Dankeschön, das ging ja fix, so schnell kam ich gar nicht hinterher. :)
Edit: Ups, ich seh grad, ich habs aus dem Download-Ordner und nicht vom Desktop aus gestartet. Soll ichs noch mal wiederholen?
Das wäre das Ergebnis aus dem DL-Ordner: Code:
ComboFix 14-11-10.02 - Martina 10.11.2014 17:07:40.1.4 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.3060.1950 [GMT 1:00]
ausgeführt von:: c:\users\Martina\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
c:\users\Martina\AppData\Roaming\convert\convert.exe
c:\users\Martina\AppData\Roaming\win
c:\windows\IsUn0407.exe
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-10 bis 2014-11-10 ))))))))))))))))))))))))))))))
.
.
2014-11-10 12:12 . 2014-11-10 12:13 -------- d-----w- C:\FRST
2014-11-09 15:03 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78F53255-D273-4137-ADB6-DAA8F7EC7675}\mpengine.dll
2014-11-06 16:12 . 2014-11-06 16:13 -------- d-----w- c:\programdata\jmtqdfu
2014-11-06 10:45 . 2014-11-07 00:59 -------- d--h--w- c:\users\Martina\AppData\Roaming\Update
2014-11-06 10:27 . 2014-11-10 05:24 -------- d--h--w- c:\users\Martina\AppData\Roaming\Office2014
2014-10-29 20:42 . 2014-11-09 14:55 220784 ----a-w- c:\program files\Mozilla Firefox\sandboxbroker.dll
2014-10-16 09:21 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 09:21 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 09:21 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 09:18 . 2014-09-27 23:29 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 06:29 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-16 06:25 . 2014-09-16 16:56 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-16 06:25 . 2014-10-16 06:25 -------- d-----w- c:\program files\Microsoft ASP.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 05:35 . 2012-08-25 07:11 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-09 10:09 . 2014-02-12 16:20 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-09 10:09 . 2014-02-12 16:20 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-09 06:24 . 2014-09-23 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:03 . 2014-08-28 06:58 297984 ----a-w- c:\windows\system32\gdi32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:28 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-10-30 16:56 12184 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-12-20 12240]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-10-30 12184]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-10-30 12184]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"VistaClock"="c:\program files\VistaClock\VistaClock.exe" [2009-08-05 1107456]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2014-10-22 39712]
"Spotify Web Helper"="c:\users\Martina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-11-01 1514040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"office2014-option"="c:\users\Martina\AppData\Roaming\Office2014\office2014-option.exe" [2014-11-10 72704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-06 703736]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-10-08 1942424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 05:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-07-25 13:51 2403104 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-11-01 21:26 6553144 ----a-w- c:\users\Martina\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-11-01 21:26 1514040 ----a-w- c:\users\Martina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 10:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372697004295&tguid=46364-3869-1372697004295-60833DA005C2FA6010B9E3E74F6AF3B1&st=chrome&q=
mStart Page = about:newtab
mSearch Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372697004295&tguid=46364-3869-1372697004295-60833DA005C2FA6010B9E3E74F6AF3B1&st=chrome&q=
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\jzohv0y0.default-1404047067402\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Nvtmru - c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-{0CC15B17-F592-48E6-B442-D74E45ADFC89} - c:\users\Martina\AppData\Local\{3B9E4244-AE27-4207-8933-7DE64045B66D}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-10 17:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{41564952-412D-5637-00A7-7A786E7484D7}"=hex:51,66,7a,6c,4c,1d,38,12,3c,4a,45,
45,1f,0f,59,13,7f,b1,39,38,6b,2a,c0,c3
"{609D670F-B735-4DA7-AC6D-F3BD358E325E}"=hex:51,66,7a,6c,4c,1d,38,12,61,64,8e,
64,07,f9,c9,08,d3,7b,b0,fd,30,d0,76,4a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:38,17,54,d3,a1,f7,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2014-11-10 17:14:35
ComboFix-quarantined-files.txt 2014-11-10 16:14
.
