Studioliner | 19.09.2013 19:06 | Hallo schrauber, sry ich war anders beschäfftigt. ;)
Ist es richtig das beim Installieren dieser Combofix.setup
mehere Toolbars (welche ich deaktiviere zum nicht instalieren)
und SpeedUpMyPc 2013 kommt?
Hab grade beim Neuaufruf deines Linkes gemerkt ..das es mich vorher zu einer dieser Downloadlink adresse führte! **hxxp://www.powerpackmm.com/ds-exe/647/357/setup.exe** so eine hinterhältigkeit!
Sodallah hier die Combofix.log Code:
ComboFix 13-09-19.01 - xxx 19.09.2013 19:35:24.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2256 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\BasicServe
c:\program files (x86)\BasicServe\basicserve.dll
c:\program files (x86)\BasicServe\basicserve.exe
c:\program files (x86)\BasicServe\uninstall.exe
c:\program files (x86)\Common Files\337
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
c:\program files (x86)\PriceGong
c:\program files (x86)\PriceGong\2.6.12\PriceGong.crx
c:\program files (x86)\PriceGong\2.6.12\PriceGongIE.dll
c:\program files (x86)\PriceGong\uninst.exe
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\chrome.manifest
c:\program files (x86)\RelevantKnowledge\components\rlxg.dll
c:\program files (x86)\RelevantKnowledge\firefox\bootstrap.js
c:\program files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files (x86)\RelevantKnowledge\firefox\harness-options.json
c:\program files (x86)\RelevantKnowledge\firefox\install.rdf
c:\program files (x86)\RelevantKnowledge\firefox\locales.json
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\addon\runner.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\base64.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\plain-text.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\traceback.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-proxy.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\thumbnail.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\heritage.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\promise.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\api-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\cortex.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\errors.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\light-traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\list.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\memory.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\observer-service.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\window-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\dom\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\target.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\byte-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\data.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\file.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\text-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\html.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\locale.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\prefs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\lang\functional.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\cuddlefish.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\sandbox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\net\url.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\platform\xpcom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\preferences\service.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\self.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\environment.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\globals.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\runtime.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\unload.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\xul-app.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\common.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\helpers.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\timers.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\url.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\array.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\deprecate.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\list.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\object.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\registry.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\uuid.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\browser.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\dom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\toolkit\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files (x86)\RelevantKnowledge\firefox\rlnx.dll
c:\program files (x86)\RelevantKnowledge\install.rdf
c:\program files (x86)\RelevantKnowledge\nscf.dat
c:\program files (x86)\RelevantKnowledge\readme.txt
c:\program files (x86)\RelevantKnowledge\rlcm.crx
c:\program files (x86)\RelevantKnowledge\rlcm.txt
c:\program files (x86)\RelevantKnowledge\rlls.dl_
c:\program files (x86)\RelevantKnowledge\rlls.dll
c:\program files (x86)\RelevantKnowledge\rlls64.dl_
c:\program files (x86)\RelevantKnowledge\rlls64.dll
c:\program files (x86)\RelevantKnowledge\rloci.bin
c:\program files (x86)\RelevantKnowledge\rlph.dll
c:\program files (x86)\RelevantKnowledge\rlservice.ex_
c:\program files (x86)\RelevantKnowledge\rlservice.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg32.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg64.exe
c:\program files (x86)\RelevantKnowledge\rlxf.dll
c:\program files (x86)\RelevantKnowledge\unins000.dat
c:\program files (x86)\RelevantKnowledge\unins000.exe
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\2c2c363e2e2b3a2d2c3935365f292b_c
c:\programdata\Amazon.ico
c:\programdata\BasicServe
c:\programdata\BasicServe\basicserve112.exe
c:\programdata\BasicServe\basicserve113.exe
c:\programdata\Local Settings\Temp
c:\programdata\MercadoLivre.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\xxx\AppData\Roaming\Ceamu
c:\users\xxxx\AppData\Roaming\Ceamu\owaqo.ame
c:\users\xxx\AppData\Roaming\Hipo
c:\users\xxx\AppData\Roaming\Hipo\muovi.exe
c:\users\xxx\AppData\Roaming\Xawae
c:\users\xxx\AppData\Roaming\Xawae\imel.kir
c:\users\xxx\AppData\Roaming\Xawae\imel.tmp
c:\users\xxx\Desktop\Search.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\klog.dat
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\rlls.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
D:\install.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_RelevantKnowledge
-------\Service_WsysSvc
-------\Service_BasicServe Service
-------\Service_BasicServe Service
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-19 bis 2013-09-19 ))))))))))))))))))))))))))))))
.
.
