Sassenach21 | 12.01.2015 15:07 | Liste der Anhänge anzeigen (Anzahl: 1) Hallo,
anbei das Logfile von Combofix.
Als der Rechner neu gestartet wurde von Combo startete automatisch Avira mit der Meldung das der TR Trash.Gen entdeckt wurde. Die Endung war eine tmp. Datei.
Und gerade beim Schreiben poppt es wieder auf, aber diesmal wohl in einer anderen Datei? (siehe Bild). Code:
ComboFix 15-01-08.01 - Sassenach 12.01.2015 14:06:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1918.1222 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Sassenach\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\SASSEN~1\LOKALE~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\dokumente und einstellungen\Sassenach\Lokale Einstellungen\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\programme\Messenger\rtcimsp.dll
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\system32\AdobePDF.dll
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\twain.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-12 bis 2015-01-12 ))))))))))))))))))))))))))))))
.
.
2015-01-10 16:00 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2015-01-10 16:00 . 2015-01-10 16:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2015-01-10 16:00 . 2015-01-10 16:00 -------- d-----w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Spyware Terminator
2015-01-10 15:59 . 2015-01-10 16:00 -------- d-----w- c:\programme\Spyware Terminator
2014-12-30 17:24 . 2014-12-30 17:24 -------- d-----w- C:\VTRoot
2014-12-30 17:24 . 2015-01-12 12:14 113388 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-12-29 11:14 . 2014-12-29 11:14 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2014-12-29 11:13 . 2014-12-29 11:13 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-29 00:56 . 2014-12-29 00:56 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-12-29 00:55 . 2015-01-12 13:36 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2014-12-29 00:49 . 2014-12-29 00:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Shared Space
2014-12-29 00:48 . 2014-12-29 00:48 -------- d-----w- c:\programme\COMODO
2014-12-29 00:46 . 2014-12-29 00:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo Downloader
2014-12-29 00:43 . 2014-12-29 00:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo
2014-12-29 00:34 . 2014-02-26 23:28 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-12-29 00:34 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe
2014-12-28 23:59 . 2014-12-29 00:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HitmanPro
2014-12-28 22:23 . 2014-12-28 22:23 -------- d-----w- c:\windows\ERUNT
2014-12-28 14:48 . 2015-01-10 15:06 -------- d-----w- C:\AdwCleaner
2014-12-27 22:13 . 2014-12-27 22:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-27 22:13 . 2014-12-27 22:15 -------- d-----w- c:\programme\iTunes
2014-12-27 19:55 . 2014-12-27 20:14 -------- d-----w- c:\programme\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 21:47 . 2014-06-12 20:40 62465672 ----a-w- C:\Dokumente
2014-12-29 11:12 . 2010-09-17 20:07 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-12-17 19:20 . 2012-03-29 10:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-17 19:20 . 2011-05-18 20:37 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 00:20 . 2014-11-13 09:53 29912 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-12-09 00:20 . 2014-11-13 09:53 105560 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-12-09 00:20 . 2014-11-13 09:53 619992 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-12-09 00:20 . 2014-11-13 09:53 15576 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-12-09 00:20 . 2014-11-13 09:52 33520 ----a-w- c:\windows\system32\cmdcsr.dll
2014-12-09 00:20 . 2014-11-13 09:52 352272 ----a-w- c:\windows\system32\guard32.dll
2014-12-09 00:20 . 2014-11-13 09:52 286424 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-12-09 00:20 . 2014-11-13 09:52 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-10-18 19:32 . 2013-05-01 21:13 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-18 19:32 . 2013-05-01 21:13 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-04 19:49 . 2013-12-04 19:49 0 ----a-w- c:\programme\GUM6F.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-04-04 08:21 540672 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-04-04 08:21 540672 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-04-04 08:21 540672 ----a-w- c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\dokumente und einstellungen\Sassenach\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" [2014-10-29 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"MagicKeyboard"="c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-17 151552]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2014-12-17 702768]
"AdobeAAMUpdater-1.0"="c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SwitchBoard"="c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Avira Systray"="c:\programme\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"COMODO Internet Security"="c:\programme\COMODO\COMODO Internet Security\cistray.exe" [2014-12-30 1243352]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2014-12-29 271744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVStation Premium 3.75]
2006-12-15 17:16 159744 ----a-w- c:\programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BatteryManager]
2006-04-25 13:05 2764800 ----a-w- c:\programme\Samsung\Samsung Battery Manager\BatteryManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayManager]
2006-05-03 18:22 413696 ----a-w- c:\programme\Samsung\DisplayManager\DisplayManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-05-20 02:37 450560 ----a-w- c:\programme\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMHotKey]
2005-11-23 10:18 356352 ----a-w- c:\programme\Samsung\DisplayManager\DMLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EDS]
2006-03-28 12:27 634880 ----a-w- c:\programme\Samsung\Samsung EDS\EDSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 16:11 565008 ----a-w- c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 16:15 2407184 ----a-w- c:\programme\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2012-12-29 09:28 2587136 ----a-w- c:\programme\Rainlendar2\Rainlendar2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
2015-01-10 15:59 2777736 ----a-w- c:\programme\Spyware Terminator\SpywareTerminatorShield.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
2015-01-10 15:59 3684488 ----a-w- c:\programme\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Dokumente und Einstellungen\\Sassenach\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Dokumente und Einstellungen\\Sassenach\\Lokale Einstellungen\\Anwendungsdaten\\Akamai\\netsession_win.exe"=
"c:\\Programme\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programme\\DVDVideoSoft\\Free Torrent Download\\FreeTorrentDownload.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Programme\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.06.2010 23:34 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [01.05.2013 22:13 37352]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [13.11.2014 10:53 15576]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [13.11.2014 10:53 619992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [13.11.2014 10:53 29912]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [10.01.2015 17:00 32768]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [01.05.2013 22:13 431920]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\programme\Avira\My Avira\Avira.OE.ServiceHost.exe [20.11.2014 14:13 166192]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [17.02.2010 08:57 4300]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [17.02.2010 09:04 5088]
R2 SNM WLAN Service;SNM WLAN Service;c:\programme\Samsung\Samsung Network Manager\SNMWLANService.exe [28.05.2005 08:35 36864]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programme\Spyware Terminator\st_rsser.exe [10.01.2015 16:59 587912]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [29.03.2006 12:59 27648]
S3 cmdvirth;COMODO Virtual Service Manager;c:\programme\COMODO\COMODO Internet Security\cmdvirth.exe [13.11.2014 10:52 1664216]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [02.03.2010 09:12 22136]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [29.12.2014 01:56 35992]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [17.02.2010 09:06 19840]
S3 SwitchBoard;SwitchBoard;c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 12:37 517096]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-15 20:36 1087816 ----a-w- c:\programme\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:22]
.
2014-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 11:34]
.
2015-01-12 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\programme\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13 17:06]
.
2015-01-12 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\programme\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13 17:06]
.
2015-01-12 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\programme\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13 17:06]
.
2015-01-12 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\programme\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13 17:06]
.
2015-01-12 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
- c:\windows\system32\xp_eos.exe [2014-12-29 23:28]
.
