Fenrirwolf | 02.07.2012 16:16 | Die Fundmeldung von kaspersky: Code:
Status: Schwachstelle (Ereignisse: 8)
01.07.2012 22:37:37 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/41917 C:\$Recycle.Bin\S-1-5-21-1253748911-1903929344-2575876875-1000\$RHO0ACG.exe Niedrig
02.07.2012 01:17:11 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/43293 C:\Documents and Settings\Fenriswolf\Downloads\TeamViewerPortable\TeamViewer.exe Niedrig
02.07.2012 03:48:02 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/49472 C:\Program Files\Java\jre6\bin\java.exe Niedrig
02.07.2012 04:22:02 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/42798 C:\Program Files (x86)\DVD Flick\imgburn\imgburn.exe Niedrig
02.07.2012 04:33:16 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/47333 C:\Program Files (x86)\IrfanView\i_view32.exe Niedrig
02.07.2012 04:33:24 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/49472 C:\Program Files (x86)\Java\jre6\bin\java.exe Niedrig
02.07.2012 04:36:39 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/42798 C:\Program Files (x86)\MajorSilence\DeVeDe\bin\ImgBurn.exe Niedrig
02.07.2012 04:54:44 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/49472 C:\Programme\Java\jre6\bin\java.exe Niedrig
Status: Gelöscht (Ereignisse: 1)
01.07.2012 23:17:57 Gelöscht Trojanisches Programm Trojan-Ransom.Win32.Gimemo.vyp C:\Documents and Settings\Fenriswolf\AppData\Local\Temp\124kkk290347.exe Hoch
Status: Gefunden (Ereignisse: 1)
02.07.2012 15:07:01 Gefunden Trojanisches Programm Trojan-Ransom.Win32.Gimemo.vyp D:\FENRISWOLF-PC\Backup Set 2011-12-02 083425\Backup Files 2012-07-01 214844\Backup files 2.zip/C\Users\Fenriswolf\AppData\Roaming\w6j6rt45jtuhdre5.exe Hoch So und nun hier die Combofix.txt: Code:
ComboFix 12-07-02.01 - Fenriswolf 02.07.2012 17:35:01.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8189.3951 [GMT 2:00]
ausgeführt von:: C:\Users\Fenriswolf\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 ))))))))))))))))))))))))))))))
2012-07-02 13:58:54 . 2012-07-02 13:58:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-02 06:40:52 . 2012-07-02 06:40:52 -------- d-----w- C:\Users\Fenriswolf\AppData\Roaming\Malwarebytes
2012-07-02 06:40:41 . 2012-07-02 06:40:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-02 06:40:39 . 2012-07-02 06:40:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-02 06:40:39 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-01 20:13:39 . 2012-07-01 20:16:58 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-01 20:13:39 . 2012-07-01 20:13:39 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-07-01 19:44:35 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D00E4BF3-8397-47EE-9D0E-00132BE46263}\mpengine.dll
2012-06-25 07:44:03 . 2012-06-25 07:48:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-25 05:24:41 . 2012-06-25 05:24:41 16200 ----a-w- C:\Windows\stinger.sys
2012-06-25 05:23:40 . 2012-06-25 07:07:29 -------- d-----w- C:\Program Files (x86)\stinger
2012-06-24 18:55:30 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-24 18:55:30 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-24 18:55:30 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-24 18:55:30 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-24 18:55:08 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-24 18:55:08 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-24 18:55:08 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-24 18:54:56 . 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-24 18:54:56 . 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-14 07:24:11 . 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-14 07:24:11 . 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-14 07:24:11 . 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-14 07:24:06 . 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-06-14 07:24:04 . 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 07:24:04 . 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 07:24:03 . 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\system32\win32k.sys
2012-06-14 07:24:02 . 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-06-12 08:15:50 . 2012-06-12 08:15:50 -------- d-----w- C:\Users\Fenriswolf\AppData\Local\Macromedia
2012-06-12 08:15:46 . 2012-06-24 19:29:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 11:12:24 . 2012-06-06 11:12:24 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 11:12:24 . 2012-06-06 11:12:24 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) Ok Fehler von mir. Das ist der komplette Bericht: Code:
ComboFix 12-07-02.01 - Fenriswolf 02.07.2012 18:02:49.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8189.6044 [GMT 2:00]
ausgeführt von:: c:\users\Fenriswolf\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 ))))))))))))))))))))))))))))))
.
.