Vor Suchlauf: 8 Verzeichnis(se), 61.547.585.536 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 62.444.425.216 Bytes frei
.
- - End Of File - - 841636508A72FE69C64269A8C301D89F
5C616939100B85E558DA92B899A0FC36
Edit: Ich habs sicherheitshalber noch mal vom Desktop aus gestartet: Code:
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.3060.1640 [GMT 1:00]
ausgeführt von:: c:\users\Martina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-10 bis 2014-11-10 ))))))))))))))))))))))))))))))
.
.
2014-11-10 16:51 . 2014-11-10 16:51 -------- d-----w- c:\users\Martina\AppData\Local\temp
2014-11-10 16:51 . 2014-11-10 16:51 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-11-10 16:51 . 2014-11-10 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-10 12:12 . 2014-11-10 12:13 -------- d-----w- C:\FRST
2014-11-09 15:03 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78F53255-D273-4137-ADB6-DAA8F7EC7675}\mpengine.dll
2014-11-06 16:12 . 2014-11-06 16:13 -------- d-----w- c:\programdata\jmtqdfu
2014-11-06 10:45 . 2014-11-07 00:59 -------- d--h--w- c:\users\Martina\AppData\Roaming\Update
2014-11-06 10:27 . 2014-11-10 05:24 -------- d--h--w- c:\users\Martina\AppData\Roaming\Office2014
2014-10-29 20:42 . 2014-11-09 14:55 220784 ----a-w- c:\program files\Mozilla Firefox\sandboxbroker.dll
2014-10-16 09:21 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 09:21 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 09:21 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 09:18 . 2014-09-27 23:29 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 06:29 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-16 06:25 . 2014-09-16 16:56 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-16 06:25 . 2014-10-16 06:25 -------- d-----w- c:\program files\Microsoft ASP.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 05:35 . 2012-08-25 07:11 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-09 10:09 . 2014-02-12 16:20 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-09 10:09 . 2014-02-12 16:20 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-09 06:24 . 2014-09-23 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:03 . 2014-08-28 06:58 297984 ----a-w- c:\windows\system32\gdi32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:28 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-10-30 16:56 12184 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-12-20 12240]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-10-30 12184]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-10-30 12184]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"VistaClock"="c:\program files\VistaClock\VistaClock.exe" [2009-08-05 1107456]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2014-10-22 39712]
"Spotify Web Helper"="c:\users\Martina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-11-01 1514040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"office2014-option"="c:\users\Martina\AppData\Roaming\Office2014\office2014-option.exe" [2014-11-10 72704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-06 703736]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-10-08 1942424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 05:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-07-25 13:51 2403104 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-11-01 21:26 6553144 ----a-w- c:\users\Martina\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-11-01 21:26 1514040 ----a-w- c:\users\Martina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 10:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372697004295&tguid=46364-3869-1372697004295-60833DA005C2FA6010B9E3E74F6AF3B1&st=chrome&q=
mStart Page = about:newtab
mSearch Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372697004295&tguid=46364-3869-1372697004295-60833DA005C2FA6010B9E3E74F6AF3B1&st=chrome&q=
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\jzohv0y0.default-1404047067402\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-10 17:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{41564952-412D-5637-00A7-7A786E7484D7}"=hex:51,66,7a,6c,4c,1d,38,12,3c,4a,45,
45,1f,0f,59,13,7f,b1,39,38,6b,2a,c0,c3
"{609D670F-B735-4DA7-AC6D-F3BD358E325E}"=hex:51,66,7a,6c,4c,1d,38,12,61,64,8e,
64,07,f9,c9,08,d3,7b,b0,fd,30,d0,76,4a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:38,17,54,d3,a1,f7,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2014-11-10 17:52:54
ComboFix-quarantined-files.txt 2014-11-10 16:52
ComboFix2.txt 2014-11-10 16:14
.
Vor Suchlauf: 11 Verzeichnis(se), 62.146.392.064 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 62.119.878.656 Bytes frei
.
- - End Of File - - 2CBEFC34123BCA8BC761586D3010D11F
5C616939100B85E558DA92B899A0FC36 |