2013-09-19 17:44 . 2013-09-19 17:47 -------- d-----w- c:\users\xxx\AppData\Roaming\Xawae
2013-09-19 17:43 . 2013-09-19 17:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-19 17:43 . 2013-09-19 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-19 16:43 . 2013-08-16 22:01 859416 ----a-w- c:\windows\system32\rlls64.dll
2013-09-19 16:28 . 2013-09-19 16:28 -------- d-----w- c:\program files (x86)\SimilarSites
2013-09-19 16:28 . 2013-09-19 16:28 -------- d-----w- c:\users\xxx\AppData\Roaming\SimilarSites
2013-09-19 16:28 . 2013-09-19 16:28 -------- d-----w- c:\programdata\eSafe
2013-09-19 16:28 . 2013-09-19 17:46 -------- d-----w- c:\program files (x86)\Desk 365
2013-09-19 16:28 . 2013-09-19 16:28 -------- d-----w- c:\users\xxx\AppData\Roaming\Desk 365
2013-09-19 16:26 . 2013-09-19 16:47 -------- d-----w- c:\program files (x86)\diamondata
2013-09-19 16:23 . 2013-09-19 16:23 -------- d-----w- c:\users\xxx\AppData\Local\Programs
2013-09-14 16:41 . 2013-09-14 16:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-14 16:40 . 2013-09-14 16:40 -------- d-----w- c:\programdata\Oracle
2013-09-14 16:40 . 2013-09-14 16:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-14 01:21 . 2013-09-14 01:21 -------- d-----w- c:\users\xxx\AppData\Local\avgchrome
2013-09-13 18:23 . 2013-09-13 18:23 -------- d-----w- c:\programdata\BitGuard
2013-09-13 16:43 . 2013-09-14 01:32 -------- d-----w- c:\program files\Nightly
2013-09-12 18:50 . 2013-09-12 18:50 -------- d-----w- C:\FRST
2013-09-12 14:08 . 2013-09-12 14:08 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-09-12 14:08 . 2013-09-12 14:08 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-09-12 14:07 . 2013-09-12 14:07 -------- d-----w- c:\programdata\APN
2013-09-03 12:47 . 2013-09-10 17:43 -------- d-----w- c:\users\xxx\AppData\Roaming\Apple Computer
2013-09-03 12:47 . 2013-09-03 12:47 -------- d-----w- c:\users\xxx\AppData\Local\Apple Computer
2013-09-03 12:47 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-09-03 12:46 . 2013-09-03 12:46 -------- d-----w- c:\program files\iPod
2013-09-03 12:46 . 2013-09-03 12:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-03 12:46 . 2013-09-03 12:46 -------- d-----w- c:\program files\iTunes
2013-09-03 12:46 . 2013-09-03 12:46 -------- d-----w- c:\program files (x86)\iTunes
2013-09-03 12:46 . 2013-09-03 12:46 -------- d-----w- c:\programdata\Apple Computer
2013-09-03 12:45 . 2013-09-03 12:45 -------- d-----w- c:\users\xxx\AppData\Local\Apple
2013-09-03 12:45 . 2013-09-03 12:45 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-09-03 12:44 . 2013-09-03 12:44 -------- d-----w- c:\program files\Common Files\Apple
2013-09-03 12:44 . 2013-09-03 12:44 -------- d-----w- c:\program files\Bonjour
2013-09-03 12:44 . 2013-09-03 12:44 -------- d-----w- c:\program files (x86)\Bonjour
2013-09-03 12:44 . 2013-09-03 12:46 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-09-03 12:44 . 2013-09-03 12:45 -------- d-----w- c:\programdata\Apple
2013-08-20 20:31 . 2013-08-20 20:31 0 ----a-w- c:\windows\SysWow64\shoBF67.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 16:40 . 2012-11-13 00:24 868264 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-09-14 16:40 . 2012-01-13 21:23 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-14 16:08 . 2013-05-18 09:03 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-14 16:08 . 2013-05-18 09:02 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-13 16:07 . 2012-06-30 13:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 16:07 . 2011-12-19 17:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-16 13:12 . 2012-01-13 20:00 3623592 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe
2011-09-16 13:12 . 2012-01-13 20:00 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe
2010-01-26 09:11 . 2012-08-27 18:25 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{055af109-de93-4160-bcfc-7da70ecaa020}]
2013-08-31 07:49 149280 ----a-w- c:\program files (x86)\diamondata\diamondataBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19 244328 ----a-w- c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-09 23:32 220632 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-09 23:32 220632 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-09 23:32 220632 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\xxx\AppData\Roaming\ICQM\icq.exe" [2012-12-25 26596344]
"GoogleChromeAutoLaunch_9F44D60518B746A57FDC14E6B604CD24"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Facebook Update"="c:\users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-07 138096]
"Desk 365"="c:\program files (x86)\Desk 365\desk365.exe" [2013-09-19 1011792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-08 336384]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-04 295512]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BitGuard\261673~1.238\{C16C1~1\BitGuard.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update diamondata;Update diamondata;c:\program files (x86)\diamondata\updatediamondata.exe;c:\program files (x86)\diamondata\updatediamondata.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 kf1avs;Kontrol F1 Midi;c:\windows\system32\Drivers\kf1avs.sys;c:\windows\SYSNATIVE\Drivers\kf1avs.sys [x]
R3 kf1usb_svc;Traktor Kontrol F1;c:\windows\system32\Drivers\kf1usb.sys;c:\windows\SYSNATIVE\Drivers\kf1usb.sys [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys;c:\windows\SYSNATIVE\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys;c:\windows\SYSNATIVE\Drivers\kx1usb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 PCDSRVC{3368CD8C-AA86022B-06020101}_0;PCDSRVC{3368CD8C-AA86022B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\nomloz3b9oge\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\admini~1\appdata\local\temp\nomloz3b9oge\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 RL_SPIN2_PLUS;usb-audio.de driver for Reloop Spin 2+;c:\windows\system32\Drivers\rlspinpu.sys;c:\windows\SYSNATIVE\Drivers\rlspinpu.sys [x]
R3 RL_SPIN2_PLUS_WDM;Spin 2+ WDM Audio;c:\windows\system32\drivers\rlspinpa.sys;c:\windows\SYSNATIVE\drivers\rlspinpa.sys [x]
R3 RL_SPIN2_PLUSM;Spin 2+ WDM Midi Device;c:\windows\system32\drivers\rlspinpm.sys;c:\windows\SYSNATIVE\drivers\rlspinpm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ta6avs;Traktor Audio 6 WDM Audio;c:\windows\system32\Drivers\ta6avs.sys;c:\windows\SYSNATIVE\Drivers\ta6avs.sys [x]
R3 ta6usb_svc;Traktor Audio 6;c:\windows\system32\Drivers\ta6usb.sys;c:\windows\SYSNATIVE\Drivers\ta6usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R4 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 desksvc;Desk 365 service;c:\program files (x86)\Desk 365\deskSvc.exe;c:\program files (x86)\Desk 365\deskSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 12:07 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 16:07]
.
