shopgirl | 28.06.2013 19:23 | hallo,
leider hab ich avira nicht ganz ausgekriegt, aber die echtzeit-Überwachung war aus (über die registry hat er trotzdem gemeckert...?).
hier ist das log: Code:
Combofix Logfile:
Code:
ComboFix 13-06-28.02 - Administrator 28.06.2013 19:55:45.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.8183.5805 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Outdated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reminder.exe.lnk
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-28 bis 2013-06-28 ))))))))))))))))))))))))))))))
.
.
2013-06-28 17:50 . 2013-06-28 17:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\RealNetworks
2013-06-28 16:27 . 2013-06-28 16:27 -------- d-----w- C:\FRST
2013-06-27 20:57 . 2013-06-27 20:57 -------- d-----w- c:\users\HP Berlin\AppData\Roaming\Malwarebytes
2013-06-27 20:56 . 2013-06-27 20:56 -------- d-----w- c:\programdata\Malwarebytes
2013-06-27 20:56 . 2013-06-27 20:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-27 20:56 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-27 20:56 . 2013-06-27 20:56 -------- d-----w- c:\users\HP Berlin\AppData\Local\Programs
2013-06-12 22:02 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 13:14 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 13:14 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 13:14 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 13:14 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 13:14 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-02 12:24 . 2013-06-02 12:24 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-02 12:24 . 2013-06-02 12:24 -------- d-----w- c:\program files\iTunes
2013-06-02 12:24 . 2013-06-02 12:24 -------- d-----w- c:\program files (x86)\iTunes
2013-06-02 12:24 . 2013-06-02 12:24 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 08:19 . 2013-05-07 08:55 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-12 22:02 . 2013-01-29 23:23 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-29 05:07 . 2013-05-29 05:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-29 05:07 . 2013-05-29 05:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-29 05:07 . 2013-05-29 05:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-29 05:07 . 2013-05-29 05:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-29 05:07 . 2013-05-29 05:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-29 05:07 . 2013-05-29 05:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-29 05:07 . 2013-05-29 05:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-29 05:07 . 2013-05-29 05:07 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-29 05:07 . 2013-05-29 05:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-29 05:07 . 2013-05-29 05:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-29 05:07 . 2013-05-29 05:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-29 05:07 . 2013-05-29 05:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-29 05:07 . 2013-05-29 05:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-29 05:07 . 2013-05-29 05:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-29 05:07 . 2013-05-29 05:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-29 05:07 . 2013-05-29 05:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-29 05:07 . 2013-05-29 05:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-29 05:07 . 2013-05-29 05:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-29 05:07 . 2013-05-29 05:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-29 05:07 . 2013-05-29 05:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-29 05:07 . 2013-05-29 05:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-29 05:07 . 2013-05-29 05:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-29 05:07 . 2013-05-29 05:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-29 05:07 . 2013-05-29 05:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 05:07 . 2013-05-29 05:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-29 05:07 . 2013-05-29 05:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-29 05:07 . 2013-05-29 05:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-29 05:07 . 2013-05-29 05:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-29 05:07 . 2013-05-29 05:07 441856 ----a-w- c:\windows\system32\html.iec
2013-05-29 05:07 . 2013-05-29 05:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-29 05:07 . 2013-05-29 05:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-29 05:07 . 2013-05-29 05:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-29 05:07 . 2013-05-29 05:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-29 05:07 . 2013-05-29 05:07 235008 ----a-w- c:\windows\system32\url.dll
2013-05-29 05:07 . 2013-05-29 05:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-29 05:07 . 2013-05-29 05:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-29 05:07 . 2013-05-29 05:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-29 05:07 . 2013-05-29 05:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 05:07 . 2013-05-29 05:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-29 05:07 . 2013-05-29 05:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 05:07 . 2013-05-29 05:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-29 05:07 . 2013-05-29 05:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-29 05:07 . 2013-05-29 05:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-29 05:07 . 2013-05-29 05:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-29 05:07 . 2013-05-29 05:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-29 05:07 . 2013-05-29 05:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-29 05:07 . 2013-05-29 05:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-29 05:07 . 2013-05-29 05:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-29 05:07 . 2013-05-29 05:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-19 10:39 . 2013-01-29 21:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-19 10:39 . 2013-01-29 21:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 17:09 . 2013-03-21 09:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-05-18 17:09 . 2013-03-21 09:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-05-15 14:23 . 2013-05-15 14:23 16948616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-04 17:46 . 2013-05-04 17:46 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-04 17:46 . 2013-05-04 17:46 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-04 17:46 . 2013-05-04 17:46 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-01 11:48 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-14 12:48 . 2013-04-14 12:48 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-14 12:48 . 2013-04-14 12:48 310688 ----a-w- c:\windows\system32\javaws.exe
2013-04-14 12:48 . 2013-04-14 12:48 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-14 12:48 . 2013-04-14 12:48 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-14 12:48 . 2013-04-14 12:48 188320 ----a-w- c:\windows\system32\java.exe
2013-04-14 12:48 . 2013-04-14 12:48 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-13 05:49 . 2013-05-15 07:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 07:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 07:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 07:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 07:42 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:39 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 07:42 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 07:42 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 07:42 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:54 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2011-03-25 3695984]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-24 345144]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2013-1-30 2472448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2013-1-29 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30 17:21]
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30 17:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:54 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-09-12 892416]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2a5x3wnf.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-ISW - (no file)
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3987356594-2233487089-3167824187-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,3b,1b,f5,d9,31,
ff,80,e0,ac,05,91,ab,fa,e1,a1,6b,f7,18
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c4,
09,9d,b8,e9,09,bc,94,bc,17,8e,6f,fb,dc
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,de,52,
21,51,e4,af,00,91,72,0a,49,16,20,d4,d5
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,0f,
67,c0,86,46,0d,af,e9,92,9a,f3,98,6b,5c
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,3b,1b,d2,2b,51,
9b,05,55,46,06,a4,3f,0f,2c,b5,af,90,fc
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,2b,
81,32,1c,d5,01,97,ce,17,24,74,49,25,d9
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e8,
a5,11,5e,33,02,a3,20,04,f3,02,cf,44,e0
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d3,
ca,75,f4,31,08,a5,76,da,65,c3,84,ce,b6
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,3b,1b,59,36,88,
ff,f0,85,73,06,ba,d8,88,48,4b,64,cb,f9
.
[HKEY_USERS\S-1-5-21-3987356594-2233487089-3167824187-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:65,d6,0a,f8,27,74,ce,01
.
[HKEY_USERS\S-1-5-21-3987356594-2233487089-3167824187-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,ff,3d,44,f4,ec,fd,4a,88,67,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,ff,3d,44,f4,ec,fd,4a,88,67,77,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files (x86)\Brownie\brpjp04a.exe
c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-28 20:11:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-28 18:11
.
Vor Suchlauf: 11 Verzeichnis(se), 589.992.947.712 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 590.973.366.272 Bytes frei
.
- - End Of File - - 939A84871E02DCDBF1AC690EBF20E40D --- --- ---
D41D8CD98F00B204E9800998ECF8427E
was kommt als nächstes?
danke,
shopgirl |