Trojaner-Board - Trotz Antivira blockiert ein TR/ATRAPS.Gen2 den Rechner und lässt sich auch nicht in Qarantäne setzen

Leider kann ich die Code tags nicht setzen:
Combofix Logfile:

Code:

ComboFix 13-05-22.01 - shikha 22.05.2013  18:10:33.1.2 - x64

ausgeführt von:: c:\users\shikha\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\shikha\4.0

c:\users\shikha\AppData\Roaming\Ozxuu

c:\users\shikha\AppData\Roaming\Ozxuu\oveba.exe

c:\users\shikha\g2ax_customer_downloadhelper_win32_x86.exe

c:\users\shikha\GoToAssistDownloadHelper.exe

c:\windows\IsUn0407.exe

D:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-04-22 bis 2013-05-22  ))))))))))))))))))))))))))))))

.

.

2013-05-22 16:18 . 2013-05-22 16:18        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-05-22 16:18 . 2013-05-22 16:18        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-05-14 08:33 . 2013-05-21 15:43        --------        d-----w-        c:\users\shikha\AppData\Roaming\Olvys

2013-05-14 08:33 . 2013-05-14 08:33        --------        d-----w-        c:\users\shikha\AppData\Roaming\Wiocx

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-08 13:44 . 2013-04-08 13:42        1395        ----a-w-        c:\windows\system32\drivers\etc 1\hosts.tmp

2013-04-04 12:50 . 2013-04-12 08:44        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-04-03 14:22 . 2013-04-03 12:32        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-03 14:22 . 2013-04-03 12:32        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-15 09:33 . 2006-11-02 12:35        72013344        ----a-w-        c:\windows\system32\mrt.exe

2013-03-06 13:13 . 2013-04-11 16:36        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-02-26 13:56 . 2013-04-11 16:36        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-02-26 13:56 . 2013-04-11 16:36        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38        121392        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-29 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]

"Sabre OADP Util"="d:\sabre\Apps\OADP\OADPUtil.exe" [2009-07-08 528448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\browse~1\261249~1.132\{16cdf~1\browse~1.dll c:\progra~3\browse~1\261249~1.132\{16cdf~1\browsemngr.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

mfnqlu

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03 14:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:39        51248        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-25 6150656]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-04 560688]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 333344]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.web.de/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: agentware.net

Trusted Zone: akamaiedge.net

Trusted Zone: cibt.com

Trusted Zone: etraveladisories.com

Trusted Zone: getthere.com

Trusted Zone: merlin.com

Trusted Zone: merlinx2.de

Trusted Zone: midoffice.sabre-merlin.com

Trusted Zone: mysabremerlin.de

Trusted Zone: onthesnow.com

Trusted Zone: pathlore.net

Trusted Zone: portpromotions.com

Trusted Zone: sabre.com

Trusted Zone: sabre.com\eservices

Trusted Zone: sabreconsolidator.com

Trusted Zone: softvoyage.com

Trusted Zone: theluggageclub.com

Trusted Zone: travelpn.com

Trusted Zone: travisa.com

Trusted Zone: vacationstudio.net

Trusted Zone: vaxvacationaccess.com

Trusted Zone: virtuallythere.com

Trusted Zone: vtitin.com

Trusted Zone: wcities.com

Trusted Zone: wctravel.com

Trusted Zone: wellwishers.com

Trusted Zone: whatsonwhen.com

Trusted Zone: worktopia.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

Wow6432Node-HKCU-Run-noknovy - (no file)

Wow6432Node-HKCU-Run-Ecegveu - c:\users\shikha\AppData\Roaming\Ozxuu\oveba.exe

Wow6432Node-HKLM-Run-eRecoveryService - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Notify-noknovy - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-MySabre - c:\windows\ISUN0407.EXE

AddRemove-Open Systems Client - c:\windows\ISUN0407.EXE

AddRemove-Sabre Device Manager - c:\windows\ISUN0407.EXE

AddRemove-Sabre VPN - c:\windows\system32\javaws.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\programdata\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

c:\windows\SysWOW64\CfgSrvc.exe

c:\windows\SysWOW64\schtasks.exe

c:\programdata\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

c:\windows\SDMan.EXE

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

d:\sabre\Apps\OADP\Oadp.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-05-22  18:26:40 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-05-22 16:26

.

