| birgitz1968 | 24.05.2011 18:13 |
Gar nicht so einfach für einen Laien.
Über den Link von Bleeping Computer funktionierte es nicht, es wurde sogar mein Internet lahm gelegt und ich mußte den PC neu starten.
Dann habe ich über Forospyware das Programm geladen, wurde aber nicht nach einem Speicherort gefragt, so dass ich nicht weiß ob es automatisch auf dem Desktop abgespeichert wurde.
Ein Scan wurde jedenfalls gemacht.
Combofix Logfile: Code:
ComboFix 11-05-23.02 - Birgit 24.05.2011 19:01:35.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3891.2530 [GMT 2:00]
ausgeführt von:: c:\users\Birgit\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\SysWow64\pthreadVC.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-24 bis 2011-05-24 ))))))))))))))))))))))))))))))
.
.
2011-05-24 17:05 . 2011-05-24 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-24 16:14 . 2011-05-24 16:14 -------- d-----w- c:\users\Birgit\AppData\Local\{EAD8116B-76E9-4964-BAE5-38B048E151DF}
2011-05-24 02:47 . 2011-05-24 02:47 -------- d-----w- c:\users\Birgit\AppData\Local\{84F49673-1BFE-4A7E-8531-865DB7EA3366}
2011-05-23 21:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-23 21:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-23 20:56 . 2011-05-23 20:56 -------- d-----w- C:\_OTL
2011-05-23 20:41 . 2011-05-23 20:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-05-23 17:56 . 2011-05-23 17:56 -------- d-----w- c:\users\Birgit\AppData\Roaming\Malwarebytes
2011-05-23 17:56 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-23 17:56 . 2011-05-23 17:56 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 17:56 . 2011-05-23 17:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-23 17:56 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 10:40 . 2011-05-23 10:40 -------- d-----w- c:\users\Birgit\AppData\Local\{80BBED44-8AAE-4D9E-B806-BF2726798C6A}
2011-05-22 17:55 . 2011-05-22 17:55 -------- d-----w- c:\users\Birgit\AppData\Local\{BE86F728-6246-4477-976F-99A5AB7D5FB0}
2011-05-21 20:04 . 2011-05-21 20:04 -------- d-----w- c:\users\Birgit\AppData\Local\{A47BBE84-5F0B-416B-A6AD-AC741EB904F3}
2011-05-21 06:41 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63BD89A2-7588-4DFF-AAB0-2211A50744C7}\mpengine.dll
2011-05-20 03:37 . 2011-05-20 03:37 -------- d-----w- c:\users\Birgit\AppData\Roaming\Avira
2011-05-19 16:20 . 2011-05-19 16:21 -------- d-----w- c:\users\Birgit\AppData\Local\{C6381585-E576-478E-96A2-DF93BB3720A5}
2011-05-18 13:28 . 2011-05-18 13:28 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-18 13:19 . 2011-05-18 13:19 -------- d-----w- c:\users\Birgit\AppData\Local\{59039A8F-1AA2-41D6-8E4F-777D935179F6}
2011-05-17 16:05 . 2011-05-17 16:05 -------- d-----w- c:\users\Birgit\AppData\Local\{ABBE52E9-195F-4391-AD7B-1EEDB972A9C6}
2011-05-17 03:17 . 2011-05-17 03:17 -------- d-----w- c:\users\Birgit\AppData\Local\{9F985DF4-1B12-4C91-A9BD-18B256B82448}
2011-05-16 11:41 . 2011-05-16 11:41 -------- d-----w- c:\users\Birgit\AppData\Local\{0352D33F-F65A-4647-8726-665DD8FD1E3F}
2011-05-15 09:39 . 2011-05-15 09:39 -------- d-----w- c:\users\Birgit\AppData\Local\{C5907639-43DA-4670-99B8-9C38CEB54CD9}
2011-05-14 19:26 . 2011-05-14 19:26 -------- d-----w- c:\users\Birgit\AppData\Local\{05B2040A-4407-4540-BD40-89A79BA9E725}
2011-05-14 02:07 . 2011-05-14 02:07 -------- d-----w- c:\users\Birgit\AppData\Local\{F54ACE47-4620-44C2-B2EB-2767A2A1BC71}
2011-05-13 06:16 . 2011-05-13 06:16 -------- d-----w- c:\users\Birgit\AppData\Local\{88EC0F79-0564-45C4-9DB2-F3BBC8BC4264}
2011-05-12 05:57 . 2011-05-12 05:57 -------- d-----w- c:\users\Birgit\AppData\Local\{809EA172-DD76-4E22-8026-A6A44FC0862C}
2011-05-11 10:18 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 10:17 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 10:17 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 10:17 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 10:17 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 10:17 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 10:17 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 10:17 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 10:17 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 10:17 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 08:33 . 2011-05-11 08:33 -------- d-----w- c:\users\Birgit\AppData\Local\{D310AF6D-9002-426E-B3F0-242B65BC14E2}
2011-05-10 18:07 . 2011-05-10 18:07 -------- d-----w- c:\users\Birgit\AppData\Local\{439A82A1-64CF-4043-BAF2-57C0F25FBEB4}
2011-05-10 11:53 . 2011-05-10 11:53 -------- d-----w- c:\users\Birgit\AppData\Local\Windows Live Writer
2011-05-10 11:53 . 2011-05-10 11:53 -------- d-----w- c:\users\Birgit\AppData\Roaming\Windows Live Writer
2011-05-10 05:40 . 2011-05-10 05:40 -------- d-----w- c:\users\Birgit\AppData\Local\{B9123085-6F3C-43CA-A01B-7065D15805D7}
2011-05-09 17:25 . 2011-05-09 17:26 -------- d-----w- c:\users\Birgit\AppData\Local\{CAFCBD18-8604-4F9F-9094-10A62E8E3639}
2011-05-09 10:55 . 2011-05-09 10:55 -------- d-----w- c:\users\Birgit\AppData\Local\{4179D0E7-6AEC-40C7-ADF6-8059B3B552EF}
2011-05-08 17:26 . 2011-05-08 17:26 -------- d-----w- c:\users\Birgit\AppData\Local\{BE7A84DE-D239-4EE5-B0F5-0AE4E48EB2E2}
2011-05-08 06:13 . 2011-05-08 06:13 -------- d-----w- c:\users\Birgit\AppData\Local\{452A771D-23BF-42E5-85F2-76B035D80A24}
2011-05-06 18:21 . 2011-05-06 18:22 -------- d-----w- c:\users\Birgit\AppData\Local\{3F553000-7BE3-4B69-B5C4-38B544FFE010}
2011-05-06 03:10 . 2011-05-06 03:10 -------- d-----w- c:\users\Birgit\AppData\Local\{8D1C7926-69D4-4DB7-9B07-2A2BA167E2D4}
2011-05-05 14:20 . 2011-05-05 14:20 -------- d-----w- c:\users\Birgit\AppData\Local\{6CC21A34-10EA-45BF-B9AB-A855A6203B12}
2011-05-05 03:10 . 2011-05-05 03:10 -------- d-----w- c:\users\Birgit\AppData\Local\{DA06318C-4A10-47ED-94A3-5D05D91EB675}
2011-05-04 03:12 . 2011-05-04 03:12 -------- d-----w- c:\users\Birgit\AppData\Local\{95779C37-E87D-4FC4-802D-B9F29871F5FA}
2011-05-03 03:14 . 2011-05-03 03:15 -------- d-----w- c:\users\Birgit\AppData\Local\{4B49BC4D-7218-4DCD-BD7D-97E0B29F5157}
2011-05-03 03:14 . 2011-05-03 03:15 -------- d-----w- c:\users\Birgit\AppData\Local\{E3A9D1FE-7E2F-404F-AB4A-8B42DCC06574}
2011-05-02 11:23 . 2011-05-02 11:24 -------- d-----w- c:\users\Birgit\AppData\Local\{ECFA3CDE-1068-4289-BD47-2E4645EC6C35}
2011-05-01 17:27 . 2011-05-01 17:28 -------- d-----w- c:\users\Birgit\AppData\Local\{E644FC8C-AD79-4FB9-B17D-FE8F07E28260}
2011-05-01 02:19 . 2011-05-01 02:20 -------- d-----w- c:\users\Birgit\AppData\Local\{CE810EBF-6B20-4E66-A61F-CD43951A4811}
2011-04-30 02:09 . 2011-04-30 02:10 -------- d-----w- c:\users\Birgit\AppData\Local\{9E0EAE63-C400-4DB7-B04E-B20B49F1FCF9}
2011-04-29 13:24 . 2011-04-29 13:25 -------- d-----w- c:\users\Birgit\AppData\Local\{9147FA1D-CA98-47EC-A95D-767707A6EEA8}
2011-04-28 16:38 . 2011-04-28 16:38 -------- d-----w- c:\users\Birgit\AppData\Local\{9EFA8C4B-47C0-4233-BEBA-693B84EB7AB1}
2011-04-28 02:47 . 2011-04-28 02:47 -------- d-----w- c:\users\Birgit\AppData\Local\{07220CED-B82F-4118-AD6E-9AED77169225}
2011-04-27 18:33 . 2011-05-24 16:54 -------- d-----w- c:\users\Birgit\Tracing
2011-04-27 11:56 . 2011-04-27 11:57 -------- d-----w- c:\users\Birgit\AppData\Local\{F9B2BE7E-5EF2-4EBA-A9B3-B3152D6389AC}
2011-04-27 02:59 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-27 02:59 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-27 02:59 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 02:59 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-26 18:05 . 2011-04-26 18:05 -------- d-----w- c:\windows\de
2011-04-26 17:56 . 2011-04-26 17:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-26 17:56 . 2010-09-22 22:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-04-26 17:56 . 2011-04-26 17:56 -------- d-----w- c:\program files\Windows Live
2011-04-26 17:56 . 2011-04-26 17:56 -------- d-----w- c:\program files (x86)\MSN Toolbar
2011-04-26 17:55 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-04-26 17:55 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-04-26 17:55 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-04-26 17:55 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-26 17:54 . 2011-04-26 17:54 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f5b78ce01cc043a04\InstallManager_WLE_WLE.exe
2011-04-26 17:53 . 2011-04-26 17:53 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e9c9f07a1cc043a03\MeshBetaRemover.exe
2011-04-26 17:53 . 2011-04-26 17:53 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e6fb0e831cc043a02\DXSETUP.exe
2011-04-26 17:53 . 2011-04-26 17:53 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e6fb0e831cc043a02\DSETUP.dll
2011-04-26 17:53 . 2011-04-26 17:53 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e6fb0e831cc043a02\dsetup32.dll
2011-04-26 17:53 . 2011-04-26 17:53 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e10713021cc043a01\DSETUP.dll
2011-04-26 17:53 . 2011-04-26 17:53 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e10713021cc043a01\DXSETUP.exe
2011-04-26 17:53 . 2011-04-26 17:53 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e10713021cc043a01\dsetup32.dll
2011-04-26 17:53 . 2011-05-11 10:50 -------- d-----w- c:\users\Birgit\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 17:56 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-23 19:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-23 19:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-20 10:40 . 2011-04-20 10:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-20 10:40 . 2011-04-20 10:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-20 10:40 . 2011-04-20 10:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-20 10:40 . 2011-04-20 10:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-20 10:40 . 2011-04-20 10:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-20 10:40 . 2011-04-20 10:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-20 10:40 . 2011-04-20 10:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-20 10:40 . 2011-04-20 10:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-20 10:40 . 2011-04-20 10:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-20 10:40 . 2011-04-20 10:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-20 10:40 . 2011-04-20 10:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-20 10:40 . 2011-04-20 10:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-20 10:40 . 2011-04-20 10:40 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-20 10:40 . 2011-04-20 10:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-20 10:40 . 2011-04-20 10:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-20 10:40 . 2011-04-20 10:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-20 10:40 . 2011-04-20 10:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-20 10:40 . 2011-04-20 10:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-20 10:40 . 2011-04-20 10:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-20 10:40 . 2011-04-20 10:40 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-20 10:40 . 2011-04-20 10:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-20 10:40 . 2011-04-20 10:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-20 10:40 . 2011-04-20 10:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-20 10:40 . 2011-04-20 10:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-20 10:40 . 2011-04-20 10:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-20 10:40 . 2011-04-20 10:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-20 10:40 . 2011-04-20 10:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-20 10:40 . 2011-04-20 10:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-20 10:40 . 2011-04-20 10:40 448512 ----a-w- c:\windows\system32\html.iec
2011-04-20 10:40 . 2011-04-20 10:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-20 10:40 . 2011-04-20 10:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-20 10:40 . 2011-04-20 10:40 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-20 10:40 . 2011-04-20 10:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-20 10:40 . 2011-04-20 10:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-20 10:40 . 2011-04-20 10:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-20 10:40 . 2011-04-20 10:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-20 10:40 . 2011-04-20 10:40 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-20 10:40 . 2011-04-20 10:40 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-20 10:40 . 2011-04-20 10:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-20 10:40 . 2011-04-20 10:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-20 10:40 . 2011-04-20 10:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-20 10:40 . 2011-04-20 10:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-21 11:22 . 2011-03-21 11:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-21 11:22 . 2011-03-21 11:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-21 11:22 . 2010-09-02 07:30 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-03-16 11:28 . 2011-04-17 14:14 18240 ----a-w- c:\windows\system32\roboot64.exe
2011-03-11 06:34 . 2011-04-14 17:58 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 17:58 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 17:58 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 17:58 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:29 . 2011-04-14 17:58 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 17:58 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-27 02:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 02:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 17:58 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 17:58 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 17:58 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 17:58 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 06:15 . 2011-04-14 17:59 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 17:59 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-14 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-02-14 273544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-02-21 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-1-17 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-1-17 651264]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-20 136360]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 20:07]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 20:07]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1797740165-156765479-2020439678-1001Core.job
- c:\users\Birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 20:07]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1797740165-156765479-2020439678-1001UA.job
- c:\users\Birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 20:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Birgit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1797740165-156765479-2020439678-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1797740165-156765479-2020439678-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-24 19:07:40
ComboFix-quarantined-files.txt 2011-05-24 17:07
.
Vor Suchlauf: 11 Verzeichnis(se), 97.400.332.288 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 97.043.312.640 Bytes frei
.
- - End Of File - - 440DEBA7C5F029F622984C4B952535E9
--- --- --- |
