Hier ist die Logdatei :) Code:
ComboFix 13-09-12.01 - ******+13.09.2013 8:07.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2038.1134 [GMT 2:00]
ausgeführt von:: c:\users\power\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SaveShare
c:\programdata\saviEnshare
c:\users\power\AppData\Roaming\dclogs
c:\users\power\AppData\Roaming\dclogs\2013-08-09-6.dc
c:\users\power\AppData\Roaming\ImgBurn.exe
c:\users\power\AppData\Roaming\Mozilla\Firefox\Profiles\nwe7omcc.default\extensions\nqiz078@kqgdutpmr.co.uk
c:\users\power\AppData\Roaming\Mozilla\Firefox\Profiles\nwe7omcc.default\extensions\nqiz078@kqgdutpmr.co.uk\bootstrap.js
c:\users\power\AppData\Roaming\Mozilla\Firefox\Profiles\nwe7omcc.default\extensions\nqiz078@kqgdutpmr.co.uk\chrome.manifest
c:\users\power\AppData\Roaming\Mozilla\Firefox\Profiles\nwe7omcc.default\extensions\nqiz078@kqgdutpmr.co.uk\content\bg.js
c:\users\power\AppData\Roaming\Mozilla\Firefox\Profiles\nwe7omcc.default\extensions\nqiz078@kqgdutpmr.co.uk\install.rdf
c:\users\power\AppData\Roaming\yuvcodecs-1.3.exe
c:\windows\system32\MSDCSC
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-13 bis 2013-09-13 ))))))))))))))))))))))))))))))
.
.
2013-09-13 06:22 . 2013-09-13 06:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-13 06:22 . 2013-09-13 06:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-13 05:28 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C027B012-0C58-441B-899C-FC2006B6C9E3}\mpengine.dll
2013-09-12 12:31 . 2013-09-12 12:31 -------- d-----w- C:\FRST
2013-09-09 17:15 . 2013-09-09 17:15 -------- d-----w- c:\programdata\Browser Manager
2013-09-09 13:16 . 2013-09-09 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-09 13:16 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-06 07:38 . 2013-09-06 07:38 -------- d-----w- C:\found.001
2013-09-05 18:35 . 2013-09-13 05:21 -------- d-----w- c:\users\power\AppData\Local\CrashDumps
2013-08-31 23:15 . 2013-08-31 23:15 -------- d-----w- c:\users\power\verschicht - klamotten
2013-08-29 17:38 . 2008-01-24 11:44 -------- d-----w- C:\eeepcfr
2013-08-29 16:25 . 2013-08-29 16:25 -------- d-----w- C:\SFX
2013-08-29 16:25 . 2013-08-29 16:25 -------- d-----w- C:\[BOOT]
2013-08-29 16:25 . 2013-08-29 16:25 -------- d-----w- C:\PROGRAMS
2013-08-29 16:25 . 2013-08-29 16:25 -------- d-----w- C:\I386
2013-08-29 16:17 . 2013-08-29 16:17 -------- d-----w- c:\users\power\Systemroot
2013-08-29 16:11 . 2013-08-29 16:11 -------- d-----w- c:\users\power\G
2013-08-29 16:09 . 2013-08-29 16:10 -------- d-----w- c:\users\power\Musik
2013-08-29 15:50 . 2013-08-29 16:32 -------- d-----w- c:\users\power\OTLPE
2013-08-29 14:38 . 2012-03-25 18:19 261308720 ----a-w- c:\users\power\cs16full_v7 (2).exe
2013-08-29 10:00 . 2013-08-29 10:01 -------- d-----w- c:\program files\GeoGebra 4.2
2013-08-28 14:30 . 2013-08-28 14:33 -------- d-----w- c:\programdata\HitmanPro
2013-08-27 13:49 . 2013-08-27 14:02 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-08-27 13:45 . 2013-08-27 14:01 -------- d-----w- c:\programdata\Soluto
2013-08-26 12:56 . 2013-08-26 12:56 -------- d-----w- c:\program files\CPUID
2013-08-21 20:44 . 2013-08-27 14:03 -------- d-----w- c:\program files\SpeedFan
2013-08-14 17:17 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 17:17 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 17:17 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 17:17 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 17:17 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 17:17 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 17:17 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 17:17 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 17:17 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 17:17 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 17:16 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 17:16 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 06:22 . 2012-04-05 12:58 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-09-04 14:00 . 2013-05-07 13:47 66144 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-04 14:00 . 2012-11-09 06:58 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-04 14:00 . 2012-11-09 06:58 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-21 12:02 . 2012-05-03 05:54 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-21 12:02 . 2011-08-24 18:57 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-07 13:04 . 2012-04-16 14:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 13:04 . 2012-04-16 14:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-14 17:43 . 2013-07-14 17:43 152848 --s---r- c:\windows\system32\COMDLG32.OCX