2014-12-30 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2014-12-29 23:28]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-17 13:24]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-17 13:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://alice.aol.de
uInternet Connection Wizard,ShellNext = "c:\programme\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = <local>
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Mozilla\Firefox\Profiles\n5bch56w.default-1357944264531\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-farstone - (no file)
MSConfigStartUp-ICQ - c:\programme\ICQ7.0\ICQ.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-12 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\.DEFAULT\Software\Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{029209E8-38B5-482B-BCDD-FC9B276FE352}]
@DACL=(02 0000)
@="MBControls.FormEx"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{0454F501-2BAE-4570-9F6E-440A28049AC2}]
@DACL=(02 0000)
@="MBControls.ZLIB"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{0CD20A4B-7CB5-45C1-B957-748A155E753E}]
@DACL=(02 0000)
@="MBControls.ListViewEx"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{11344345-5091-4C52-9841-D13086E0EEC2}]
@DACL=(02 0000)
@="MBControls.FileDialog"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{1B05BF56-E227-49CE-B2C9-5C1C9F40E460}]
@DACL=(02 0000)
@="MBControls.StarField"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{23FB70B3-7A4F-457D-BE2F-AB583E76D8E7}]
@DACL=(02 0000)
@="MBControls.Command"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{25F841D3-408D-45F5-B3EA-4972A18B7737}]
@DACL=(02 0000)
@="MBControls.StringBuilder"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}]
@DACL=(02 0000)
@="MediencenterContextMenu Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{2822DCFC-717E-4F88-9BE6-FA946CCB4017}]
@DACL=(02 0000)
@="MBControls.MemDC"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}]
@DACL=(02 0000)
@="InstallShield Update Service Agent"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{302276CC-737D-4D15-9A5C-EC2031D673EB}]
@DACL=(02 0000)
@="MBControls.PropertyButtons"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
@DACL=(02 0000)
@="Akamai NetSession Interface"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{327DA9A8-4E9E-4E14-AC1B-C159A6B2865B}]
@DACL=(02 0000)
@="MBControls.PanelBar"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}]
@DACL=(02 0000)
@="Microsoft Rich Textbox Control 6.0 (SP6)"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{515A9E01-5D33-4C70-8E43-62DD3FE06B35}]
@DACL=(02 0000)
@="MBControls.CheckBox"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
@DACL=(02 0000)
@="IconOverlayHandlerToSync Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{531DFEAC-826E-4C3D-BF76-425A5AF61A0E}]
@DACL=(02 0000)
@="MBControls.FolderBrowserDialog"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}]
@DACL=(02 0000)
@="InstallShield Update Service Agent"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{5E801020-E0CA-4708-9E07-A256A8FFBD2A}]
@DACL=(02 0000)
@="MBControls.MessageBox"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
@DACL=(02 0000)
@="IconOverlayHandlerFailed Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{60774992-7CCF-437E-B32D-7E5DC00EFFB8}]
@DACL=(02 0000)
@="MBControls.PerformanceTimer"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{61975864-C48D-464E-8AC0-12D8DE16C813}]
@DACL=(02 0000)
@="MBControls.System"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}]
@DACL=(02 0000)
@="ProgressCalculator Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}]
@DACL=(02 0000)
@="DownloadError Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{659CE3EB-9F99-422E-9255-61CAC57B3510}]
@DACL=(02 0000)
@="MBControls.LevelBar"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{65C2E291-BF83-4D62-9D65-07AB051AE358}]
@DACL=(02 0000)
@="MBControls.cOS"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{6D89B10C-1802-430F-A3D3-FD2C621AFC26}]
@DACL=(02 0000)
@="MBControls.OptionButton"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{714A66CE-B7B3-4029-B345-56B2B4823079}]
@DACL=(02 0000)
@="MBControls.UpDown"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{71A43C79-BC43-419F-A304-061AA2E74846}]
@DACL=(02 0000)
@="MBControls.HScrollBar"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
@DACL=(02 0000)
@="IconOverlayHandlerInSync Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{79D12C76-06D9-431F-9A5A-82B93EA5083C}]
@DACL=(02 0000)
@="MBControls.ListViewHelper"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{8380194E-073A-40D0-970F-A01988D27B5C}]
@DACL=(02 0000)
@="MBControls.VScrollBar"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}]
@DACL=(02 0000)
@="InstallShield Update Service Setup Player"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Plug-in 10.71.2"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}]
@DACL=(02 0000)
@="File Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}]
@DACL=(02 0000)
@="DMFiles Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}]
@DACL=(02 0000)
@="Job Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{9EEE7A5F-5312-449D-A94B-F9D0BB5C814C}]