Vor Suchlauf: 16 Verzeichnis(se), 266.103.726.080 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 266.776.547.328 Bytes frei

.

- - End Of File - - 7CC798B738609BB4B26202E39140F33A

--- --- ---

Tag habe ich gepostet R/ATRAPS.Gen2 ist lt. Virenscanner Avira weiterhin im System vorhanden.Gruss

1. Logdatei von ADWARE:AdwCleaner Logfile:

Code:

# AdwCleaner v2.301 - Datei am 25/05/2013 um 14:08:16 erstellt

# Aktualisiert am 16/05/2013 von Xplode

# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)

# Benutzer : shikha - SHIKHA-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\shikha\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 

Gefunden : BrowserProtect
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\user.js

Ordner Gefunden : C:\Program Files (x86)\DealPly

Ordner Gefunden : C:\Program Files (x86)\Delta

Ordner Gefunden : C:\ProgramData\AVG Security Toolbar

Ordner Gefunden : C:\ProgramData\Babylon

Ordner Gefunden : C:\ProgramData\Browser Manager

Ordner Gefunden : C:\ProgramData\BrowserProtect

Ordner Gefunden : C:\Users\shikha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Ordner Gefunden : C:\Users\shikha\AppData\Local\Temp\Delta

Ordner Gefunden : C:\Users\shikha\AppData\LocalLow\BabylonToolbar

Ordner Gefunden : C:\Users\shikha\AppData\Roaming\BabSolution

Ordner Gefunden : C:\Users\shikha\AppData\Roaming\Babylon

Ordner Gefunden : C:\Users\shikha\AppData\Roaming\DealPly

Ordner Gefunden : C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

Ordner Gefunden : C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

Ordner Gefunden : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}
 

***** [Registrierungsdatenbank] *****
 

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261249~1.132\{16cdf~1\browse~1.dll

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll

Schlüssel Gefunden : HKCU\Software\BrowserMngr

Schlüssel Gefunden : HKCU\Software\DataMngr

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar

Schlüssel Gefunden : HKCU\Software\DealPly

Schlüssel Gefunden : HKCU\Software\Delta

Schlüssel Gefunden : HKCU\Software\InstallCore

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Schlüssel Gefunden : HKCU\Software\53e8adce535ed48

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Schlüssel Gefunden : HKLM\Software\Babylon

Schlüssel Gefunden : HKLM\Software\BrowserMngr

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gefunden : HKLM\Software\DataMngr

Schlüssel Gefunden : HKLM\Software\DealPly

Schlüssel Gefunden : HKLM\Software\Delta

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\53e8adce535ed48

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Schlüssel Gefunden : HKU\S-1-5-21-2965351076-2486154365-3611300939-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gefunden : HKU\S-1-5-21-2965351076-2486154365-3611300939-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16483
 

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=88D5002421803A95

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=88D5002421803A95

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=114435&tt=120912_pcp_3812_3&babsrc=NT_ss&mntrId=88d5a919000000000000002421803a95
 

*************************
 

AdwCleaner[R1].txt - [13206 octets] - [25/05/2013 14:08:16]
 

########## EOF - C:\AdwCleaner[R1].txt - [13267 octets] ##########

--- --- ---

2. Logdatei Adware:AdwCleaner Logfile:

Code:

# AdwCleaner v2.301 - Datei am 25/05/2013 um 14:09:32 erstellt

# Aktualisiert am 16/05/2013 von Xplode

# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)

# Benutzer : shikha - SHIKHA-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\shikha\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 

