Nach Neustart des Rechners waren heute einige Programme wieder installiert:
Activeries AntiMalware OptimizePro VuuPc Wajam VoPackage Suprasavings WPM Websearches
Hier das Log von ComboFix:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 14-05-07.03 - ***** 09.05.2014 20:20:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2013.1083 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\2308189059
c:\programdata\2308189059\BIT8DF8.tmp
c:\programdata\Duden
c:\programdata\Duden\DKReg.exe
c:\programdata\IePluginService
c:\programdata\IePluginService\PluginService.exe
c:\users\*****\AppData\Local\nsx4172.tmp
c:\users\*****\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\users\*****\AppData\Roaming\AcroIEHelpe.txt
c:\users\*****\AppData\Roaming\srvblck5.tmp
c:\users\*****\uz.dat
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IePluginService
-------\Service_IePluginService
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-09 bis 2014-05-09 ))))))))))))))))))))))))))))))
.
.
2014-05-09 18:26 . 2014-05-09 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-08 19:11 . 2014-03-12 14:00 295080 ----a-w- c:\windows\system32\SecureAssist.dll
2014-05-08 19:10 . 2014-05-08 19:10 -------- d-----w- c:\program files\SupTab
2014-05-08 19:10 . 2014-05-08 19:10 -------- d-----w- c:\programdata\WPM
2014-05-08 19:08 . 2014-05-09 18:11 -------- d-----w- c:\users\*****\AppData\Roaming\Activeris
2014-05-08 19:07 . 2014-05-08 19:07 -------- d-----w- c:\users\*****\AppData\Roaming\webssearches
2014-05-08 19:06 . 2014-05-08 19:10 -------- d-----w- c:\program files\suprasavings
2014-05-08 19:05 . 2014-05-08 19:06 -------- d-----w- c:\program files\003
2014-05-08 19:04 . 2014-05-08 19:04 -------- d-----w- c:\users\*****\AppData\Roaming\VOPackage
2014-05-08 19:02 . 2014-05-08 19:02 -------- d-----w- c:\users\*****\AppData\Local\SearchProtect
2014-05-08 18:57 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-05-07 19:49 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-05-07 19:49 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-07 19:47 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-05-07 19:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-05-07 19:28 . 2014-05-07 19:30 -------- d-----w- C:\FRST
2014-05-07 19:15 . 2014-05-07 19:15 75376 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2014-05-07 19:15 . 2014-05-07 19:15 46704 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-07 19:15 . 2014-05-07 19:15 10594416 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll
2014-05-07 19:15 . 2014-05-07 19:15 965232 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll
2014-05-07 19:15 . 2014-05-07 19:15 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2014-05-07 19:15 . 2014-05-07 19:15 1266800 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll
2014-05-07 19:15 . 2014-05-07 19:15 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2014-05-07 19:15 . 2014-05-07 19:15 28272 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2014-05-07 19:15 . 2014-05-07 19:15 93808 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2014-05-07 19:15 . 2014-05-07 19:15 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2014-05-07 19:06 . 2014-05-07 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-05-07 19:06 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-07 18:46 . 2014-05-07 18:46 -------- d-----w- c:\users\*****\AppData\Roaming\ProductData
2014-05-07 18:46 . 2014-05-09 17:59 -------- d-----w- c:\programdata\IObit
2014-05-07 18:46 . 2014-05-07 18:46 -------- d-----w- c:\programdata\ProductData
2014-05-07 18:46 . 2014-05-07 18:46 -------- d-----w- c:\users\*****\AppData\Roaming\IObit
2014-05-07 18:45 . 2014-05-07 18:46 -------- d-----w- c:\program files\IObit
2014-05-07 18:36 . 2014-05-07 18:36 -------- d-----w- c:\users\*****\AppData\Roaming\TeamViewer
2014-05-06 17:03 . 2014-05-06 17:03 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 16:54 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 16:54 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-03 08:37 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-01 10:39 . 2014-05-01 10:39 -------- d-----w- c:\users\*****\AppData\Roaming\rightbackup
2014-04-29 19:18 . 2014-04-29 19:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 19:14 . 2014-04-29 19:14 -------- d-----w- c:\program files\Uninstaller
2014-04-29 19:13 . 2014-04-29 19:13 -------- d-----w- c:\users\*****\AppData\Local\com
2014-04-29 19:12 . 2014-04-29 19:12 -------- d-----w- c:\users\*****\AppData\Local\newplayer
2014-04-29 19:07 . 2014-05-08 19:10 -------- d-----w- c:\users\*****\AppData\Roaming\SupTab
2014-04-29 19:05 . 2014-05-07 18:54 -------- d-----w- c:\users\*****\AppData\Roaming\systweak
2014-04-23 19:12 . 2014-04-23 19:12 -------- d-sh--w- c:\users\*****\AppData\Local\EmieUserList
2014-04-23 19:12 . 2014-04-23 19:12 -------- d-sh--w- c:\users\*****\AppData\Local\EmieSiteList
2014-04-22 19:47 . 2014-03-06 08:02 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-04-22 19:47 . 2014-03-06 05:50 257536 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-22 19:47 . 2014-03-08 01:59 235216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-04-09 20:06 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 20:06 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 20:06 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 20:06 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 20:06 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-09 18:27 . 2014-05-09 18:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEAD8BC-691E-477C-AB8C-5F01090F3B2D}\offreg.dll
2014-04-29 19:18 . 2011-07-02 13:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-17 03:32 . 2014-05-09 17:49 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEAD8BC-691E-477C-AB8C-5F01090F3B2D}\mpengine.dll
2014-03-31 07:35 . 2011-08-06 14:22 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 09:46 . 2014-03-21 09:46 152848 ----a-w- c:\windows\system32\comdlg32.ocx
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-07 18:46 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-07-26 958352]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-07-26 3507088]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-07-26 20880]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-10-25 347792]
"AmazonMP3DownloaderHelper"="c:\users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2009-07-29 258100]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-10-25 347792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"=hex(0):65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,\
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-05-07 2153792]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 30312]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 80824]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 136808]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 181432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-20 440400]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-20 1017424]
S2 buuoujqmrk32;buuoujqmrk32;c:\program files\003\buuoujqmrk32.exe run options=01110010030000000000000000000000 sourceguid=F978377C-B7D4-4536-8E10-14CA97B13394 [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SecureAssist;SecureAssist;c:\program files\SupraSavings\SecureAssist.exe [2014-03-12 1283616]
S2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe [2014-05-08 566272]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2009-07-13 64000]
S3 Cherry Device Interface;Cherry Device Interface;c:\program files\Cherry\CDI\cdi.exe [2009-05-28 585774]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys [2009-07-13 559104]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29 19:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1399576034&from=tugs&uid=ST3500413AS_Z2A5G4VGXXXXZ2A5G4VG
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1399576034&from=tugs&uid=ST3500413AS_Z2A5G4VGXXXXZ2A5G4VG
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\SecureAssist.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1w4ophuk.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hp&ts=1399576034&from=tugs&uid=ST3500413AS_Z2A5G4VGXXXXZ2A5G4VG
FF - prefs.js: keyword.URL - hxxp://go.web.de/tb/mff_keyurl_search/?su=
FF - ExtSQL: 2014-04-29 21:04; quick_start@gmail.com; c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1w4ophuk.default\extensions\quick_start@gmail.com
FF - ExtSQL: !HIDDEN! 2014-04-29 21:04; quick_start@gmail.com; c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1w4ophuk.default\extensions\quick_start@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM_ActiveSetup-6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - c:\programdata\Duden\dkreg.exe
AddRemove-Activeris AntiMalware_is1 - c:\program files\Activeris AntiMalware\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\003\buuoujqmrk32.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\program files\Avira\AntiVir Desktop\update.exe
c:\program files\Avira\AntiVir Desktop\updrgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-09 20:33:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-09 18:33
.
Vor Suchlauf: 10 Verzeichnis(se), 398.981.365.760 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 407.357.640.704 Bytes frei
.
- - End Of File - - 4896FDD889D2FF05DEFE68591C2BF78C
A36C5E4F47E84449FF07ED3517B43A31
09.05.2014, 19:43
Baum-Darstellung