2013-07-14 17:43 . 2013-07-14 17:43 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
2013-06-25 16:21 . 2013-06-25 16:21 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-25 15:26 . 2013-06-25 15:24 7760687 ----a-w- c:\users\power\AppData\Roaming\SetupGFD.exe
2013-06-25 15:24 . 2013-06-25 15:18 5243208 ----a-w- c:\users\power\AppData\Roaming\AvsP.exe
2013-06-25 15:18 . 2013-06-25 15:16 1357348 ----a-w- c:\users\power\AppData\Roaming\MatroskaSplitter.exe
2013-06-25 15:10 . 2013-06-25 15:05 5082084 ----a-w- c:\users\power\AppData\Roaming\Avisynth.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-04 347192]
"Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^JumpPad.lnk]
backup=c:\windows\pss\JumpPad.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^myBoard.lnk]
backup=c:\windows\pss\myBoard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MySapce.lnk]
backup=c:\windows\pss\MySapce.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk]
backup=c:\windows\pss\YzShadow.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2000-01-01 00:00 10996368 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" /silent
"StarterBackgroundChanger"="c:\program files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUSPRP"=c:\program files\ASUS\APRP\APRP.EXE
"Persistence"=c:\windows\system32\igfxpers.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"IAStorIcon"=c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x32.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 35592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-29 37352]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-09-04 84024]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2010-10-28 189776]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-09-19 1699168]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-09-19 10088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 13:04]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-19 11:45]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-19 11:45]
.
2013-08-09 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
- c:\program files\TuneUp Utilities 2013\OneClick.exe [2012-09-19 10:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchAssistant = hxxp://www.google.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\power\AppData\Roaming\Mozilla\Firefox\Profiles\nwe7omcc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=473&v=n8883-100&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=4352935405034440&o=APN10640&q=
FF - ExtSQL: 2013-08-09 15:55; nqiz078@kqgdutpmr.co.uk; c:\users\power\AppData\Roaming\Mozilla\Firefox\Profiles\nwe7omcc.default\extensions\nqiz078@kqgdutpmr.co.uk
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll
Toolbar-10 - (no file)
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2487367 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2789642 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2804576 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2835393 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2840628 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2840628v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{2FAA2415-618E-4EC0-8253-3CDA076C84D6} - c:\users\power\AppData\Local\{48C6842D-F02B-4949-92E1-B3FEE51A0811}\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"=hex:51,66,7a,6c,4c,1d,38,12,e6,58,38,
83,87,d3,7e,06,c2,c6,ef,58,90,09,a1,e1
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=hex:51,66,7a,6c,4c,1d,38,12,a2,ea,69,
93,b1,e1,86,00,e1,15,a1,39,87,48,a6,c1
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{58124A0B-DC32-4180-9BFF-E0E21AE34026}"=hex:51,66,7a,6c,4c,1d,38,12,65,49,01,
5c,00,92,ee,04,e4,e9,a3,a2,1f,bd,04,32
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,dd,94,
76,82,e9,7c,3d,9d,e9,17,af,ad,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7a,81,9f,9a,22,94,cc,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-13 08:26:07
ComboFix-quarantined-files.txt 2013-09-13 06:26
.
Vor Suchlauf: 23 Verzeichnis(se), 59.716.726.784 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 59.624.091.648 Bytes frei
.
- - End Of File - - 2BC804A5ABFE0A0DD49124B56A9F2460
A36C5E4F47E84449FF07ED3517B43A31 Danke :) |