@DACL=(02 0000)
@="MBControls.cCPU"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{9F659E80-34A5-40FD-9806-3115FF07CA5A}]
@DACL=(02 0000)
@="MBControls.PrintDialog"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{9F8B217D-3EF8-44FC-9079-5581D0943725}]
@DACL=(02 0000)
@="MBControls.Panel"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{A08EDBE0-D6C1-4F98-95EE-F9DABE2F57B9}]
@DACL=(02 0000)
@="MBControls.MouseCursor"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{AAFFEBCF-CEAE-44D1-87BC-21DD59AB2951}]
@DACL=(02 0000)
@="MBControls.ProgressBar"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}]
@DACL=(02 0000)
@="Jobs Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{B452070B-D0CF-4C30-9E0C-FD86A154746F}]
@DACL=(02 0000)
@="MBControls.Registry"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{B956DB4C-E9D5-4BA6-98F2-B569F5E89EA2}]
@DACL=(02 0000)
@="MBControls.FileInfo"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{BDFBC8FB-4E9D-4118-8B82-0F3E21B47751}]
@DACL=(02 0000)
@="MBControls.Pie"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{C266DD0E-ABF0-4D2D-BC80-442941767642}]
@DACL=(02 0000)
@="MBControls.SplitContainer"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_71"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_71"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_71"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 10.71.2"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{CF03108C-3EC6-4DA8-8A89-9414431EC87E}]
@DACL=(02 0000)
@="MBControls.ViewPort"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{D6583D24-BAD0-4F9D-9C48-7CEE73E2CEFC}]
@DACL=(02 0000)
@="MBControls.WizardBar"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{DA68042E-486F-4BA7-ADDB-891126B8BD31}]
@DACL=(02 0000)
@="MBControls.GroupBox"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{DC62AB5B-4A63-4AF0-A623-2CB24B400BE2}]
@DACL=(02 0000)
@="MBControls.EnumBag"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}]
@DACL=(02 0000)
@=dword:00000001
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}]
@DACL=(02 0000)
@=dword:00000001
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}]
@DACL=(02 0000)
@="DownloadManager Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}]
@DACL=(02 0000)
@="Dropbox WIA Data Callback"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}]
@DACL=(02 0000)
@="InstallShield Update Service Agent"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}]
@DACL=(02 0000)
@="Downloader Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{EA2D8528-69B0-4194-885F-FA98185763D7}]
@DACL=(02 0000)
@="MBControls.ListItemHelper"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{EA2DD391-0F60-42F7-9AA8-9576C907E6E3}]
@DACL=(02 0000)
@="MBControls.NotifyIcon"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{EA3398E8-18DB-4369-870F-73414EE55D79}]
@DACL=(02 0000)
@="MBControls.TabBar"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{EDE36E93-52E9-48AE-97AE-EEF558558F1F}]
@DACL=(02 0000)
@="MBControls.LinkLabel"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{EF2D9BFD-E3B2-455F-A917-BA5826CEFD50}]
@DACL=(02 0000)
@="MBControls.WizardButtons"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}]
@DACL=(02 0000)
@="DWUpdateService"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{F2699F06-4BD8-46D5-AB11-D5626BA04574}]
@DACL=(02 0000)
@="MBControls.RibbonButton"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{F3A9BCA1-7EE6-4E6C-B8DF-53D389F58457}]
@DACL=(02 0000)
@="MBControls.HTMLHelp"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{F7DE72AB-464D-4ACF-94E1-56BBDEF284B6}]
@DACL=(02 0000)
@="MBControls.ColorPicker"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FBF36969-88B5-4F2C-991E-DCB0BF28E5C0}]
@DACL=(02 0000)
@="MBControls.MenuEx"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}]
@DACL=(02 0000)
@=dword:00000001
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}]
@DACL=(02 0000)
@=dword:00000001
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\USER\S-1-5-21-1229272821-562591055-725345543-1005_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}]
@DACL=(02 0000)
@="DWUpdateService"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(8132)
c:\windows\system32\guard32.dll
c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Dropbox\bin\DropboxExt.24.dll
c:\dokumente und einstellungen\Sassenach\Anwendungsdaten\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
.
- - - - - - - > 'csrss.exe'(1012)
c:\windows\system32\cmdcsr.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\COMODO\COMODO Internet Security\cmdagent.exe
c:\programme\Cisco Systems\SSL VPN Client\agent.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\programme\SAMSUNG\MagicKBD\MagicKBD.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\COMODO\COMODO Internet Security\cavwp.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-12 14:58:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-01-12 13:58
.
Vor Suchlauf: 6.908.657.664 Bytes frei
Nach Suchlauf: 7.903.514.624 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6C83C36E2DD61296F50AF7432B7A175C
72B8CE41AF0DE751C946802B3ED844B4 |