2012-07-02 16:11 . 2012-07-02 16:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-02 16:11 . 2012-07-02 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 13:58 . 2012-07-02 13:58 -------- d-----w- c:\program files (x86)\ESET
2012-07-02 06:40 . 2012-07-02 06:40 -------- d-----w- c:\users\Fenriswolf\AppData\Roaming\Malwarebytes
2012-07-02 06:40 . 2012-07-02 06:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 06:40 . 2012-07-02 06:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 06:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 20:13 . 2012-07-01 20:16 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-01 20:13 . 2012-07-01 20:13 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-07-01 19:44 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D00E4BF3-8397-47EE-9D0E-00132BE46263}\mpengine.dll
2012-06-25 07:44 . 2012-06-25 07:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-25 05:24 . 2012-06-25 05:24 16200 ----a-w- c:\windows\stinger.sys
2012-06-25 05:23 . 2012-06-25 07:07 -------- d-----w- c:\program files (x86)\stinger
2012-06-24 18:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 18:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 18:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 18:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 18:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 18:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 18:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 18:54 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 18:54 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 07:24 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 07:24 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 07:24 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 07:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 07:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 07:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 07:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 08:15 . 2012-06-12 08:15 -------- d-----w- c:\users\Fenriswolf\AppData\Local\Macromedia
2012-06-12 08:15 . 2012-06-24 19:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 11:12 . 2012-06-06 11:12 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 11:12 . 2012-06-06 11:12 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 19:29 . 2011-08-10 13:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-05-25 07:13 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-25 07:13 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-25 07:13 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 07:13 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 07:13 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-25 07:13 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-09 05:57 . 2011-10-18 12:08 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 05:57 . 2011-10-18 12:08 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-18 11:49 . 2012-05-14 17:45 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2011-04-08 2265416]
"ManicTime"="d:\software\Nützliche Tools\ManicTimeUsb (Workflow-Manager)\ManicTime.exe" [2011-10-26 248656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
"Infium"="c:\program files (x86)\jeak.de\QIP 2012 Jeak-Edition\qip.exe" [2012-03-23 7351760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"MagicRotation"="c:\program files (x86)\MagicRotation\MagicRotation\MagicPvt.exe" [2009-09-15 1819648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"basicsmssmenu"="c:\program files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Fenriswolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NCProTray.lnk - c:\program files (x86)\SEC\Natural Color Pro\NCProTray.exe [2011-2-19 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-02-21 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 xhc200w;xhc200w;c:\users\FENRIS~1\AppData\Local\Temp\uPD720200\xhc200w.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 M4-Service;M4-Service;c:\users\Fenriswolf\Downloads\Portable\M4-Service.exe [2011-08-13 1003888]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 ALSysIO;ALSysIO;c:\users\FENRIS~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-02-21 22408]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 19:30]
.
2012-07-02 c:\windows\Tasks\FaxArchive_CN19HDQ283.job
- c:\program files\HP\HP Officejet Pro 8500 A910\bin\FaxArchive.exe [2010-11-16 19:30]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 07:45]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 07:45]
.
2012-07-02 c:\windows\Tasks\QIPdater 2012.job
- c:\program files (x86)\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe [2012-03-27 19:29]
.
2012-07-02 c:\windows\Tasks\qipdater.exe.job
- c:\program files (x86)\jeak.de\QIP 2010\qipdater.exe [2011-07-01 13:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Fenriswolf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Fenriswolf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 83.169.184.225 83.169.184.161
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,18,c9,15,f3,a5,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d7,87,a6,6b,7d,76,4a,b7,15,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d7,87,a6,6b,7d,76,4a,b7,15,8a,\
.
[HKEY_USERS\S-1-5-21-1253748911-1903929344-2575876875-1000\Software\SecuROM\License information*]
"datasecu"=hex:6a,fe,19,74,bc,25,48,29,e1,05,b4,bf,ef,b5,17,a4,75,56,04,72,1d,
8d,ac,1b,e5,9d,07,ad,6f,86,98,61,3c,c0,c3,df,d1,38,25,6a,84,af,47,3f,5f,08,\
"rkeysecu"=hex:09,91,2f,64,89,fb,76,45,05,6f,a5,52,4c,8d,b1,3e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-PNRS-MQX7-YBJ2-KYC5-84DP-JVBGBY1"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
c:\users\Fenriswolf\Downloads\Portable\M4-Capture.exe
c:\program files (x86)\MagicTune Premium\MagicTuneEngine.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-02 18:17:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-02 16:17
.
Vor Suchlauf: 19 Verzeichnis(se), 15.711.637.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 14.681.018.368 Bytes frei
.
- - End Of File - - 77E84970045CB6F50AFCFB4DF4EEBCBD |