Kemptner | 01.03.2014 12:17 | Code:
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110311851132}]
2013-11-16 12:18 966504 ----a-w- c:\program files (x86)\Feven 1.5\Feven 1.5-bho64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DA0B632-7C99-8C1D-DCBF-BD0F1E2B1319}]
2014-02-21 00:42 473600 ----a-w- c:\programdata\TableeViEwwEer\n.x64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E6482C2-E829-088B-C304-78700836145C}]
2014-01-29 09:06 476672 ----a-w- c:\programdata\easytoshhop\04H.x64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD6280C5-A9FE-7F27-3BBA-5AED114ECD02}]
2014-01-29 09:06 476672 ----a-w- c:\programdata\savvinugatoyou\xFINLm4SF.x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-20 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-05-25 7138816]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-07 1829768]
"InstantUpdate"="c:\program files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe" [2012-04-06 124520]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=b5ab5f3a-1c58-d154-e65d-34092d08df62&searchtype=hp&installDate=16/11/2013
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1392150242&from=cor&uid=ST9500325AS_5VETE7SWXXXX5VETE7SW&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1392150242&from=cor&uid=ST9500325AS_5VETE7SWXXXX5VETE7SW&q={searchTerms}
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=b5ab5f3a-1c58-d154-e65d-34092d08df62&searchtype=ds&q={searchTerms}&installDate=16/11/2013
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3248080C-DCFD-4C11-B392-810312A86CBE}: NameServer = 139.7.30.125,139.7.30.126
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=b5ab5f3a-1c58-d154-e65d-34092d08df62&searchtype=hp&installDate=16/11/2013
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=b5ab5f3a-1c58-d154-e65d-34092d08df62&searchtype=ds&installDate=16/11/2013&q=
FF - ExtSQL: 2014-01-10 12:27; {94cd2cc3-083f-49ba-a218-4cda4b4829fd}; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
FF - ExtSQL: 2014-01-18 13:45; {8b337819-d1e8-48d3-8178-168ae8c99c36}; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
FF - ExtSQL: 2014-01-21 09:04; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2014-01-21 09:04; ffxtlbr@mysearchdial.com; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\ffxtlbr@mysearchdial.com
FF - ExtSQL: 2014-01-29 03:55; ext@flashenhancer.com; c:\program files (x86)\AmiExt\flashEnhancer\ff
FF - ExtSQL: 2014-01-29 10:44; yoy6_bgg@fzo-pkghags.edu; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\yoy6_bgg@fzo-pkghags.edu
FF - ExtSQL: 2014-01-29 10:44; k13z.er@wl-ym.com; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\k13z.er@wl-ym.com
FF - ExtSQL: 2014-02-14 08:31; ext@MediaPlayerV1alpha4241.net; c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha4241\ff
FF - ExtSQL: 2014-02-15 13:28; 0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com
FF - ExtSQL: 2014-02-21 01:02; {abdfcd24-f4a1-4248-b9c4-4ee53f915331}; c:\program files (x86)\Re-markit\155.xpi
FF - ExtSQL: 2014-02-21 10:47; ofloueowzj@dbbdgiwin.co.uk; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\ofloueowzj@dbbdgiwin.co.uk
FF - ExtSQL: 2014-02-21 10:47; eauyu@ouao-.org; c:\users\ubach\AppData\Roaming\Mozilla\Firefox\Profiles\latyl6j5.default\extensions\eauyu@ouao-.org
FF - ExtSQL: 2014-02-24 10:04; ext@MediaViewerV1alpha1415.net; c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha1415\ff
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyEyBtB0EtCzzyCyDtN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=97825655&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyEyBtB0EtCzzyCyDtN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=97825655&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyEyBtB0EtCzzyCyDtN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=97825655&ir=&q=
FF - user.js: extensions.mysearchdial.id - B888E305472E1865
FF - user.js: extensions.mysearchdial.instlDay - 16091
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.09:4:23
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0101
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 97825655
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyEyBtB0EtCzzyCyDtN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - irmsd0101
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 97825655
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtDyDyEyBtB0EtCzzyCyDtN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0f21b1e5-5afc-43c9-9c66-515046e92ec2} - c:\program files (x86)\SaveSense\SaveSenseIE.dll
BHO-{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - c:\program files (x86)\AmiExt\flashEnhancer\ie\flashEnhancer.dll
BHO-{7547af2a-886e-4dd8-82f9-705a0859f72d} - c:\program files (x86)\SaltarSmart\SaltarSmartBHO.dll
BHO-{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - c:\program files (x86)\DealPly\DealPlyIE.dll
BHO-{d99a4ec9-00bd-4fe4-85a5-4db018351265} - c:\program files (x86)\SaltarSmart\SaltarSmartBHO.dll
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{FA23121F-EE7C-4BD8-8C06-123D087282C5} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-SaveSense - c:\program files (x86)\SaveSense\uninst.exe
AddRemove-{532970A2-464B-73CB-BBC4-F209EAD3EEBE} - c:\programdata\easytoshhop\04H.exe
AddRemove-{A2616871-3463-BCEE-5AFA-73773317A381} - c:\programdata\savvinugatoyou\xFINLm4SF.exe
AddRemove-FLV Player - c:\program files (x86)\FLV Player\Uninstall\__Uninstall_.exe
AddRemove-SaveSense - c:\users\ubach\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
C:\monitor.exe
c:\windows\SysWOW64\Rundll32.exe
c:\program files (x86)\VuuPC\RemoteEngineHelper.exe
c:\program files (x86)\VuuPC\RemoteEngineHelper.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-01 11:44:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-03-01 10:44
.
Vor Suchlauf: 10 Verzeichnis(se), 422.176.256.000 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 421.669.576.704 Bytes frei
.
- - End Of File - - 0E5B7CAE08E002D7F03F9CB0EBEB9D29 [/CODE] |