Hallo - hat alles geklappt - die runtimes waren ziemlich lang.
Anbei das Combofix.log Code:
Combofix Logfile:
Code:
ComboFix 13-12-13.01 - norbert 16/12/2013 8:46.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.662 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\norbert\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\julia\WINDOWS
c:\dokumente und einstellungen\Metin\WINDOWS
c:\dokumente und einstellungen\norbert\Anwendungsdaten\Desktopicon
c:\dokumente und einstellungen\norbert\WINDOWS
c:\dokumente und einstellungen\sabine\WINDOWS
c:\dokumente und einstellungen\Simon.SABINE-PC\WINDOWS
c:\dokumente und einstellungen\simon\WINDOWS
c:\programme\Savings Hero
c:\programme\Savings Hero\AppFramework\appAPI_bg.js
c:\programme\Savings Hero\AppFramework\appAPI_browseraction.js
c:\programme\Savings Hero\AppFramework\appAPI_common.js
c:\programme\Savings Hero\AppFramework\appAPI_content.js
c:\programme\Savings Hero\AppFramework\appAPI_webrequest.js
c:\programme\Savings Hero\AppFramework\jquery.min.js
c:\programme\Savings Hero\background.html
c:\programme\Savings Hero\CanvasFramework\canvas_bg.js
c:\programme\Savings Hero\CanvasFramework\canvasscript_engine.js
c:\programme\Savings Hero\CanvasFramework\md5.js
c:\programme\Savings Hero\CanvasFramework\registry.js
c:\programme\Savings Hero\CanvasFramework\webrequest.js
c:\programme\Savings Hero\config.xml
c:\programme\Savings Hero\extension_info.json
c:\programme\Savings Hero\framework-ui\browser_button.js
c:\programme\Savings Hero\framework-ui\context_menu.js
c:\programme\Savings Hero\framework-ui\context_menu_item_handler.html
c:\programme\Savings Hero\framework-ui\framework_api.js
c:\programme\Savings Hero\framework-ui\notification.html
c:\programme\Savings Hero\framework-ui\notifications.js
c:\programme\Savings Hero\framework-ui\options.js
c:\programme\Savings Hero\framework-ui\theme\bubble\bottom-left.png
c:\programme\Savings Hero\framework-ui\theme\bubble\bottom-middle.png
c:\programme\Savings Hero\framework-ui\theme\bubble\bottom-right.png
c:\programme\Savings Hero\framework-ui\theme\bubble\middle-left.png
c:\programme\Savings Hero\framework-ui\theme\bubble\middle-right.png
c:\programme\Savings Hero\framework-ui\theme\bubble\tail-bottom.png
c:\programme\Savings Hero\framework-ui\theme\bubble\tail-left.png
c:\programme\Savings Hero\framework-ui\theme\bubble\tail-right.png
c:\programme\Savings Hero\framework-ui\theme\bubble\tail-top.png
c:\programme\Savings Hero\framework-ui\theme\bubble\top-left.png
c:\programme\Savings Hero\framework-ui\theme\bubble\top-middle.png
c:\programme\Savings Hero\framework-ui\theme\bubble\top-right.png
c:\programme\Savings Hero\framework-ui\ui_base.js
c:\programme\Savings Hero\framework\backgroundscript_engine.js
c:\programme\Savings Hero\framework\base.js
c:\programme\Savings Hero\framework\browser.js
c:\programme\Savings Hero\framework\console.js
c:\programme\Savings Hero\framework\framework.js
c:\programme\Savings Hero\framework\global.js
c:\programme\Savings Hero\framework\i18n.js
c:\programme\Savings Hero\framework\initialize.js
c:\programme\Savings Hero\framework\invoke_async.js
c:\programme\Savings Hero\framework\io.js
c:\programme\Savings Hero\framework\json2.js
c:\programme\Savings Hero\framework\lang.js
c:\programme\Savings Hero\framework\legacy.js
c:\programme\Savings Hero\framework\message_target.js
c:\programme\Savings Hero\framework\messaging.js
c:\programme\Savings Hero\framework\storage.js
c:\programme\Savings Hero\framework\timer.js
c:\programme\Savings Hero\framework\updater.js
c:\programme\Savings Hero\framework\userscript_client.js
c:\programme\Savings Hero\framework\userscript_engine.js
c:\programme\Savings Hero\framework\utils.js
c:\programme\Savings Hero\framework\xhr.js
c:\programme\Savings Hero\FrameworkBHO.dll
c:\programme\Savings Hero\FrameworkBHO64.dll
c:\programme\Savings Hero\FrameworkEngine.exe
c:\programme\Savings Hero\icon.ico
c:\programme\Savings Hero\icons\button.png
c:\programme\Savings Hero\icons\icon100.png
c:\programme\Savings Hero\icons\icon128.png
c:\programme\Savings Hero\icons\icon32.png
c:\programme\Savings Hero\icons\icon48.png
c:\windows\IsUn0407.exe
c:\windows\system32\Bank.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SETBB.tmp
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-16 bis 2013-12-16 ))))))))))))))))))))))))))))))
.
