mash3010 | 08.10.2012 19:09 | Ging ohne Warnungen usw.
Combofix Logfile: Code:
ComboFix 12-10-08.02 - ******** 08.10.2012 19:57:03.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4086.2760 [GMT 2:00]
ausgeführt von:: c:\users\********\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\programdata\C87E9B68C8.sys
c:\programdata\Roaming
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-08 bis 2012-10-08 ))))))))))))))))))))))))))))))
.
.
2012-10-08 18:02 . 2012-10-08 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 19:55 . 2012-10-07 19:55 -------- d-----w- C:\_OTL
2012-10-06 16:35 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-06 16:34 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F351BEC-947D-4056-A290-61AEB92CCB71}\mpengine.dll
2012-10-06 15:40 . 2012-10-06 15:40 -------- d-----w- c:\program files\7-Zip
2012-10-06 15:28 . 2012-10-06 15:28 -------- d-----r- C:\Sandbox
2012-10-06 15:26 . 2012-10-06 15:26 -------- d-----w- c:\program files\Sandboxie
2012-10-05 17:43 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-05 17:42 . 2012-10-05 17:42 -------- d-----w- c:\program files\iPod
2012-10-05 17:42 . 2012-10-05 17:43 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-05 17:42 . 2012-10-05 17:43 -------- d-----w- c:\program files\iTunes
2012-10-05 17:39 . 2012-10-05 17:39 1409 ----a-w- c:\windows\QTFont.for
2012-10-05 15:54 . 2012-10-05 15:54 -------- d-----w- c:\program files (x86)\T-Online
2012-10-04 18:43 . 2012-10-04 18:43 -------- d-----w- c:\program files (x86)\ESET
2012-10-04 16:37 . 2012-10-04 16:37 -------- d-----w- c:\users\********\AppData\Roaming\Malwarebytes
2012-10-04 16:36 . 2012-10-04 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-04 16:36 . 2012-10-04 16:36 -------- d-----w- c:\programdata\Malwarebytes
2012-10-04 16:36 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 18:49 . 2012-10-04 07:09 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-10-03 18:44 . 2012-10-03 18:46 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-24 20:30 . 2012-09-24 20:30 -------- d-----w- c:\users\********\AppData\Roaming\AVM
2012-09-24 20:28 . 2012-09-24 20:30 -------- d-----w- c:\program files (x86)\FRITZ!Fernzugang einrichten
2012-09-23 14:54 . 2012-09-23 14:54 -------- d--h--w- c:\windows\system32\WLANProfiles
2012-09-23 14:51 . 2012-09-23 14:51 -------- d-----w- c:\users\********\AppData\Roaming\Intel
2012-09-23 14:51 . 2012-09-23 14:51 -------- d-----w- c:\users\Public\Roaming
2012-09-23 14:51 . 2012-09-23 14:51 -------- d-----w- c:\users\********\Roaming
2012-09-23 14:51 . 2012-09-23 14:51 -------- d-----w- c:\users\Default\Roaming
2012-09-23 14:50 . 2012-09-23 14:52 -------- d-----w- c:\program files\Intel
2012-09-23 14:50 . 2012-09-23 14:50 -------- d-----w- c:\programdata\Intel
2012-09-23 14:50 . 2012-09-23 14:50 -------- d-----w- c:\program files\Common Files\Intel
2012-09-23 14:50 . 2012-09-23 14:50 -------- d-----w- c:\program files (x86)\Cisco
2012-09-22 18:37 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-22 18:37 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-22 18:37 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-22 18:37 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-22 18:37 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-22 18:37 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-22 18:37 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 10:54 . 2012-09-09 10:58 -------- d-----w- c:\users\********\AppData\Roaming\UltraVNC
2012-09-09 10:53 . 2012-09-09 10:53 -------- d-----w- c:\program files (x86)\uvnc bvba
2012-09-08 20:16 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-08 19:32 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-09-08 19:32 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-09-08 18:07 . 2012-09-08 18:07 -------- d-----w- c:\users\********\AppData\Roaming\elsterformular
2012-09-08 18:07 . 2012-09-08 18:07 -------- d-----w- c:\programdata\elsterformular
2012-09-08 18:07 . 2012-09-08 18:07 -------- d-----w- c:\program files (x86)\ElsterFormular
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 18:37 . 2012-08-16 06:39 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-08 12:03 . 2012-09-08 12:03 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-08 12:03 . 2012-09-08 12:03 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-06 17:28 . 2012-09-06 17:28 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-06 17:28 . 2012-08-17 18:12 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-06 17:28 . 2012-08-17 18:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 11:01 . 2012-09-06 17:18 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-09-06 17:18 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-19 09:23 . 2012-08-17 17:12 5226 --sha-w- c:\programdata\KGyGaAvL.sys
2012-08-17 16:54 . 2012-08-17 16:54 80896 ----a-r- c:\users\********\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe
2012-08-16 18:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-16 18:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-16 06:54 . 2012-08-16 06:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-08-16 06:54 . 2012-08-16 06:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-16 06:54 . 2012-08-16 06:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-16 06:54 . 2012-08-16 06:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-08-16 06:54 . 2012-08-16 06:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-08-16 06:54 . 2012-08-16 06:54 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-08-16 06:54 . 2012-08-16 06:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-08-16 06:54 . 2012-08-16 06:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-08-16 06:54 . 2012-08-16 06:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-08-16 06:54 . 2012-08-16 06:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-08-16 06:54 . 2012-08-16 06:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-16 06:54 . 2012-08-16 06:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-08-16 06:54 . 2012-08-16 06:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-08-16 06:54 . 2012-08-16 06:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-08-16 06:54 . 2012-08-16 06:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-08-16 06:54 . 2012-08-16 06:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-16 06:54 . 2012-08-16 06:54 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-08-16 06:54 . 2012-08-16 06:54 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-08-16 06:54 . 2012-08-16 06:54 222208 ----a-w- c:\windows\system32\msls31.dll