2013-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002Core.job
- c:\users\Deejay Ceejay\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07 11:47]
.
2013-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002UA.job
- c:\users\Deejay Ceejay\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07 11:47]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 14:47]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-09 23:32 244696 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-09 23:32 244696 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-09 23:32 244696 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=ST9500325AS_5VEKJE58XXXX5VEKJE58&ts=1379608019
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
mDefault_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=ST9500325AS_5VEKJE58XXXX5VEKJE58&ts=1379608019
mStart Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=ST9500325AS_5VEKJE58XXXX5VEKJE58&ts=1379608019
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0128adfd-282c-0a47-6b0a-46f11b018475&searchtype=ds&q={searchTerms}&installDate=19/09/2013
IE: Free YouTube to MP3 Converter - c:\users\Deejay Ceejay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 62.134.40.59 62.134.40.58
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss_Btisdt4&mntrId=14A3EC55F9707079&affID=123644&tt=150713_new&tsp=4944
FF - ExtSQL: 2013-07-26 22:31; toolbar_AVIRA-V7@apn.ask.com; c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF - ExtSQL: 2013-08-31 09:49; firefox@diamondata.net; c:\users\xxxy\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\extensions\firefox@diamondata.net.xpi
FF - ExtSQL: 2013-09-19 18:23; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF - ExtSQL: 2013-09-19 18:43; {C7AE725D-FA5C-4027-BB4C-787EF9F8248A}; c:\program files (x86)\RelevantKnowledge\firefox
FF - ExtSQL: 2013-09-19 19:03; WebSiteRecommendation@weliketheweb.com; c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\extensions\WebSiteRecommendation@weliketheweb.com
FF - ExtSQL: !HIDDEN! 2013-03-09 06:31; speedanalysis@SpeedAnalysis.com; c:\users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF - ExtSQL: !HIDDEN! 2013-03-09 06:31; statuswinks@StatusWinks; c:\users\xxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 14a3c505000000000000ec55f9707079
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15901
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:17
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123644&tt=150713_new&tsp=4944
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1631550F-191D-4826-B069-D9439253D926} - c:\program files (x86)\PriceGong\2.6.12\PriceGongIE.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKCU-Run-Okgih - c:\users\Deejay Ceejay\AppData\Roaming\Hipo\muovi.exe
Wow6432Node-HKU-Default-Run-microsoft - Ä\services.exe
Wow6432Node-HKLM-Explorer_Run-Windows-Network Component - c:\program files\Common Files\lsmass.exe
Wow6432Node-HKLM-Explorer_Run-microsoft - c:\users\Administrator\AppData\Roaming\services.exe
Wow6432Node-HKLM-Explorer_Run-50437 - c:\progra~3\LOCALS~1\Temp\mskwity.com
Toolbar-Locked - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BasicServe - c:\program files (x86)\BasicServe\uninstall.exe
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
AddRemove-{4FFDD113-2C3C-453E-845C-D5DD6DB90CEF}_is1 - c:\program files (x86)\RelevantKnowledge\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3368CD8C-AA86022B-06020101}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\nomloz3b9oge\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\SimpleFiles\SFUpdater.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-19 19:54:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-09-19 17:54
.
Vor Suchlauf: 9 Verzeichnis(se), 73.246.777.344 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 73.404.338.176 Bytes frei
.
- - End Of File - - 3CEE75CA8B79473A1B3861C4875828E6
habe allerdings mehere male die Ansage "Freeware implementation of Reg.exe" Problem Programm schliessen` gedrückt.
Da kammen noch andere Fehler mit "freeware implementation of ?xcalc.exe" oder so
Vg Studioliner |