Security Shield trojan.lameshield

Martin79 · 12.07.2012, 22:41

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-12.02 - MD 12.07.2012  23:24:41.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3037.1878 [GMT 2:00]
ausgeführt von:: c:\users\MD\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\SPL14AF.tmp
c:\programdata\SPL2946.tmp
c:\programdata\SPL3BAD.tmp
c:\programdata\SPL3F07.tmp
c:\programdata\SPL4687.tmp
c:\programdata\SPL48BF.tmp
c:\programdata\SPL5F15.tmp
c:\programdata\SPL6156.tmp
c:\programdata\SPL66D.tmp
c:\programdata\SPL6F7A.tmp
c:\programdata\SPL7065.tmp
c:\programdata\SPL7FAC.tmp
c:\programdata\SPL83AA.tmp
c:\programdata\SPL858C.tmp
c:\programdata\SPL87C1.tmp
c:\programdata\SPL957D.tmp
c:\programdata\SPL9CDF.tmp
c:\programdata\SPLA1FE.tmp
c:\programdata\SPLB628.tmp
c:\programdata\SPLE1C2.tmp
c:\programdata\SPLEC81.tmp
c:\programdata\SPLF367.tmp
c:\programdata\SPLF74D.tmp
c:\programdata\SPLF981.tmp
c:\users\MD\AppData\Local\assembly\tmp
c:\users\MD\AppData\Local\lame_enc.dll
c:\users\MD\AppData\Local\no23xwrapper.dll
c:\users\MD\AppData\Local\ogg.dll
c:\users\MD\AppData\Local\vorbis.dll
c:\users\MD\AppData\Local\vorbisenc.dll
c:\users\MD\AppData\Local\vorbisfile.dll
c:\users\MD\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-12 21:32 . 2012-07-12 21:32	--------	d-----w-	c:\users\MD\AppData\Local\temp
2012-07-12 21:32 . 2012-07-12 21:32	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-07-12 21:32 . 2012-07-12 21:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-12 21:32 . 2012-07-12 21:32	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-07-12 21:31 . 2012-07-12 21:31	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C44DFB8-D270-485B-A13E-D79EBC2B9FAC}\offreg.dll
2012-07-12 14:10 . 2012-06-18 01:14	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C44DFB8-D270-485B-A13E-D79EBC2B9FAC}\mpengine.dll
2012-07-12 00:27 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-06-29 11:59 . 2012-06-29 11:59	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-27 15:36 . 2009-08-01 08:10	5120	------w-	c:\windows\system32\drivers\SSPORT.sys
2012-06-27 15:36 . 2009-08-01 08:10	49152	------w-	c:\windows\system32\ssusbpn.dll
2012-06-27 15:36 . 2009-08-01 08:10	57344	------w-	c:\windows\system32\ssdevm.dll
2012-06-27 15:34 . 2012-06-27 15:34	--------	d-----w-	c:\windows\Dell
2012-06-27 15:34 . 2009-08-03 04:21	484592	----a-w-	c:\windows\SSndii.exe
2012-06-27 15:34 . 2009-08-03 04:20	44544	----a-w-	c:\windows\system32\msxml4a.dll
2012-06-27 15:34 . 2009-08-03 04:20	38160	----a-w-	c:\windows\system32\msxml2r.dll
2012-06-27 15:34 . 2009-08-03 04:20	21776	----a-w-	c:\windows\system32\msxml2a.dll
2012-06-27 15:34 . 2009-08-03 04:20	701440	----a-w-	c:\windows\system32\msxml2.dll
2012-06-27 15:33 . 2009-08-02 08:32	19968	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sdc1mpc.dll
2012-06-27 15:32 . 2009-08-02 08:32	26624	----a-w-	c:\windows\system32\sdc1ml3.dll
2012-06-27 15:32 . 2009-08-02 08:31	151552	----a-w-	c:\windows\system32\sdc1mci.exe
2012-06-27 15:30 . 2012-06-27 15:30	--------	d-----w-	c:\program files\Dell
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-06-23 14:29 . 2012-06-23 14:29	--------	d-----w-	c:\users\MD\AppData\Local\Macromedia
2012-06-21 19:54 . 2012-06-21 19:54	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 19:54 . 2012-06-21 19:54	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-21 18:53 . 2012-06-21 18:53	--------	d-----w-	c:\program files\MSXML 4.0
2012-06-21 18:49 . 2012-06-21 18:49	--------	d-----w-	c:\users\MD\AppData\Local\Nokia
2012-06-21 18:31 . 2012-06-21 18:31	--------	d-----w-	c:\programdata\NokiaInstallerCache
2012-06-21 18:24 . 2012-06-21 18:28	--------	d-----w-	c:\users\MD\AppData\Roaming\PC Suite
2012-06-21 18:24 . 2012-06-21 18:28	--------	d-----w-	c:\users\MD\AppData\Roaming\Nokia
2012-06-21 18:24 . 2012-06-21 18:28	--------	d-----w-	c:\programdata\PC Suite
2012-06-21 18:23 . 2012-06-21 18:24	--------	d-----w-	c:\program files\DIFX
2012-06-21 18:23 . 2008-08-26 07:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2012-06-21 18:23 . 2012-06-21 18:23	--------	d-----w-	c:\program files\PC Connectivity Solution
2012-06-21 18:23 . 2012-01-09 15:28	75264	----a-w-	c:\windows\system32\nmwcdcls.dll
2012-06-21 18:22 . 2012-06-21 18:33	--------	d-----w-	c:\programdata\Installations
