Code:
ComboFix 13-06-08.02 - Ede 11.06.2013 13:24:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.2255 [GMT 2:00]
ausgeführt von:: c:\users\Ede\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\cseDVH.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-11 bis 2013-06-11 ))))))))))))))))))))))))))))))
.
.
2013-06-11 11:33 . 2013-06-11 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-10 19:47 . 2013-06-10 19:47 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-10 15:14 . 2013-06-10 15:14 -------- d-----w- c:\windows\SysWow64\NV
2013-06-10 15:14 . 2013-06-10 15:14 -------- d-----w- c:\windows\system32\NV
2013-06-10 15:13 . 2013-06-10 15:13 -------- d-----w- c:\users\UpdatusUser
2013-06-10 15:12 . 2012-12-29 08:40 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-10 15:12 . 2012-12-29 08:40 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-10 15:12 . 2012-12-29 08:40 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2013-06-10 15:12 . 2012-12-29 08:40 997816 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-06-10 15:12 . 2012-12-29 08:40 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-10 15:12 . 2012-12-29 08:40 63928 ----a-w- c:\windows\system32\nvshext.dll
2013-06-10 15:12 . 2012-12-29 08:40 55736 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-06-10 15:12 . 2012-12-29 08:40 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-10 15:12 . 2012-12-29 08:40 118712 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-10 15:11 . 2013-06-10 15:11 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-06-09 16:45 . 2013-06-09 16:45 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-06-09 16:45 . 2013-06-09 16:45 -------- d-----w- c:\windows\SysWow64\Extensions
2013-06-09 16:41 . 2013-06-09 16:45 -------- d-----w- c:\users\Administrator.Netz
2013-06-08 20:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-06-08 20:40 . 2013-06-08 20:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-06-08 20:39 . 2013-06-08 20:39 -------- d-----w- c:\users\Ede\AppData\Local\Programs
2013-06-08 19:46 . 2013-06-08 20:45 -------- d-----w- c:\program files (x86)\MyFree Codec
2013-06-08 19:09 . 2013-04-18 10:09 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-06-08 19:09 . 2011-06-07 10:14 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll
2013-06-08 10:23 . 2013-06-11 11:34 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-06-08 10:23 . 2013-06-11 11:34 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-06-07 21:09 . 2013-06-07 21:09 -------- d-----w- c:\programdata\BrowserDefender
2013-06-07 21:09 . 2013-06-07 21:09 -------- d-----w- c:\users\Ede\AppData\Roaming\BabSolution
2013-06-07 21:09 . 2013-06-07 21:09 -------- d-----w- c:\program files (x86)\Delta
2013-06-07 21:09 . 2013-06-07 21:09 -------- d-----w- c:\users\Ede\AppData\Roaming\Delta
2013-06-07 21:08 . 2013-06-07 21:08 -------- d-----w- c:\users\Ede\AppData\Roaming\Babylon
2013-06-07 21:08 . 2013-06-07 21:08 -------- d-----w- c:\programdata\Babylon
2013-06-07 18:55 . 2013-06-07 18:55 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-07 18:55 . 2013-06-07 18:55 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-07 18:55 . 2013-06-10 15:53 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-07 18:55 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-07 18:55 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-07 18:52 . 2013-06-07 18:52 -------- d-----w- c:\users\Ede\AppData\Roaming\OpenOffice.org
2013-06-07 18:51 . 2013-06-07 18:51 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2013-06-04 07:15 . 2013-06-04 07:15 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-06-04 07:15 . 2013-06-04 07:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-04 07:15 . 2013-06-04 07:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-04 07:15 . 2013-06-04 07:15 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-05-14 17:20 . 2013-05-14 17:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-14 17:20 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 11:34 . 2012-06-26 08:09 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-06-07 17:57 . 2012-12-15 13:26 44544 ----a-w- c:\windows\SysWow64\agremove.exe
2013-05-20 23:11 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 19:34 . 2012-07-18 19:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:34 . 2012-07-18 19:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 16:39 . 2012-10-01 21:10 39936 ----a-w- c:\windows\SysWow64\identprv.dll
2013-05-07 11:43 . 2013-05-07 11:44 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-03-30 11:10 . 2013-03-30 11:31 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 11:10 . 2013-03-30 11:31 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 11:10 . 2013-03-30 11:31 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-16 03:24 . 2013-03-16 03:24 0 ----a-w- c:\windows\SysWow64\shoC9FD.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Ede\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-09 138096]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-06-08 844168]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-13 3093624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"<NO NAME>"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-06-08 844168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1110096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2008-02-21 98304]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-8-20 723560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys;c:\windows\SYSNATIVE\DRIVERS\hcwhdpvr.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 rpcnetp;rpcnetp;rpcnetp [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 19:34]
.
2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1619428777-3269123750-1031834656-1001Core.job
- c:\users\Ede\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-23 10:22]
.
2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1619428777-3269123750-1031834656-1001UA.job
- c:\users\Ede\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-23 10:22]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1619428777-3269123750-1031834656-1001Core.job
- c:\users\Ede\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 19:32]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1619428777-3269123750-1031834656-1001UA.job
- c:\users\Ede\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 19:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=44444&babsrc=HP_ss_din2g&mntrId=AA3EF6D53D235ECE
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={981EF484-2B83-11E2-9D2F-047D7B7A3ED1}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ede\AppData\Roaming\Mozilla\Firefox\Profiles\oiq1joy8.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=44444&babsrc=HP_ss_din2g&mntrId=AA3EF6D53D235ECE
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-06-07 23:09; ffxtlbr@delta.com; c:\users\Ede\AppData\Roaming\Mozilla\Firefox\Profiles\oiq1joy8.default\extensions\ffxtlbr@delta.com
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - aa3e0568000000000000f6d53d235ece
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15863
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.523:09
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=44444
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-ArcSoft Connection Service - c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-26868678.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:88,26,43,fc,d4,82,ce,40,dd,6c,d7,9b,2f,f3,2a,1c,83,49,19,07,38,
27,f9,08,a4,64,12,18,99,f0,1e,d5,e7,2d,0c,e7,38,00,e7,7e,b7,fe,19,2e,d9,f5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:88,26,43,fc,d4,82,ce,40,dd,6c,d7,9b,2f,f3,2a,1c,83,49,19,07,38,
27,f9,08,a4,64,12,18,99,f0,1e,d5,e7,2d,0c,e7,38,00,e7,7e,b7,fe,19,2e,d9,f5,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\rpcnetp.exe
c:\program files (x86)\Acer\Acer VCM\RS_Service.exe
c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\windows\SysWOW64\jmdp\stij.exe
c:\advanced wheel mouse\wh_exec.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-11 13:41:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-11 11:41
.
Vor Suchlauf: 15 Verzeichnis(se), 342.617.481.216 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 342.295.257.088 Bytes frei
.
- - End Of File - - B5107B10F5375D69F8E1C3F9AB11E610
D41D8CD98F00B204E9800998ECF8427E |