Zitat:
Zitat von schrauber
(Beitrag 1185742)
hi, Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop- Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
starte den Rechner einfach neu. Dies sollte das Problem beheben.
| Hallo,
danke für die schnelle Reaktion.
Combofix meckerte, weil angeblich AVIRA noch immer laufen würde, aber ich konnte Task-Manager -> Dienst -> avgnt.exe -> Process beenden nicht ausführen: Code:
Der Vorgang konnte nicht beendet werden.
Zugriff verweigert.
Wie deaktiviert man denn AVIRA überhaupt? Ich habe einfach weiter gemacht. Code:
ComboFix 13-11-01.01 - Familie 01.11.2013 13:45:35.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1896 [GMT 1:00]
ausgeführt von:: c:\users\Familie\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9541985.pad
c:\programdata\fodiwj.pad
c:\programdata\r4got.pad
c:\users\Familie\AppData\Roaming\AcroIEHelpe.txt
c:\users\Familie\AppData\Roaming\Beuwi
c:\users\Familie\AppData\Roaming\Beuwi\epez.alu
c:\users\Familie\AppData\Roaming\Dysuu
c:\users\Familie\AppData\Roaming\Dysuu\dyib.asg
c:\users\Familie\AppData\Roaming\Dysuu\dyib.tmp
c:\users\Familie\AppData\Roaming\Fugaor
c:\users\Familie\AppData\Roaming\Fugaor\unrox.wae
c:\users\Familie\AppData\Roaming\Luig
c:\users\Familie\AppData\Roaming\Luig\ewsey.gup
c:\users\Familie\AppData\Roaming\nettor
c:\users\Familie\AppData\Roaming\nettor\xmlmon.exe
c:\users\Familie\AppData\Roaming\srvblck2.tmp
c:\windows\~GLH0000.TMP
c:\windows\IsUn0407.exe
c:\windows\system32\tmp44DC.tmp
c:\windows\system32\tmp45E6.tmp
c:\windows\system32\tmpB71F.tmp
c:\windows\system32\tmpB76E.tmp
c:\windows\system32\tmpF6A2.tmp
c:\windows\system32\tmpF73F.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-01 bis 2013-11-01 ))))))))))))))))))))))))))))))
.
.
2013-11-01 12:56 . 2013-11-01 13:00 -------- d-----w- c:\users\Familie\AppData\Local\temp
2013-11-01 12:56 . 2013-11-01 12:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-01 12:56 . 2013-11-01 12:56 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2013-11-01 12:56 . 2013-11-01 12:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-01 12:56 . 2013-11-01 12:56 -------- d-----w- c:\users\Chris\AppData\Local\temp
2013-11-01 12:56 . 2013-11-01 12:56 -------- d-----w- c:\users\Anne\AppData\Local\temp
2013-11-01 11:11 . 2013-11-01 11:11 -------- d-----w- c:\program files\VS Revo Group
2013-11-01 09:15 . 2013-11-01 09:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-31 21:41 . 2013-10-31 21:41 -------- d-----w- C:\FRST
2013-10-31 18:26 . 2013-10-31 18:26 -------- d-----w- c:\program files\iPod
2013-10-31 18:26 . 2013-10-31 18:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-31 18:26 . 2013-10-31 18:27 -------- d-----w- c:\program files\iTunes
2013-10-31 18:04 . 2013-10-31 18:04 -------- d-----w- c:\programdata\APN
2013-10-31 18:02 . 2013-10-31 18:02 -------- d-----w- c:\programdata\Oracle
2013-10-31 18:01 . 2013-10-31 18:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-31 17:00 . 2013-10-31 17:00 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-10-31 17:00 . 2013-10-31 17:00 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-10-31 17:00 . 2013-10-31 17:00 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-10-31 17:00 . 2013-10-31 17:00 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-10-31 17:00 . 2013-10-31 17:00 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-10-31 16:59 . 2013-10-31 17:00 -------- d-----w- c:\program files\QuickTime
2013-10-31 16:52 . 2013-10-31 16:52 -------- d-----w- c:\windows\system32\Adobe
2013-10-31 16:24 . 2013-10-31 16:24 -------- d-----w- c:\users\Familie\AppData\Roaming\addpcs
2013-10-31 16:24 . 2013-10-31 16:24 -------- d-----w- c:\program files\Temp File Cleaner
2013-10-31 16:21 . 2013-10-31 16:21 -------- d-----w- c:\users\Familie\AppData\Local\Secunia PSI
2013-10-31 16:21 . 2013-10-31 16:21 -------- d-----w- c:\program files\Secunia
2013-10-31 16:15 . 2013-09-20 09:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-10-31 16:15 . 2013-10-31 17:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-31 16:15 . 2013-10-31 16:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-31 16:09 . 2013-10-31 16:15 -------- d-----w- c:\windows\system32\MRT
2013-10-14 10:04 . 2013-10-14 10:04 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-10-12 11:23 . 2013-10-12 11:23 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX
2013-10-12 11:22 . 2013-10-12 11:22 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2013-10-12 11:15 . 2013-10-12 11:15 -------- d-----w- c:\programdata\Canon IJ Network Tool
2013-10-12 11:15 . 2013-10-12 11:15 -------- d-----w- c:\windows\medias
2013-10-12 10:53 . 2013-11-01 09:06 -------- d-----w- c:\programdata\CanonIJPLM
2013-10-07 10:07 . 2013-10-07 10:07 -------- d-----w- c:\users\Anne\AppData\Local\LogMeIn
2013-10-02 13:05 . 2013-10-02 13:05 -------- d-----w- c:\users\Familie\AppData\Local\LogMeIn
2013-10-02 13:05 . 2013-10-02 13:05 -------- d-----w- c:\programdata\LogMeIn