2012-08-16 06:54 . 2012-08-16 06:54 197120 ----a-w- c:\windows\system32\msrating.dll
2012-08-16 06:54 . 2012-08-16 06:54 149504 ----a-w- c:\windows\system32\occache.dll
2012-08-16 06:54 . 2012-08-16 06:54 12288 ----a-w- c:\windows\system32\mshta.exe
2012-08-16 06:54 . 2012-08-16 06:54 114176 ----a-w- c:\windows\system32\admparse.dll
2012-08-16 06:54 . 2012-08-16 06:54 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-08-16 06:54 . 2012-08-16 06:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-16 06:54 . 2012-08-16 06:54 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-16 06:54 . 2012-08-16 06:54 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-08-16 06:54 . 2012-08-16 06:54 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-08-16 06:54 . 2012-08-16 06:54 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-08-16 06:54 . 2012-08-16 06:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-16 06:54 . 2012-08-16 06:54 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-16 06:54 . 2012-08-16 06:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-16 06:54 . 2012-08-16 06:54 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-08-16 06:54 . 2012-08-16 06:54 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-08-16 06:54 . 2012-08-16 06:54 82432 ----a-w- c:\windows\system32\icardie.dll
2012-08-16 06:54 . 2012-08-16 06:54 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-08-16 06:54 . 2012-08-16 06:54 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-08-16 06:54 . 2012-08-16 06:54 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-08-16 06:54 . 2012-08-16 06:54 448512 ----a-w- c:\windows\system32\html.iec
2012-08-16 06:54 . 2012-08-16 06:54 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-16 06:54 . 2012-08-16 06:54 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-08-16 06:54 . 2012-08-16 06:54 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-08-16 06:54 . 2012-08-16 06:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-16 06:54 . 2012-08-16 06:54 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-08-16 06:54 . 2012-08-16 06:54 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-08-16 06:54 . 2012-08-16 06:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-08-16 06:54 . 2012-08-16 06:54 160256 ----a-w- c:\windows\system32\wextract.exe
2012-08-16 06:54 . 2012-08-16 06:54 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-16 06:54 . 2012-08-16 06:54 103936 ----a-w- c:\windows\system32\inseng.dll
2012-07-18 18:15 . 2012-08-16 06:30 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-06-26 105632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"FineReader7NewsReaderPro"="c:\program files (x86)\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2004-01-19 278528]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Ulead Quick-Drop"="c:\program files (x86)\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-10-27 118784]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Photo Album 6\MediaDetect.exe" [2007-02-21 112208]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-27 81920]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SX Virtual Link.lnk - c:\program files\silex technology\SX Virtual Link\Connect.exe [2012-8-17 437600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-8-23 308640]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1556560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 116648]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 198144]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-03 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys [2005-04-25 26720]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-23 135952]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 88888]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2011-07-21 302904]
S2 uvnc_service;uvnc_service;c:\program files (x86)\uvnc bvba\UltraVnc\winvnc.exe [2012-02-14 2015968]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 3325232]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [2011-04-07 27200]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2011-05-26 29696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NETwLv64; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 64-Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2010-10-07 7533568]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 15208608
*Deregistered* - 15208608
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 19:57]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 19:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.142.253
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\********\AppData\Roaming\Mozilla\Firefox\Profiles\jz5n7wsu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ISUSPM Startup - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
Wow6432Node-HKLM-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:de,eb,19,8a,b1,7c,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,3b,40,5a,72,d2,1f,47,97,57,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,3b,40,5a,72,d2,1f,47,97,57,70,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
Zeit der Fertigstellung: 2012-10-08 20:05:51
ComboFix-quarantined-files.txt 2012-10-08 18:05
.
Vor Suchlauf: 13 Verzeichnis(se), 113.113.997.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 113.363.132.416 Bytes frei
.
- - End Of File - - 61B8F8A78A05E01D626B2BF6BEAF9A46 --- --- ---
Kann man eigentlich bis jetzt schon erkennen ob der Rechner befallen war/ist? |