Oxytocin | 24.04.2015 17:14 | sooo Code:
ComboFix 15-04-19.01 - Chrisz 24.04.2015 17:48:06.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.8188.5833 [GMT 2:00]
ausgeführt von:: c:\users\Chrisz\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chrisz\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Chrisz\AppData\Roaming\AcroIEHelpe.txt
c:\users\Chrisz\AppData\Roaming\srvblck2.tmp
c:\windows\wininit.ini
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-24 bis 2015-04-24 ))))))))))))))))))))))))))))))
.
.
2015-04-24 10:10 . 2015-04-24 10:12 -------- d-----w- C:\FRST
2015-04-24 09:14 . 2015-04-24 15:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-04-24 07:25 . 2015-04-24 08:01 -------- d-----w- C:\AdwCleaner
2015-04-24 05:38 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{730848F8-C682-4799-845E-99C40AB446C0}\mpengine.dll
2015-04-22 19:33 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-22 17:52 . 2015-04-22 17:52 -------- d-----w- c:\users\Chrisz\AppData\Roaming\java
2015-04-22 17:52 . 2015-04-22 17:55 -------- d-----w- c:\users\Chrisz\AppData\Roaming\.minecraft
2015-04-22 08:49 . 2015-04-22 08:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-22 08:49 . 2015-04-22 08:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-22 08:48 . 2015-04-22 08:49 -------- d-----w- c:\programdata\Oracle
2015-04-22 08:48 . 2015-04-22 08:48 -------- d-----w- c:\program files (x86)\Java
2015-04-22 08:29 . 2015-04-23 14:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-04-22 07:31 . 2015-04-22 07:31 -------- d-----w- c:\users\Chrisz\AppData\Roaming\Steganos Updates
2015-04-20 10:08 . 2015-04-24 05:44 -------- d-----w- c:\users\Chrisz\AppData\Local\Spotify
2015-04-20 10:07 . 2015-04-24 13:23 -------- d-----w- c:\users\Chrisz\AppData\Roaming\Spotify
2015-04-15 10:46 . 2015-03-05 02:25 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-04-15 10:46 . 2015-03-05 01:58 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-04-15 10:45 . 2015-03-13 01:44 4691384 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-15 10:45 . 2015-03-13 01:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-04-15 10:45 . 2015-03-13 01:30 301568 ----a-w- c:\windows\system32\wow64win.dll
2015-04-15 10:45 . 2015-03-13 01:30 234496 ----a-w- c:\windows\system32\wow64.dll
2015-04-15 10:45 . 2015-03-13 01:30 17408 ----a-w- c:\windows\system32\wow64cpu.dll
2015-04-15 10:45 . 2015-03-13 01:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-04-15 10:45 . 2015-03-13 00:08 26112 ----a-w- c:\windows\SysWow64\setup16.exe
2015-04-15 10:45 . 2015-03-13 00:08 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-04-15 10:45 . 2015-03-13 00:08 2560 ----a-w- c:\windows\SysWow64\user.exe
2015-04-15 10:45 . 2015-03-14 02:22 1585248 ----a-w- c:\windows\system32\ntdll.dll
2015-04-15 10:45 . 2015-03-14 02:22 1168080 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-04-15 10:34 . 2015-03-05 02:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-15 10:34 . 2015-03-05 02:14 360384 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 10:34 . 2015-03-05 01:58 77824 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 10:33 . 2015-03-09 00:40 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-04-15 10:33 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-04-12 22:33 . 2015-02-20 02:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-04-12 22:33 . 2015-02-20 01:44 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-04-12 22:33 . 2015-02-20 00:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-04-12 22:33 . 2015-02-20 00:28 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-04-12 22:32 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-04-12 22:32 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-04-12 22:27 . 2015-01-29 01:35 975360 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-04-12 22:27 . 2015-01-29 01:33 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-04-12 22:26 . 2014-12-19 00:26 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-04-12 22:26 . 2015-01-21 02:02 807936 ----a-w- c:\windows\SysWow64\msctf.dll
2015-04-12 22:26 . 2015-01-21 01:42 1040896 ----a-w- c:\windows\system32\msctf.dll
2015-04-12 22:21 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-04-12 22:21 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-04-12 22:21 . 2015-02-26 00:31 2792960 ----a-w- c:\windows\system32\win32k.sys
2015-04-12 22:15 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-04-12 22:15 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-04-12 22:15 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-04-12 22:15 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-04-12 22:15 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2015-04-12 22:15 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-04-12 22:14 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-04-12 22:14 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2015-04-12 22:13 . 2015-02-18 01:42 12899840 ----a-w- c:\windows\system32\shell32.dll