2013-10-02 13:01 . 2013-10-02 13:01 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:16 . 2012-07-26 18:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:16 . 2011-05-18 14:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 10:12 . 2013-09-13 20:23 89376 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-10-07 10:12 . 2013-09-13 20:23 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-10-07 10:12 . 2013-09-13 20:23 137208 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-10 23:00 . 2013-10-31 16:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Familie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Familie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Familie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2010-05-11 3365176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-09 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-19 152392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-07 681032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Familie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ClipMate5.lnk]
path=c:\users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipMate5.lnk
backup=c:\windows\pss\ClipMate5.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Familie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EditPad Lite.lnk]
path=c:\users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EditPad Lite.lnk
backup=c:\windows\pss\EditPad Lite.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-22 19:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-24 11:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-19 04:31 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2010-05-11 02:35 3365176 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 13:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-31 09:01 3970848 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-01-31 09:00 108832 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29 729088 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-12-13 10:55 2984856 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2007-12-07 11:23 233472 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 11:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2007-12-07 11:23 131072 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-09 15:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-18 16:14 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-01 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-09-09 13:04]
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 19:16]
.
2013-11-01 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
2013-11-01 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-31 09:57]
.
2013-11-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-09 11:54]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 13:22]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 13:22]
.
2013-10-31 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-31 09:49]
.
2013-10-31 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-31 09:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.startpage.com/deu/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
uInternet Settings,ProxyOverride = *.t-online.de;localhost;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\ptz896zb.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/deu
FF - ExtSQL: 2013-10-31 17:02; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\ptz896zb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\ptz896zb.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-VistaStartMenu - c:\program files\Vista Start Menu\VistaStartMenu.exe
AddRemove-IECT3306060 - c:\programdata\Conduit\IE\CT3306060\UninstallerUI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-11-01 14:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-765362131-1424477460-4068555651-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,12,99,eb,fc,bb,a6,9f,5d,1f,ed,40,4a,02,bf,76,38,88,6c,4f,8c,ce,82,
a8,3a,0d,dc,9b,d1,11,ae,18,5c,13,b0,1f,a4,74,6e,05,bf,0d,63,c8,f7,3c,06,71,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-765362131-1424477460-4068555651-1001\Software\SecuROM\License information*]
"datasecu"=hex:0c,43,81,f1,5a,ac,1b,e8,c3,0f,85,57,8b,c1,a8,47,db,34,0c,34,fc,
90,86,2c,65,b4,73,37,43,23,ca,a9,b9,a3,96,1e,57,bd,44,af,ef,33,7f,bf,4e,fd,\
"rkeysecu"=hex:48,b3,c7,bf,af,0b,63,46,49,ec,f3,3f,a8,32,35,7c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(488)
c:\users\Familie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dgdersvc.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\windows\system32\FsUsbExService.Exe
c:\hp\HPEZBTN\HPBtnSrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\System32\tcpsvcs.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\windows\System32\WUDFHost.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\msfeedssync.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-01 14:08:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-11-01 13:07
.
Vor Suchlauf: 15 Verzeichnis(se), 301.660.450.816 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 301.493.215.232 Bytes frei
.
- - End Of File - - 5D84A1D059336061A8D2551B9A23227C
8913823FF508CCF109DB74B636C301DA
Gruß
Ch. Hanisch |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Lesestoff:
