| |  Ron ads ....
 hallo, hab ein popup problem.
bekomme von "ron ads profitharbor" ein popup.
habe auch schon mit combofix wie in anderen fällen beschrieben gescannt.
hier die log. Zitat:
ComboFix 10-04-20.04 - julia 21.04.2010 18:29:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.945 [GMT 2:00]
ausgeführt von:: c:\users\julia\Desktop\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\julia\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3D0F.tmp
c:\users\julia\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9B64.tmp
c:\users\julia\AppData\Roaming\0200000079d9e413658C.manifest
c:\users\julia\AppData\Roaming\0200000079d9e413658O.manifest
c:\users\julia\AppData\Roaming\0200000079d9e413658P.manifest
c:\users\julia\AppData\Roaming\0200000079d9e413658S.manifest
c:\windows\system32\0XuPZzf.vbs
c:\windows\system32\aivukztpdojefz.exe
c:\windows\system32\ewumgomkhk.dll
c:\windows\system32\P880K49.vbs
c:\windows\system32\uU4VSa7.vbs
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-21 bis 2010-04-21 ))))))))))))))))))))))))))))))
.
2010-04-21 16:41 . 2010-04-21 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-20 16:27 . 2010-04-20 16:27 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-20 16:02 . 2009-09-18 10:27 1119488 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-04-19 19:26 . 2010-04-19 18:35 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-19 18:36 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-19 18:36 . 2010-04-19 18:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-19 18:36 . 2010-04-19 18:36 95024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-19 18:31 . 2010-04-19 18:31 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-19 18:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-19 18:30 . 2010-04-19 18:36 -------- d-----w- c:\programdata\Lavasoft
2010-04-19 18:30 . 2010-04-19 18:31 -------- d-----w- c:\program files\Lavasoft
2010-04-19 18:07 . 2010-04-01 13:17 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-19 18:07 . 2010-04-01 13:11 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-04-19 18:07 . 2010-04-01 13:11 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-19 18:06 . 2010-04-19 18:07 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-19 18:05 . 2010-04-19 18:05 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-19 13:29 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-19 13:29 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-19 13:29 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-19 13:29 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-19 13:29 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-19 13:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-19 13:28 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-19 13:28 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-19 13:28 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-19 13:26 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-19 13:26 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 09:37 . 2010-04-08 09:37 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-08 09:37 . 2010-04-08 09:37 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-08 09:37 . 2010-04-08 09:37 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-08 09:37 . 2010-04-08 09:37 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-08 09:37 . 2010-04-08 09:37 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-08 09:37 . 2010-04-08 09:37 4250976 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-08 09:37 . 2010-04-08 09:37 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-08 09:37 . 2010-04-08 09:37 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-08 09:36 . 2010-04-08 09:36 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-08 09:36 . 2010-04-08 09:36 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-08 09:36 . 2010-04-08 09:36 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-08 09:36 . 2010-04-08 09:36 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-08 09:35 . 2010-04-08 09:35 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-08 09:35 . 2010-04-08 09:35 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-03 16:51 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-31 10:17 . 2010-02-23 06:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 10:16 . 2010-02-23 06:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-03-31 10:16 . 2010-02-23 04:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-31 10:16 . 2010-02-23 06:33 71680 ----a-w- c:\windows\system32\iesetup.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 16:27 . 2009-04-03 10:52 -------- d-----w- c:\program files\Bandoo
2010-04-21 16:06 . 2006-11-02 15:33 628448 ----a-w- c:\windows\system32\perfh007.dat
2010-04-21 16:06 . 2006-11-02 15:33 127056 ----a-w- c:\windows\system32\perfc007.dat
2010-04-21 15:59 . 2010-04-20 16:32 52741 ----a-w- c:\programdata\nvModes.dat
2010-04-20 17:27 . 2007-10-01 12:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-20 16:32 . 2007-10-19 02:50 -------- d-----w- c:\programdata\NVIDIA
2010-04-20 16:02 . 2009-10-16 11:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-04-20 15:55 . 2009-02-07 21:12 1356 ----a-w- c:\users\julia\AppData\Local\d3d9caps.dat
2010-04-19 19:26 . 2009-08-03 14:53 -------- d-----w- c:\program files\PrimoAdsForYou
2010-04-19 19:26 . 2009-07-13 14:31 -------- d-----w- c:\program files\AwesomeBestShoppingTipsProgram
2010-04-19 19:07 . 2008-11-05 17:17 105552 ----a-w- c:\users\julia\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-19 18:11 . 2007-10-23 12:34 -------- d-----w- c:\program files\Google
2010-04-19 18:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-19 18:05 . 2009-06-07 12:24 -------- d-----w- c:\programdata\TuneUp Software
2010-04-19 17:42 . 2009-03-25 14:14 -------- d-----w- c:\users\julia\AppData\Roaming\Skype
2010-04-19 17:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-19 13:47 . 2007-10-18 05:07 -------- d-----w- c:\programdata\Microsoft Help
2010-04-18 20:03 . 2009-10-16 11:46 -------- d-----w- c:\programdata\avg9
2010-03-26 12:12 . 2008-11-16 17:37 3180 ----a-w- c:\users\julia\AppData\Roaming\wklnhst.dat
2010-03-25 10:28 . 2007-10-17 10:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 10:26 . 2009-10-16 13:15 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-03-19 18:10 . 2008-12-06 11:41 -------- d-----w- c:\users\julia\AppData\Roaming\LimeWire
2010-03-16 00:15 . 2010-03-16 00:15 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-16 00:15 . 2010-03-16 00:15 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-03-16 00:15 . 2010-03-16 00:15 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 00:14 . 2010-03-16 00:14 88168 ----a-w- c:\windows\system32\nvhotkey.dll
2010-03-16 00:14 . 2010-03-16 00:14 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 00:14 . 2010-03-16 00:14 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-12 09:54 . 2009-10-16 11:46 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 09:54 . 2010-03-12 09:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 09:54 . 2009-10-16 11:46 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 09:52 . 2009-10-16 11:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-06 16:32 . 2009-12-05 21:20 -------- d-----w- c:\programdata\Messenger Plus!
2010-03-06 16:24 . 2009-12-04 23:05 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-05 13:57 . 2008-11-06 08:35 27335 ----a-w- c:\users\julia\AppData\Roaming\nvModes.dat
2010-03-04 13:51 . 2007-10-18 05:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 08:16 . 2009-10-03 00:15 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 12:39 . 2010-02-22 12:39 -------- d-----w- c:\programdata\hps
2010-02-22 12:23 . 2010-02-22 12:23 -------- d-----w- c:\program files\Müller Foto
2010-02-22 11:00 . 2010-02-22 11:00 -------- d-----w- c:\users\julia\AppData\Roaming\Snapfish
2010-02-20 23:06 . 2010-03-12 09:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 09:47 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 09:47 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 12:44 . 2010-02-19 12:44 55793 ----a-w- c:\windows\system32\u_ewumgomkhk.dll.exe
2010-02-05 15:04 . 2010-02-05 15:04 580096 ----a-w- c:\windows\system32\cdynorzwlcfmufkmj.dll
2010-01-25 12:00 . 2010-02-24 10:39 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 10:39 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 10:39 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 10:39 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 10:39 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 10:39 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 10:39 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 10:39 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 10:39 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 10:40 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-18 17:16 . 2009-12-18 17:16 278528 ----a-w- c:\program files\mozilla firefox\components\ewumgomkhk.dll
2007-04-17 08:30 . 2007-04-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63E51DEA-60B3-2862-9052-D98EFF830328}]
2010-02-05 15:04 580096 ----a-w- c:\windows\System32\cdynorzwlcfmufkmj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 10:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2009-08-13 07:40 1862592 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"zythqczaypbllaxk"="c:\windows\system32\cdynorzwlcfmufkmj.dll" [2010-02-05 580096]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Bandoo\BndHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TVBroadcast"=c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe"
"DetectorApp"="c:\program files\Roxio\MyDVD\MyDVD\DetectorApp.exe"
"toolbar_eula_launcher"=c:\program files\GoogleEULA\EULALauncher.exe
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "c:\program files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):70,86,52,67,69,51,ca,01
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\PythonService.exe [x]
R2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
R2 gupdate1c993733db2f430;Google Update Service (gupdate1c993733db2f430);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-19 1265264]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2007-10-01 483328]
R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2007-10-01 7680]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-12 242696]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 15:52]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 15:52]
2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{0C0800C4-B1A9-414C-A46C-2ED5B422090E}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.findstuff.biz/home.html
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\julia\AppData\Roaming\Mozilla\Firefox\Profiles\7h4e6vnv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\julia\AppData\Roaming\Mozilla\Firefox\Profiles\7h4e6vnv.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}\components\SaveComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - c:\program files\AGI\common\agcutils.dll
BHO-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - c:\program files\AGI\common\agcutils.dll
BHO-{A4DA9FB7-6F80-4589-A050-14129120B060} - (no file)
BHO-{BC5FEE13-A72C-6C5C-588D-FAA577232DA1} - c:\windows\system32\ewumgomkhk.dll
Toolbar-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{A4DA9FB6-6F80-4589-A050-14129120B060} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
AddRemove-aivukztpdojefz - c:\windows\system32\aivukztpdojefz.exe
AddRemove-{23A287DB-449A-462F-BDE1-8635A61671CE} - c:\program files\AGI\common\bootstrapper.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-21 18:42
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-04-21 18:46:41
ComboFix-quarantined-files.txt 2010-04-21 16:46
Vor Suchlauf: 11 Verzeichnis(se), 91.252.961.280 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 92.239.736.832 Bytes frei
- - End Of File - - 06B838A1C672A897EA6B664928B30D28
|
|
21.04.2010, 17:53
Baum-Darstellung