2015-04-12 22:02 . 2014-10-10 01:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-12 22:02 . 2014-10-10 01:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-04-12 22:02 . 2014-10-09 23:53 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-04-12 22:02 . 2014-10-09 23:22 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-04-12 22:02 . 2014-10-10 01:10 548352 ----a-w- c:\windows\system32\termsrv.dll
2015-04-12 22:01 . 2014-10-18 00:46 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-04-12 22:01 . 2014-10-18 01:08 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-04-12 22:00 . 2014-10-03 01:17 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-04-12 22:00 . 2014-10-03 01:18 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-04-12 22:00 . 2014-10-03 01:17 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-04-12 22:00 . 2014-10-03 01:03 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-04-12 22:00 . 2014-10-03 01:02 201728 ----a-w- c:\windows\system32\EncDump.dll
2015-04-12 22:00 . 2014-10-03 01:01 474624 ----a-w- c:\windows\system32\AudioEng.dll
2015-04-12 22:00 . 2014-10-03 01:01 446976 ----a-w- c:\windows\system32\audiosrv.dll
2015-04-12 22:00 . 2014-10-02 23:49 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2015-04-12 21:52 . 2015-01-29 01:33 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2015-04-12 21:52 . 2015-01-29 01:35 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-04-12 21:51 . 2014-12-06 03:14 48640 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-04-12 21:51 . 2014-12-06 03:14 93184 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-04-12 21:51 . 2014-12-06 02:54 61440 ----a-w- c:\windows\system32\nlaapi.dll
2015-04-12 21:51 . 2014-12-06 02:54 205824 ----a-w- c:\windows\system32\nlasvc.dll
2015-04-12 21:51 . 2014-12-06 02:54 178688 ----a-w- c:\windows\system32\profsvc.dll
2015-04-12 21:51 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2015-04-12 21:51 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2015-04-12 21:51 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-04-12 21:51 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-04-12 21:51 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-04-12 21:50 . 2015-01-09 01:41 85504 ----a-w- c:\windows\system32\csrsrv.dll
2015-04-12 21:50 . 2015-01-09 00:29 75264 ----a-w- c:\windows\system32\smss.exe
2015-04-12 21:48 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-04-12 21:47 . 2015-03-06 04:01 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-12 21:47 . 2015-03-06 03:35 347136 ----a-w- c:\windows\system32\schannel.dll
2015-04-12 21:47 . 2014-10-10 01:09 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-12 21:47 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-10 16:24 . 2015-04-10 16:24 -------- d-----w- c:\users\Chrisz\AppData\Local\Apple Computer
2015-04-10 16:23 . 2015-04-12 21:32 -------- d-----w- c:\users\Chrisz\AppData\Roaming\Apple Computer
2015-04-10 16:23 . 2015-04-10 16:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2015-04-10 16:23 . 2015-04-10 16:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2015-04-10 16:23 . 2015-04-10 16:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2015-04-10 16:23 . 2015-04-10 16:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2015-04-10 16:23 . 2015-04-10 16:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2015-04-10 16:22 . 2015-04-10 16:22 -------- d-----w- c:\program files (x86)\QuickTime
2015-04-10 16:22 . 2015-04-10 16:22 -------- d-----w- c:\programdata\Apple Computer
2015-04-10 16:20 . 2015-04-10 16:20 -------- d-----w- c:\users\Chrisz\AppData\Local\Apple
2015-04-10 16:17 . 2015-04-10 16:32 -------- d-----w- c:\users\Chrisz\AppData\Roaming\InfraRecorder
2015-04-10 16:15 . 2015-04-10 16:15 -------- d-----w- c:\program files\InfraRecorder
2015-04-10 13:37 . 2015-04-10 13:37 -------- d-----w- c:\program files (x86)\Free Codec Pack
2015-04-10 13:36 . 2015-04-24 15:59 -------- d-----w- c:\users\Chrisz\AppData\Roaming\Steganos VPN
2015-04-10 13:36 . 2015-04-14 10:10 -------- d-----w- c:\users\Chrisz\AppData\Roaming\Steganos
2015-04-10 13:36 . 2015-04-10 13:36 -------- d-----w- c:\program files (x86)\OkayFreedom
2015-04-10 13:36 . 2015-04-10 13:36 -------- d-----w- c:\program files (x86)\Common Files\Steganos
2015-04-10 13:35 . 2015-04-10 13:35 -------- d-----w- c:\users\Chrisz\AppData\Local\784ED66F_stp
2015-04-10 13:35 . 2015-04-10 13:36 -------- d-----w- c:\users\Chrisz\AppData\Local\5D515C96_stp
2015-04-10 12:19 . 2015-04-10 12:19 -------- d-----w- c:\users\Chrisz\AppData\Roaming\Avira
2015-04-10 12:13 . 2015-03-17 11:01 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-04-10 12:13 . 2015-03-17 11:01 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-04-10 12:13 . 2015-03-17 11:01 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-04-10 12:10 . 2015-04-10 12:13 -------- d-----w- c:\programdata\Avira
2015-04-10 12:10 . 2015-04-10 12:13 -------- d-----w- c:\program files (x86)\Avira
2015-04-10 12:10 . 2015-04-10 12:10 -------- d-----w- c:\programdata\Package Cache
2015-04-10 12:08 . 2015-04-10 12:08 -------- d-----w- c:\users\Chrisz\AppData\Roaming\dlg
2015-04-10 12:06 . 2015-04-10 12:06 -------- d-----w- c:\programdata\62d94c5d8454453aa99260d2139bc31b
2015-04-10 12:05 . 2015-04-10 15:09 -------- d-----w- c:\programdata\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f
2015-04-10 12:05 . 2015-04-24 15:58 -------- d-----w- c:\users\Chrisz\AppData\Local\CopyEditor
2015-04-10 11:20 . 2015-04-10 11:19 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B03838E-0E9D-4A8F-B98A-845CB6B9C42B}\gapaengine.dll
2015-04-10 10:55 . 2015-04-10 10:55 -------- d-----w- C:\OEMSettings
2015-04-10 10:54 . 2009-10-14 13:08 418816 ----a-w- c:\windows\system32\drivers\wg111v3.sys
2015-04-10 10:54 . 2015-04-10 10:54 -------- d-----w- c:\program files (x86)\NETGEAR
2015-04-10 10:51 . 2015-04-10 10:51 -------- d-----w- c:\windows\Downloaded Installations
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-22 08:34 . 2012-08-23 11:43 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-22 08:34 . 2011-10-24 07:52 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 10:34 . 2006-11-02 12:35 128913832 ----a-w- c:\windows\system32\mrt.exe
2015-03-13 01:44 . 2015-04-15 10:45 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-03-13 01:43 . 2015-04-15 10:45 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-03 13:17 . 2011-10-23 20:38 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"OKAYFREEDOM_Agent"="c:\program files (x86)\OkayFreedom\OkayFreedomClient.exe" [2015-02-18 6553000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-04-10 726320]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 335232]
.
c:\users\Chrisz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3867QGPP05RN;CONNECTION=NW;MONITOR=1; [2006-11-2 46592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\users\Chrisz\AppData\Local\CopyEditor\vvmcoayx\bknwccx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\users\Chrisz\AppData\Local\CopyEditor\vvmcoayx\yggqqgwb.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuPVkrKWUd3OzYyZUu6SF-P2Kj76wEwRag-wbqKMokW6XY2kr7h_PqLwfHKvSMBvr9gDzKu1CDExyiuzRdPug00ANy_bDqxoFixjWtuRhYGI0bvWcqU_j7FrAC3oia3CgGP6GPu4gNsRxg,,
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuPVkrKWUd3OzYyZUu6SF-P2Kj76wEwRag-wbqKMokW6XY2kr7h_PqLwfHKvSMBvr9RHzjJXSkC2raIDgynSQ1pJ9thffv7mpvI8BLrSdCvBEZp7MvjI_yNN1BAJYkexCUnE6XayQe68WA,,&q={searchTerms}
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Chrisz\AppData\Roaming\Mozilla\Firefox\Profiles\241m5cxe.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuPVkrKWUd3OzYyZUu6SF-P2Kj76wEwRag-wbqKMokW6XY2kr7h_PqLwfHKvSMBvr9gDzKu1CDExyiuzRdPug00ANy_bDqxoFixjWtuRhYGI0bvWcqU_j7FrAC3oia3CgGP6GPu4gNsRxg,,
FF - prefs.js: keyword.URL - hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuPVkrKWUd3OzYyZUu6SF-P2Kj76wEwRag-wbqKMokW6XY2kr7h_PqLwfHKvSMBvr9RHzjJXSkC2raIDgynSQ1pJ9thffv7mpvI8BLrSdCvBEZp7MvjI_yNN1BAJYkexCUnE6XayQe68WA,,&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-smrt - c:\program files (x86)\ProductUI\Startup.exe
AddRemove-SecurityUtility Service - c:\programdata\SecurityUtility\SoftConfigTest.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2073220060-3931782743-526888967-1000\Software\SecuROM\License information*]
"datasecu"=hex:1a,c9,dc,f8,37,59,5a,3d,e7,f4,db,9a,04,98,c1,47,c7,35,18,bc,18,
c8,17,74,e6,4c,62,f9,aa,21,d3,9c,a4,7b,2c,3a,14,01,f5,86,5d,85,04,45,03,a2,\
"rkeysecu"=hex:95,21,68,80,5f,7d,60,b1,c5,a5,1f,10,0f,cd,d7,9b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\users\Chrisz\AppData\Local\CopyEditor\CopyEditor.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\users\Chrisz\AppData\Local\CopyEditor\CopyEditor_run.exe
c:\program files (x86)\OkayFreedom\OkayFreedomService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Tor\tor.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-24 18:05:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-04-24 16:05
.
Vor Suchlauf: 12 Verzeichnis(se), 16.906.924.032 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 16.954.363.904 Bytes frei
.
- - End Of File - - A0C1AD381A5B66C46F7594D518753D42
5C616939100B85E558DA92B899A0FC36 |