Gestoppt & Gelöscht : BrowserProtect
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\user.js

Gelöscht mit Neustart : C:\Program Files (x86)\DealPly

Gelöscht mit Neustart : C:\Program Files (x86)\Delta

Gelöscht mit Neustart : C:\ProgramData\AVG Security Toolbar

Gelöscht mit Neustart : C:\ProgramData\Babylon

Gelöscht mit Neustart : C:\ProgramData\Browser Manager

Gelöscht mit Neustart : C:\ProgramData\BrowserProtect

Gelöscht mit Neustart : C:\Users\shikha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Gelöscht mit Neustart : C:\Users\shikha\AppData\Local\Temp\Delta

Gelöscht mit Neustart : C:\Users\shikha\AppData\LocalLow\BabylonToolbar

Gelöscht mit Neustart : C:\Users\shikha\AppData\Roaming\BabSolution

Gelöscht mit Neustart : C:\Users\shikha\AppData\Roaming\Babylon

Gelöscht mit Neustart : C:\Users\shikha\AppData\Roaming\DealPly

Gelöscht mit Neustart : C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

Gelöscht mit Neustart : C:\Users\shikha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

Gelöscht mit Neustart : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}
 

***** [Registrierungsdatenbank] *****
 

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261249~1.132\{16cdf~1\browse~1.dll

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll

Schlüssel Gelöscht : HKCU\Software\BrowserMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\DealPly

Schlüssel Gelöscht : HKCU\Software\Delta

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Schlüssel Gelöscht : HKCU\Software\53e8adce535ed48

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\Software\BrowserMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\Software\DealPly

Schlüssel Gelöscht : HKLM\Software\Delta

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\53e8adce535ed48

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16483
 

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=88D5002421803A95 --> hxxp://www.google.com

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=114435&tt=120912_pcp_3812_3&babsrc=NT_ss&mntrId=88d5a919000000000000002421803a95 --> hxxp://www.google.com
 

*************************
 

AdwCleaner[R1].txt - [13293 octets] - [25/05/2013 14:08:16]

AdwCleaner[S1].txt - [11591 octets] - [25/05/2013 14:09:32]
 

########## EOF - C:\AdwCleaner[S1].txt - [11652 octets] ##########

--- --- ---

LOgdatei ADWARE ADWCLEANERAdwCleaner Logfile:

Code:

# AdwCleaner v2.301 - Datei am 25/05/2013 um 14:18:35 erstellt

# Aktualisiert am 16/05/2013 von Xplode

# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)

# Benutzer : shikha - SHIKHA-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\shikha\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16483
 

[OK] Die Registrierungsdatenbank ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [13293 octets] - [25/05/2013 14:08:16]

AdwCleaner[S1].txt - [11678 octets] - [25/05/2013 14:09:32]

AdwCleaner[S2].txt - [700 octets] - [25/05/2013 14:18:35]
 

########## EOF - C:\AdwCleaner[S2].txt - [759 octets] ##########

--- --- ---

Report Combofix:
Combofix Logfile:

Code:

ComboFix 13-05-25.02 - shikha 25.05.2013  14:27:47.2.2 - x64

ausgeführt von:: c:\users\shikha\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\hosts

c:\users\shikha\AppData\Roaming\Aluvov

c:\users\shikha\AppData\Roaming\Aluvov\vibud.exe

c:\users\shikha\AppData\Roaming\skype.ini

c:\windows\sv.ini

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-04-25 bis 2013-05-25  ))))))))))))))))))))))))))))))

.

.

2013-05-25 12:34 . 2013-05-25 12:34        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-05-25 12:34 . 2013-05-25 12:34        --------        d-----w-        c:\users\shikha\AppData\Local\temp

2013-05-25 12:34 . 2013-05-25 12:34        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-05-25 12:26 . 2013-05-25 12:26        --------        d-----w-        C:\32788R22FWJFW

2013-05-25 11:54 . 2013-05-25 11:54        69632        ----a-r-        c:\users\shikha\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe

2013-05-25 11:54 . 2013-05-25 11:54        49152        ----a-r-        c:\users\shikha\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe

2013-05-25 11:54 . 2013-05-25 11:54        --------        d-----w-        c:\users\shikha\Qtrax

2013-05-25 11:53 . 2013-05-25 11:53        --------        d-----w-        c:\users\shikha\AppData\Local\Downloaded Installations

2013-05-25 11:53 . 2013-05-25 11:53        --------        d-----w-        c:\users\shikha\AppData\Roaming\DSite

2013-05-25 11:53 . 2013-05-25 11:53        --------        d-----w-        c:\program files (x86)\OpenIt

2013-05-25 09:02 . 2013-05-25 09:02        --------        d-----w-        c:\users\shikha\AppData\Local\IAC

2013-05-23 09:03 . 2013-05-25 12:22        --------        d-----w-        c:\users\shikha\AppData\Roaming\Anizce

2013-05-23 09:03 . 2013-05-23 09:03        --------        d-----w-        c:\users\shikha\AppData\Roaming\Gyxeca

2013-05-22 16:40 . 2013-05-05 21:36        17818624        ----a-w-        c:\windows\system32\mshtml.dll

2013-05-22 16:40 . 2013-05-05 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2013-05-22 16:40 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2013-05-22 16:31 . 2013-04-09 01:55        2774016        ----a-w-        c:\windows\system32\win32k.sys

2013-05-22 16:31 . 2013-04-15 14:17        901496        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2013-05-22 16:31 . 2013-03-03 19:13        1513320        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2013-05-22 16:31 . 2013-04-13 03:34        47104        ----a-w-        c:\windows\system32\cdd.dll

2013-05-22 16:31 . 2013-03-11 13:33        4691304        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-05-22 16:31 . 2013-03-09 04:16        85504        ----a-w-        c:\windows\system32\csrsrv.dll

2013-05-22 16:31 . 2013-03-09 01:48        75264        ----a-w-        c:\windows\system32\smss.exe

2013-05-22 16:31 . 2013-03-08 04:18        451072        ----a-w-        c:\windows\system32\winsrv.dll

2013-05-22 16:31 . 2013-03-08 04:17        2425344        ----a-w-        c:\windows\system32\mstscax.dll

2013-05-22 16:31 . 2013-03-08 03:52        2067968        ----a-w-        c:\windows\SysWow64\mstscax.dll

2013-05-14 08:33 . 2013-05-21 15:43        --------        d-----w-        c:\users\shikha\AppData\Roaming\Olvys

2013-05-14 08:33 . 2013-05-14 08:33        --------        d-----w-        c:\users\shikha\AppData\Roaming\Wiocx

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-03 14:15 . 2006-11-02 12:35        75016696        ----a-w-        c:\windows\system32\mrt.exe

2013-04-08 13:44 . 2013-04-08 13:42        1395        ----a-w-        c:\windows\system32\drivers\etc 1\hosts.tmp

2013-04-04 12:50 . 2013-04-12 08:44        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-04-03 14:22 . 2013-04-03 12:32        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-03 14:22 . 2013-04-03 12:32        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-06 13:13 . 2013-04-11 16:36        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-02-26 13:56 . 2013-04-11 16:36        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-02-26 13:56 . 2013-04-11 16:36        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-02-25 22:32 . 2013-02-25 22:32        25256224        ----a-w-        c:\windows\system32\nvcompiler.dll

2013-02-25 22:32 . 2013-02-25 22:32        2505144        ----a-w-        c:\windows\SysWow64\nvapi.dll

2013-02-25 22:32 . 2013-02-25 22:32        15129960        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2013-02-25 22:32 . 2013-02-25 22:32        6262608        ----a-w-        c:\windows\SysWow64\nvopencl.dll

2013-02-25 22:32 . 2013-02-25 22:32        2826040        ----a-w-        c:\windows\system32\nvapi64.dll

