&start=0&view=table&order=beginn&saveorder=beginn|hxxp://www.wetter.com/wetter_aktuell/wettervorhersage/heute/deutschland/obernzenn/DE0007791.html|hxxp://wetter.msn.com/local.aspx?wealocations=wc:8256724&q=Bad+Windsheim%2c+BY|hxxp://www.unwetterzentrale.de/uwz/getwarning_de.php?xpos=187&ypos=193&bland=bayern&lang=de|hxxp://www.unwetterzentrale.de/uwz/bayernindex.html
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk - c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-ZehbeSoft Geburtstagsmahner - c:\windows\system32\GKSUI20.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\AmP\AmP.exe
c:\program files (x86)\Canon\Quick Menu\CNQMSWCS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-08  20:09:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-08 18:09
.
Vor Suchlauf: 41 Verzeichnis(se), 131.328.126.976 Bytes frei
Nach Suchlauf: 49 Verzeichnis(se), 130.509.320.192 Bytes frei
.
- - End Of File - - 39C6405A4EA78513A9C1DBA9090DBADD
A36C5E4F47E84449FF07ED3517B43A31
__________________

__________________
Antwort

Themen zu posadi17 im IE
.com, avast, bericht, desktop, detected, erstellt, explorer, home, internet, internet explorer, link, malwarebytes, posadi17, posadi17 entfernen, registrierungsdatenbank, roaming, schutz, service, suche, webseite, webseiten, windows, windows 7


« Sparkasse Sicherheitscontrolle | Unerwünschte Werbeseiten öffnen sich ungefragt »


Ähnliche Themen: posadi17 im IE


  1. Posadi17 Virus was tun?
    Plagegeister aller Art und deren Bekämpfung - 20.08.2014 (11)
  2. PC hat Virus, vielleicht posadi17
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (9)
  3. Posadi17
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (5)
  4. Posadi17 nach verschiedenen Maßnahmen immer noch nicht entfernt bekommen
    Log-Analyse und Auswertung - 22.06.2014 (3)
  5. Posadi17.com werde ich nicht los
    Log-Analyse und Auswertung - 01.06.2014 (3)
  6. Posadi17.com läst sich nicht entfernen
    Log-Analyse und Auswertung - 27.05.2014 (10)
  7. Posadi17.com/ lässt sich nicht entfernen
    Log-Analyse und Auswertung - 23.05.2014 (15)
  8. Posadi17 - Probleme mit der Entfernung!
    Log-Analyse und Auswertung - 22.05.2014 (7)
  9. Posadi17 verschwindet nicht mehr.
    Log-Analyse und Auswertung - 14.05.2014 (3)
  10. "Posadi17" ständig offen als Task im Taskmanager
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (18)
  11. posadi17 entfernen
    Anleitungen, FAQs & Links - 30.04.2014 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema posadi17 im IE - hi, Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan - posadi17 im IE...
Archiv
Du betrachtest: posadi17 im IE auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131