.
2013-12-14 19:05 . 2013-12-14 19:05 -------- d-----w- C:\FRST
2013-12-14 18:46 . 2013-12-14 18:46 -------- d-----w- c:\dokumente und einstellungen\norbert\AppData
2013-12-14 18:46 . 2013-12-14 18:46 -------- d-----w- c:\dokumente und einstellungen\norbert\Anwendungsdaten\Delta
2013-12-14 18:46 . 2013-12-14 18:54 -------- d-----w- c:\dokumente und einstellungen\norbert\Anwendungsdaten\{B1360D0F-6195-4C5D-9C25-B2BDC51BED87}
2013-12-14 18:46 . 2013-12-14 18:48 -------- d-----w- c:\dokumente und einstellungen\norbert\Anwendungsdaten\Minibar
2013-12-01 14:53 . 2013-12-15 21:47 -------- d-----w- c:\programme\Bench
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 07:23 . 2005-01-27 08:31 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2013-12-05 16:22 . 2013-04-09 18:32 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-29 13:59 . 2013-04-09 18:32 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-29 13:59 . 2013-04-09 18:32 137208 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-13 02:59 . 2005-01-27 03:59 150528 ------w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2005-01-27 03:59 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 05:25 8192 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2005-01-27 03:59 1879168 ------w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2005-01-27 03:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2005-01-27 03:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2005-01-27 03:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2005-01-27 03:59 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2005-01-27 03:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2005-01-27 03:59 172032 ------w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2005-01-27 03:59 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2005-01-27 03:59 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2005-01-27 03:59 608256 ----a-w- c:\windows\system32\crypt32.dll
2012-10-24 17:50 . 2012-10-28 11:35 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"Keyboard Status"="c:\progra~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 411648]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"TrayServer"="c:\programme\MAGIX\Video_deluxe_2007_2008\TrayServer.exe" [2007-03-29 90112]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-11-29 683576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ISDN Guard.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ISDN Guard.lnk
backup=c:\windows\pss\ISDN Guard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^officejet 6100.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^phase-6 Reminder.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\phase-6 Reminder.lnk
backup=c:\windows\pss\phase-6 Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2013-11-29 13:59 683576 ----a-w- c:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
2004-07-20 17:18 90112 ----a-w- c:\windows\Dit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 06:32 421160 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-12-09 14:38 1937408 ----a-w- c:\programme\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\dokumente und einstellungen\norbert\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-19 15:36 127118 ------w- c:\programme\Home Cinema\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Savings Hero-repairJob]
2008-05-08 11:24 155648 ------w- c:\windows\system32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42 20584608 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spup]
2013-07-10 11:19 197664 ----a-w- c:\dokumente und einstellungen\Metin\Anwendungsdaten\ShinyProfile\spup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-18 18:32 68856 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- c:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\agfeo\\Tk-Suite-Basic\\tkserver\\tkmedia.exe"=
"c:\\Programme\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"c:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\game.dat"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Programme\\Motorola\\Software Update\\msu.exe"=
"c:\\Programme\\Metin2\\metin2client.bin"=
"c:\\Dokumente und Einstellungen\\Metin\\Desktop\\Hardcore RELOADED\\metin2client.bin"=
"c:\\Dokumente und Einstellungen\\Metin\\Desktop\\Hardcore RELOADED\\.Hardcore RELOADED.exe"=