2013-02-25 22:32 . 2013-02-25 22:32        18055184        ----a-w-        c:\windows\system32\nvd3dumx.dll

2013-02-25 22:32 . 2012-10-10 20:22        1814304        ----a-w-        c:\windows\system32\nvdispco64.dll

2013-02-25 22:32 . 2013-02-25 22:32        2720544        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2013-02-25 22:32 . 2013-02-25 22:32        26929440        ----a-w-        c:\windows\system32\nvoglv64.dll

2013-02-25 22:32 . 2013-02-25 22:32        7932256        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2013-02-25 22:32 . 2013-02-25 22:32        2346784        ----a-w-        c:\windows\system32\nvcuvenc.dll

2013-02-25 22:32 . 2013-02-25 22:32        11036448        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2013-02-25 22:32 . 2012-10-10 20:23        1510176        ----a-w-        c:\windows\system32\nvdispgenco64.dll

2013-02-25 22:32 . 2013-02-25 22:32        2904352        ----a-w-        c:\windows\system32\nvcuvid.dll

2013-02-25 22:32 . 2013-02-25 22:32        20449056        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2013-02-25 22:32 . 2013-02-25 22:32        15053264        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2013-02-25 22:32 . 2013-02-25 22:32        17560352        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2013-02-25 22:32 . 2013-02-25 22:32        7564040        ----a-w-        c:\windows\system32\nvopencl.dll

2013-02-25 22:32 . 2013-02-25 22:32        1985824        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2013-02-25 22:32 . 2013-02-25 22:32        12641992        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2013-02-25 22:32 . 2013-02-25 22:32        9390760        ----a-w-        c:\windows\system32\nvcuda.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38        121392        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]

"Sabre OADP Util"="d:\sabre\Apps\OADP\OADPUtil.exe" [2009-07-08 528448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

mfnqlu

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03 14:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:39        51248        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-25 6150656]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-04 560688]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 333344]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0809&m=aspire_m3641

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: agentware.net

Trusted Zone: akamaiedge.net

Trusted Zone: cibt.com

Trusted Zone: etraveladisories.com

Trusted Zone: getthere.com

Trusted Zone: merlin.com

Trusted Zone: merlinx2.de

Trusted Zone: midoffice.sabre-merlin.com

Trusted Zone: mysabremerlin.de

Trusted Zone: onthesnow.com

Trusted Zone: pathlore.net

Trusted Zone: portpromotions.com

Trusted Zone: sabre.com

Trusted Zone: sabre.com\eservices

Trusted Zone: sabreconsolidator.com

Trusted Zone: softvoyage.com

Trusted Zone: theluggageclub.com

Trusted Zone: travelpn.com

Trusted Zone: travisa.com

Trusted Zone: vacationstudio.net

Trusted Zone: vaxvacationaccess.com

Trusted Zone: virtuallythere.com

Trusted Zone: vtitin.com

Trusted Zone: wcities.com

Trusted Zone: wctravel.com

Trusted Zone: wellwishers.com

Trusted Zone: whatsonwhen.com

Trusted Zone: worktopia.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-Zuaxnoriuh - c:\users\shikha\AppData\Roaming\Aluvov\vibud.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Notify-noknovy - (no file)

AddRemove-MySabre - c:\windows\ISUN0407.EXE

AddRemove-Open Systems Client - c:\windows\ISUN0407.EXE

AddRemove-Sabre Device Manager - c:\windows\ISUN0407.EXE

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Zeit der Fertigstellung: 2013-05-25  14:37:25

ComboFix-quarantined-files.txt  2013-05-25 12:37

ComboFix2.txt  2013-05-22 16:26

.

Vor Suchlauf: 21 Verzeichnis(se), 267.043.254.272 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 267.346.821.120 Bytes frei

.

- - End Of File - - 48102BFE717A594CF6705F4E61F6000F

--- --- ---