2012-06-21 08:00 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 08:00 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 08:00 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 08:00 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 07:59 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-21 07:59 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 07:59 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 07:59 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 07:59 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-14 09:30 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 09:29 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-14 09:29 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 09:29 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 09:29 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 09:29 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 09:29 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 09:29 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 09:29 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:31 . 2012-04-27 06:40	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-12 11:31 . 2011-06-27 07:14	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 11:59 . 2010-08-14 11:32	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2009-11-04 21:21	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-08 14:57 . 2012-03-29 09:28	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-08 14:57 . 2009-11-05 13:48	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-02 17:27 . 2010-08-28 20:32	22792192	------w-	c:\program files\TOP-RECHNUNG 10.exe
2012-06-21 19:54 . 2011-05-27 11:58	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\MD\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\MD\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\MD\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-03-02 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"AcWin7Hlpr"="c:\programme\Lenovo\Access Connections\AcWin7Hlpr.exe" [2010-11-02 279912]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"PWMTRV"="c:\progra~3\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2010-02-10 455336]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2010-02-10 25256]
"Lexmark 9500 Series Fax Server"="c:\program files\Lexmark 9500 Series\fm3032.exe" [2010-02-10 311976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2009-12-15 632048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenVPN GUI.lnk - c:\windows\System32\schtasks.exe [2011-5-25 179712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^MD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06	421736	------w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12	3872080	------w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-03-24 11:24	409320	------w-	c:\program files\Sandboxie\SbieCtrl.exe
.
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdoserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [x]
S2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\system32\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\DRIVERS\PuAcpi32.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 68709915
*Deregistered* - 68709915
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:31]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001Core.job
- c:\users\MD\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 19:44]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001UA.job
- c:\users\MD\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 19:44]
.
2012-06-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-07-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
FF - ProfilePath - c:\users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\yqpafj8u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-12  23:34:49
ComboFix-quarantined-files.txt  2012-07-12 21:34
ComboFix2.txt  2010-08-02 14:08
.
Vor Suchlauf: 23 Verzeichnis(se), 157.231.550.464 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 157.155.639.296 Bytes frei
.
- - End Of File - - 457FCECB9B065959E1FC0CCAB0C3F963

--- --- ---

Security Shield trojan.lameshield

Plagegeister aller Art und deren Bekämpfung: Security Shield trojan.lameshield

Security Shield trojan.lameshield

Ähnliche Themen: Security Shield trojan.lameshield