Nobodykillah | 13.09.2013 21:09 | Hat geklappt :) Code:
ComboFix 13-09-13.01 - Jenny 13.09.2013 21:52:51.3.2 - x86 MINIMAL
ausgeführt von:: c:\users\Jenny\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jenny\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Jenny\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Jenny\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\2sx7i702.default\extensions\pricepeep@getpricepeep.com.xpi
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-13 bis 2013-09-13 ))))))))))))))))))))))))))))))
.
.
2013-09-13 20:00 . 2013-09-13 20:00 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2013-09-13 20:00 . 2013-09-13 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 10:14 . 2013-09-12 10:14 -------- d-----w- C:\FRST
2013-09-12 09:59 . 2013-09-12 09:59 -------- d-----w- c:\users\Jenny\AppData\Local\avgchrome
2013-09-12 09:58 . 2013-09-12 09:58 -------- d-----w- c:\programdata\BitGuard
2013-09-12 09:58 . 2013-09-12 09:58 -------- d-----w- c:\users\Jenny\AppData\Roaming\BabSolution
2013-09-12 09:58 . 2013-09-12 09:58 -------- d-----w- c:\users\Jenny\AppData\Roaming\DSite
2013-09-10 16:50 . 2013-09-10 16:58 -------- d-----w- c:\programdata\POIbase
2013-09-10 16:50 . 2013-09-10 16:52 -------- d-----w- c:\program files\POIbase
2013-09-09 16:57 . 2013-09-09 16:59 -------- d-----w- c:\program files\Garmin
2013-09-09 16:57 . 2013-09-09 17:00 -------- d-----w- c:\users\Jenny\AppData\Roaming\Garmin
2013-09-08 10:25 . 2013-09-08 10:25 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2013-09-08 10:25 . 2013-09-08 10:25 -------- d-----w- c:\programdata\Malwarebytes
2013-09-08 10:25 . 2013-09-08 10:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-08 10:25 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-04 14:50 . 2013-09-04 14:50 -------- d-----w- c:\program files\Tor
2013-08-28 15:43 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-17 10:14 . 2013-08-17 10:20 -------- d-----w- c:\windows\system32\MRT
2013-08-15 13:16 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-15 13:16 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 13:16 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 13:15 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 13:15 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 13:15 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 13:15 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 13:15 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 13:15 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 13:15 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 13:15 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 13:15 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 12:13 . 2013-07-18 16:42 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-05 12:13 . 2013-04-10 13:22 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-07-18 16:41 . 2013-07-18 16:42 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-06-25 16:06 . 2013-06-25 16:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 16:06 . 2013-04-18 18:48 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 16:06 . 2010-05-01 10:54 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06 2355224 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Jenny\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\users\Jenny\Program Files\DNA\btdna.exe" [2010-02-21 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Facebook Update"="c:\users\Jenny\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Yontoo Desktop"="c:\users\Jenny\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-05-01 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-21 7420448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-21 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-25 886760]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BitGuard\261673~1.238\{C16C1~1\BitGuard.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-08 09:58 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-11 19:30 114176 ----a-w- c:\windows\System32\advpack.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-12 c:\windows\Tasks\EPUpdater.job
- c:\users\Jenny\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-09-12 14:00]
.
2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2270810218-2394552768-2579885175-1000Core.job
- c:\users\Jenny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 18:14]
.
2013-07-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2270810218-2394552768-2579885175-1000UA.job
- c:\users\Jenny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 18:14]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 16:09]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 16:09]
.
2013-07-29 c:\windows\Tasks\LyricsContainer Update.job
- c:\program files\LyricsContainer\LrcsCtrUpdr.exe [2013-07-27 21:42]
.
2013-07-29 c:\windows\Tasks\Plus-HD-1.6-chromeinstaller.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-29 18:50]
.
2013-07-29 c:\windows\Tasks\Plus-HD-1.6-codedownloader.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-29 18:50]
.
2013-07-29 c:\windows\Tasks\Plus-HD-1.6-enabler.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-29 18:50]
.
2013-07-29 c:\windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe [2013-07-29 18:50]
.
2013-07-29 c:\windows\Tasks\Plus-HD-1.6-updater.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-29 18:50]
.
2013-07-18 c:\windows\Tasks\ReclaimerUpdateFiles_Jenny.job
- c:\users\Jenny\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-07-17 14:36]
.
2013-07-18 c:\windows\Tasks\ReclaimerUpdateXML_Jenny.job
- c:\users\Jenny\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-07-17 14:36]
.
2013-07-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Jenny.job
- c:\users\Jenny\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-07-17 14:36]
.
2013-07-18 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
- c:\program files\TuneUp Utilities 2013\OneClick.exe [2013-01-28 12:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=4C050C607638E815&affID=119357&tsp=5003
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\2sx7i702.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=4C050C607638E815&affID=119357&tsp=5003
FF - ExtSQL: 2013-07-29 20:49; Lyrics@LyricsContainer.co; c:\program files\LyricsContainer\125.xpi
FF - ExtSQL: 2013-07-29 20:50; 6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com; c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\2sx7i702.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extentions.y2layers.installId - 65fbf219-03c5-4572-b8c4-b6fda9c71e6a
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,brain/default2,easyinline/dock,superfish,superfishgoogleeil,yontooinstalled,yontoonewoffers,dropdowndeals);user_pref(extensions.autoDisableScopes, 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 4c056c2a0000000000000c607638e815
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15960
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.611:58
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=5003
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EF2D6E36-5C05-4F40-B861-9E909B5BAE09} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-1ClickDownload - c:\program files\FTDownloader.com\uninst.exe
AddRemove-PricePeep - c:\program files\PricePeep\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-13 22:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Jenny\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"=hex:51,66,7a,6c,4c,1d,38,12,a8,1d,82,
ed,fe,55,de,05,e6,85,a3,ae,a2,a8,d1,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EF2D6E36-5C05-4F40-B861-9E909B5BAE09}"=hex:51,66,7a,6c,4c,1d,38,12,58,6d,3e,
eb,37,12,2e,0a,c7,77,dd,d0,9e,05,ea,1d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f0,b2,84,4f,d5,f9,cb,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-09-13 22:02:33
ComboFix-quarantined-files.txt 2013-09-13 20:02
.
Vor Suchlauf: 9 Verzeichnis(se), 43.158.790.144 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.009.773.568 Bytes frei
.
- - End Of File - - 3BC457B43E471385AA5C4F747EBE6F84
61A349592C4728853F4A90FF78F7628E |