basketbolistas | 20.08.2013 19:52 | Code:
# AdwCleaner v3.000 - Report created 20/08/2013 at 19:49:13
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Herr - ORGANISA-5D6C38
# Running from : C:\Dokumente und Einstellungen\Herr\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Video downloader Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Folder Deleted : C:\Programme\Ask.com
Folder Deleted : C:\Programme\DomaIQ Uninstaller
Folder Deleted : C:\Programme\optimizer pro
Folder Deleted : C:\Programme\Video Downloader
Folder Deleted : C:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB
Folder Deleted : C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Folder Deleted : C:\Dokumente und Einstellungen\Herr\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Folder Deleted : C:\DOKUME~1\Herr\LOKALE~1\Temp\AskSearch
Folder Deleted : C:\DOKUME~1\Herr\LOKALE~1\Temp\boost_interprocess
Folder Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\AskToolbar
Folder Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Babylon
Folder Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\dvdvideosoftiehelpers
Folder Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\SwvUpdater
Folder Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\Extensions\toolbar@ask.com
File Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\searchplugins\11-suche.xml
File Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\searchplugins\Askcom.xml
File Deleted : C:\Programme\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\searchplugins\delta.xml
File Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\bProtector_extensions.rdf
File Deleted : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\user.js
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\5fe8ad8e539ec43
Key Deleted : HKLM\SOFTWARE\5fe8ad8e539ec43
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v22.0 (de)
[ File : C:\Dokumente und Einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Programme\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_18.0.2");
Line Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "^AGS");
Line Deleted : user_pref("extensions.asktb.config-updated", false);
Line Deleted : user_pref("extensions.asktb.crumb", "2013.02.23+08.50.17-toolbar010iad-DE-TWFubmhlaW0sR2VybWFueQ%3D%3D");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
Line Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Line Deleted : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Line Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "ffffd589-33e6-4ed3-9cf9-941b003fa882");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1363538287680");
Line Deleted : user_pref("extensions.asktb.locale", "de_DE");
Line Deleted : user_pref("extensions.asktb.localePref", true);
Line Deleted : user_pref("extensions.asktb.location", "Mannheim,Germany");
Line Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Deleted : user_pref("extensions.asktb.o", "APN10261");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "19");
Line Deleted : user_pref("extensions.asktb.sa", "YES");
Line Deleted : user_pref("extensions.asktb.sa-enabled", "false");
Line Deleted : user_pref("extensions.asktb.saguid", "E369B5C9-ED85-4674-9B9E-F1C33E73F6FA");
Line Deleted : user_pref("extensions.asktb.save-searches", false);
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.show-labels", false);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "23.02.2013 17:54:32");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.15.18.100015");
Line Deleted : user_pref("extensions.asktb.version", "5.15.18.37268");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.id", "48d1a502000000000000002269135b5a");
Line Deleted : user_pref("extensions.delta.instlDay", "15798");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.020:37:41");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Line Deleted : user_pref("extensions.enabledAddons", "%7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10,%7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21,toolbar%40ask.com:3.15.18.100015,%7B77BEC163-D389-42c1-91A4-C[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\Programme\\\\DivX\\\\DivX Plus Web Player\\\\firef[...]
Line Deleted : user_pref("vshare.install.date", "1315672709");
Line Deleted : user_pref("vshare.install.finished", "1.0.0");
Line Deleted : user_pref("vshare.install.fresh", "false");
Line Deleted : user_pref("vshare.install.guid", "{7a9a6937-976b-45ec-bfe4-def8b85e94df}");
Line Deleted : user_pref("vshare.install.newtab", false);
*************************
AdwCleaner[R0].txt - [15230 octets] - [20/08/2013 19:48:08]
AdwCleaner[S0].txt - [15336 octets] - [20/08/2013 19:49:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15397 octets] ########## Code:
ComboFix 13-08-19.02 - Herr 20.08.2013 20:14:44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1012.584 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Herr\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Herr\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\Tasks\AmiUpdXp.job"
"c:\windows\Tasks\DGChrome15337 Watcher.job"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Herr\Anwendungsdaten\Obesqu
c:\dokumente und einstellungen\Herr\Anwendungsdaten\Obesqu\icco.kea
c:\dokumente und einstellungen\Herr\Anwendungsdaten\Yreh
c:\dokumente und einstellungen\Herr\Anwendungsdaten\Yreh\onso.elo
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-20 bis 2013-08-20 ))))))))))))))))))))))))))))))
.
.
2013-08-20 17:46 . 2013-08-20 17:49 -------- d-----w- C:\AdwCleaner
2013-08-05 15:59 . 2013-08-19 19:48 -------- d-----w- c:\dokumente und einstellungen\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-05 15:49 . 2012-04-19 15:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-05 15:49 . 2011-09-26 09:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-07 21:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:48 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-05 09:08 . 2004-08-04 12:00 1876864 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22 . 2004-08-04 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1und1Dispatcher"="c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2012-10-16 223600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"AzMixerSel"="c:\programme\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"MailCheck IE Broker"="c:\programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-11-22 1461896]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-07-05 345144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Herr\Startmenü\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23.02.2013 18:52 37352]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [23.02.2013 18:53 84024]
R2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [23.02.2013 18:52 589368]
S2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02.10.2012 13:13 3064000]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [05.06.2012 15:17 160944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [23.12.2009 13:37 96856]
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Herr\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\dokumente und einstellungen\Herr\Anwendungsdaten\Mozilla\Firefox\Profiles\e8v3mopm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sport-fm.gr/
FF - ExtSQL: !HIDDEN! 2012-01-07 10:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Ipyqir - c:\dokumente und einstellungen\Herr\Anwendungsdaten\Altuy\aqhy.exe
AddRemove-{77BEC163-D389-42c1-91A4-C758846296A5}_is1 - c:\programme\Video downloader\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-20 20:41
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(772)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2013-08-20 20:43:35
ComboFix-quarantined-files.txt 2013-08-20 18:43
ComboFix2.txt 2013-08-19 20:16
.
Vor Suchlauf: 12 Verzeichnis(se), 79.871.651.840 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 83.482.836.992 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A992DDECAA5BD8917068E1FF5E98B3C2
72B8CE41AF0DE751C946802B3ED844B4 |