"c:\\Programme\\Black-Dragon\\data\\lib\\rtc.pyc"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57722:TCP"= 57722:TCP:Pando Media Booster
"57722:UDP"= 57722:UDP:Pando Media Booster
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09/04/2013 19:32 37352]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [10/10/2007 13:25 110304]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09/04/2013 19:32 440376]
R2 MotoHelper;MotoHelper Service;c:\programme\Motorola\MotoHelper\MotoHelperService.exe [06/12/2011 22:00 214896]
R2 UsbClientService;UsbClientService;c:\programme\Synology\Assistant\UsbClientService.exe [18/02/2011 07:18 245760]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [14/02/2005 19:51 1242976]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [18/02/2011 07:20 46304]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [27/01/2005 07:37 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [27/01/2005 09:37 19928]
S2 agfucapi;AGFEO ISDN PC-Adapter;c:\windows\system32\drivers\AGFUCAPI.sys [21/08/2007 08:52 268544]
S2 agfwmp;AGFEO NDISWAN Miniport Driver;c:\windows\system32\drivers\AGFWMP.sys [18/07/2003 11:26 70144]
S2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [02/06/2013 19:27 418376]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2011 12:04 701512]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [23/10/2013 08:15 172192]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [27/01/2005 09:31 17408]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [17/08/2011 02:53 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [17/08/2011 02:53 8456]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [03/01/2007 21:38 1527900]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 12:03 22856]
S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [10/10/2007 13:21 544768]
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-05-02 c:\windows\Tasks\FRU Task 2004-06-17 01:06ewlett-Packard2004-06-17 01:06p officejet 6100 seriesD66655067F78228D3716D2BFC2C61DA319188DBF298215566.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 17:06]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-01 18:34]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-01 18:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi-sued.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.de/static/download/pixacodndupload.cab
FF - ProfilePath - c:\dokumente und einstellungen\norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\ip0r1qjl.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=YahooAM&dpid=YahooAM&co=DE&userid=002bd247-61c4-e979-be12-d9b425a5faad&searchtype=hp&fr=linkury-tb&installDate=01/12/2013&type=hp4000
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=YahooAM&dpid=YahooAM&co=DE&userid=002bd247-61c4-e979-be12-d9b425a5faad&searchtype=ds&fr=linkury-tb&installDate=01/12/2013&type=hp4000&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{B1360D0F-6195-4C5D-9C25-B2BDC51BED87} - c:\programme\Savings Hero\FrameworkBHO.dll
Toolbar-10 - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
SafeBoot-klmdb.sys
MSConfigStartUp-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-AGFINSTALL - c:\windows\agfclean
AddRemove-DealPly - c:\programme\DealPly\uninst.exe
AddRemove-Janoschs neue Tigerschule - c:\windows\IsUn0407.exe
AddRemove-KeyStat - c:\windows\unin0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1 - c:\programme\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-12-16 09:19
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3985226917-4024911202-509346906-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3985226917-4024911202-509346906-1008\Software\SecuROM\License information*]
"datasecu"=hex:55,8e,a7,65,62,0e,1d,f1,e9,1b,f1,22,ad,e8,18,76,a7,2b,d8,7c,75,
bf,a5,e2,11,0a,88,e2,3a,db,5c,d8,1e,38,fb,c0,fa,40,b0,d5,4d,32,54,e2,43,17,\
"rkeysecu"=hex:dd,2d,73,33,aa,cb,ca,da,ee,99,d0,b4,df,86,0c,36
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Zeit der Fertigstellung: 2013-12-16 09:25:53
ComboFix-quarantined-files.txt 2013-12-16 08:25
.
Vor Suchlauf: 26 Verzeichnis(se), 77,180,956,672 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 82,580,811,776 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A8F5EAB5E2B0DFE7E56F285F5DBB2374 --- --- ---
671B81004FDD1588FA9ED1331C9CECA9 |