jucon100 | 05.01.2014 01:08 | Meinst du dass jeder es sehen konnte wegen der FRST.txt was ich gepostet hatte oder meinst du den Virusbetreiber ? LG
da steht das avira desktop im hintergrund läuft aber ich finde es nicht auch nicht bei prozesse. Hast du eine idee wie ich es deaktivieren kann ? Code:
ComboFix 14-01-04.03 - Pc 04.01.2014 15:48:06.2.3 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.49.1031.18.4095.2744 [GMT 1:00]
ausgeführt von:: c:\users\Pc\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL3883.tmp
c:\programdata\SPL8D84.tmp
c:\programdata\SPLE19.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-04 bis 2014-01-04 ))))))))))))))))))))))))))))))
.
.
2014-01-04 14:55 . 2014-01-04 14:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-04 14:55 . 2014-01-04 14:55 -------- d-----w- c:\users\SYSTEM\AppData\Local\temp
2014-01-04 14:55 . 2014-01-04 14:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-04 14:55 . 2014-01-04 14:55 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-01-04 14:55 . 2014-01-04 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 14:37 . 2013-12-17 21:11 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2014-01-03 13:25 . 2014-01-03 13:25 -------- d-----w- C:\FRST
2014-01-03 12:19 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63ADF64A-94D7-4111-9DB2-81924F95EAC3}\mpengine.dll
2014-01-03 12:15 . 2014-01-03 12:15 -------- d-----w- c:\users\Pc\AppData\Local\Avg2014
2014-01-02 19:28 . 2014-01-02 19:28 -------- d-----w- C:\AVGTemp
2014-01-02 19:24 . 2014-01-02 19:24 -------- d-----w- c:\program files (x86)\AVG
2014-01-02 19:18 . 2014-01-02 19:33 -------- d-----w- c:\programdata\MFAData
2014-01-02 19:18 . 2014-01-02 19:18 -------- d--h--w- c:\programdata\Common Files
2014-01-02 19:18 . 2014-01-02 19:18 -------- d-----w- c:\users\Pc\AppData\Local\MFAData
2014-01-02 18:07 . 2014-01-02 18:07 82744 ----a-w- c:\windows\system32\drivers\aswstm.sys.1388686108
2014-01-02 18:07 . 2014-01-02 18:07 -------- d-----w- c:\program files\AVAST Software
2014-01-02 14:57 . 2014-01-02 14:56 82744 ----a-w- c:\windows\system32\drivers\aswstm.sys.1388674647
2013-12-31 14:47 . 2013-12-31 14:50 -------- d-----w- c:\users\Pc\AppData\Local\WinZip
2013-12-31 14:46 . 2013-12-31 16:10 -------- d-----w- c:\program files\WinZip
2013-12-31 13:42 . 2014-01-03 12:14 -------- d-----w- c:\programdata\AVAST Software
2013-12-25 13:25 . 2013-12-31 16:00 -------- d-----w- c:\users\Pc\AppData\Local\CrashDumps
2013-12-20 15:26 . 2013-12-20 15:26 -------- d-----w- c:\users\Pc\AppData\Roaming\Unity
2013-12-15 20:33 . 2013-12-15 20:33 -------- d-----w- c:\users\Pc\AppData\Local\TechSmith
2013-12-15 19:43 . 2013-12-15 19:43 -------- d-----w- c:\users\Pc\AppData\Roaming\TechSmith
2013-12-15 19:41 . 2013-12-15 19:41 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2013-12-15 19:41 . 2013-12-15 19:41 -------- d-----w- c:\program files (x86)\QuickTime
2013-12-15 19:41 . 2013-12-15 19:41 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2013-12-15 19:40 . 2013-12-15 19:40 -------- d-----w- c:\programdata\TechSmith
2013-12-15 19:40 . 2013-12-15 19:40 -------- d-----w- c:\program files (x86)\TechSmith
2013-12-14 18:05 . 2013-12-14 18:05 -------- d-----w- c:\users\Pc\AppData\Roaming\MedicView40
2013-12-14 02:08 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-10 23:23 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-10 23:23 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-10 23:23 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-10 23:23 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-10 23:23 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-10 21:54 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-10 21:54 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-10 21:54 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-10 21:54 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-10 21:54 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-10 21:54 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-10 21:54 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-10 21:54 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-10 21:54 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-10 21:54 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-10 21:54 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-10 21:54 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-10 21:53 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-10 21:53 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-10 21:53 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-10 21:53 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-10 21:53 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-10 21:53 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-10 21:53 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 01:51 . 2012-01-14 21:01 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-10 21:42 . 2012-09-28 19:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:42 . 2012-09-28 19:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-24 17:48 . 2013-11-24 17:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-19 02:33 . 2012-01-14 20:31 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 02:30 . 2013-11-16 11:20 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-16 11:20 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-16 11:20 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-16 11:20 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-16 11:20 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
"Spotify Web Helper"="c:\users\Pc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-08 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2013-08-20 287792]
.
c:\users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Dropbox.lnk - c:\users\Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2012-10-30 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys;c:\windows\SYSNATIVE\DRIVERS\TrufosAlt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys;c:\windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe;c:\windows\SYSNATIVE\lxdvcoms.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 13:23 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 21:42]
.
2013-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3312188306-173452417-1941003285-1000Core.job
- c:\users\Pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 21:39]
.
2013-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3312188306-173452417-1941003285-1000UA.job
- c:\users\Pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-09 21:39]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 18:32]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 18:32]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3312188306-173452417-1941003285-1000Core.job
- c:\users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 17:43]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3312188306-173452417-1941003285-1000UA.job
- c:\users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Pc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="c:\program files (x86)\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"EzPrint"="c:\program files (x86)\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll" [2006-11-21 31744]
"lxdvmon.exe"="c:\program files (x86)\Lexmark X5400 Series\lxdvmon.exe" [2009-07-07 455336]
"lxdvamon"="c:\program files (x86)\Lexmark X5400 Series\lxdvamon.exe" [2009-07-07 25256]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=111788&tt=060612_5_&babsrc=HP_ss&mntrId=5cf305fe000000000000001fc68e86e5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
IE: Free YouTube Download - c:\users\Pc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Pc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\a748zyk8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-12-11 23:36; afproxy@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5cf305fe00000000000000ffa95f4760
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15888
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.520:05
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121562&tsp=4931
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 5cf305fe00000000000000ffa95f4760
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15932
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.817:19
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - baseyh
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - de
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\Facebook Messenger.lnk - c:\users\Pc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Steam App 47790 - c:\program files (x86)\cracked steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-04 16:02:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-01-04 15:02
ComboFix2.txt 2012-01-25 23:08
.
Vor Suchlauf: 3.427.110.912 Bytes frei
Nach Suchlauf: 5.904.625.664 Bytes frei
.
- - End Of File - - 8D59630AF2B1DA40AFE7716033D9F765
A36C5E4F47E84449FF07ED3517B43A31 habe es durchgeführt hoffe es ging auch so denn ich habe avira nirgends gefunden. LG |