So :) Sollte ich jetzt einen Neustart machen?
Combofix Logfile: Code:
ComboFix 13-07-03.01 - MEDION 04.07.2013 15:16:11.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2177 [GMT 2:00]
ausgeführt von:: c:\users\MEDION\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\users\Administrator.MEDION-PC\AppData\Local\assembly\tmp
c:\users\MEDION\AppData\Local\assembly\tmp
c:\users\MEDION\AppData\Roaming\.#
c:\windows\IsUn0407.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\tmp9981.tmp
c:\windows\system32\tmp99B1.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-04 bis 2013-07-04 ))))))))))))))))))))))))))))))
.
.
2013-07-04 13:24 . 2013-07-04 13:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-04 11:28 . 2013-06-17 00:10 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5AAB86AA-F03B-4DCA-BA6D-24244C5F4B44}\mpengine.dll ERROR(0x00000005)
2013-07-03 18:56 . 2013-07-04 12:27 -------- d-----w- c:\users\MEDION\Gegen Virus
2013-06-30 16:41 . 2013-06-30 16:41 -------- d-----w- c:\users\MEDION\AppData\Local\CrashRpt
2013-06-30 16:37 . 2013-06-30 16:37 -------- d-----w- c:\program files\Audials
2013-06-30 16:35 . 2013-06-30 16:35 -------- d-----w- c:\users\MEDION\AppData\Local\RapidSolution
2013-06-28 16:07 . 2013-06-28 16:07 -------- d-----w- c:\users\MEDION\AppData\Roaming\AntiBrowserSpy 2009
2013-06-28 16:06 . 2013-06-28 16:13 -------- d-----w- c:\users\MEDION\AppData\Local\Abelssoft
2013-06-28 16:06 . 2013-06-28 16:06 -------- d-----w- c:\program files\AntiBrowserSpy
2013-06-28 16:05 . 2013-06-28 16:05 -------- d-----w- c:\users\MEDION\AppData\Local\SkypeFx
2013-06-28 16:05 . 2013-06-28 16:05 -------- d-----w- c:\users\MEDION\AppData\Local\Skype Voice Changer
2013-06-27 01:20 . 2013-06-27 01:20 39048 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2013-06-27 01:20 . 2013-06-27 01:20 31848 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2013-06-22 11:37 . 2013-06-22 11:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-15 17:28 . 2013-06-15 17:28 -------- d-----w- c:\program files\Common Files\Java
2013-06-12 15:23 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 15:23 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 15:23 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 15:23 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 15:23 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 15:23 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 15:23 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 15:23 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 15:23 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 15:23 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 15:23 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-07 22:43 . 2010-09-22 12:12 19087360 ----a-w- c:\windows\system32\mkl_blueripple.dll
2013-06-07 21:52 . 2013-06-07 22:04 -------- d-----w- c:\program files\Common Files\Steam
2013-06-07 21:52 . 2013-07-03 16:53 -------- d-----w- c:\program files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 11:19 . 2013-03-19 22:06 119296 ----a-w- c:\windows\system32\zlib.dll
2013-06-22 11:37 . 2012-08-29 10:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-22 11:37 . 2010-06-08 17:00 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-07 22:43 . 2010-09-27 17:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-05-31 16:18 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll ERROR(0x00000005)
2013-05-31 16:18 . 2009-08-18 10:24 22240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ERROR(0x00000005)
2013-05-02 00:06 . 2009-12-23 14:52 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 13:18 . 2013-03-16 17:09 141072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-23 13:18 . 2013-03-16 17:11 281120 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-23 13:18 . 2013-03-16 17:08 281120 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-20 08:55 . 2013-03-16 17:08 281120 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-04-15 14:36 . 2012-01-30 14:57 3326232 ----a-w- c:\windows\RXSUnins.exe
2013-04-15 14:36 . 2012-01-30 14:57 3326232 ----a-w- c:\windows\RXCUnins.exe
2013-04-15 14:20 . 2013-05-16 12:49 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-16 12:49 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-13 09:21 . 2012-06-10 10:10 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-13 09:21 . 2012-06-10 10:10 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-13 09:21 . 2012-06-10 10:10 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-09 01:36 . 2013-05-16 12:49 2049024 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 18:18 . 2012-12-12 18:18 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{77BEC163-D389-42c1-91A4-C758846296A5}]
2013-06-23 15:53 166744 ----a-w- c:\program files\Video downloader\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e5b66461-19eb-4da5-bbf7-df2d266d975b}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Free_Media_Recorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
"{e5b66461-19eb-4da5-bbf7-df2d266d975b}"= "c:\program files\Free_Media_Recorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CLASSES_ROOT\clsid\{e5b66461-19eb-4da5-bbf7-df2d266d975b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E5B66461-19EB-4DA5-BBF7-DF2D266D975B}"= "c:\program files\Free_Media_Recorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e5b66461-19eb-4da5-bbf7-df2d266d975b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"125d3f6ae0a53efa91122391603b15de"=".." [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BrowserMask"="c:\program files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2012-08-14 101328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-03 345144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\docume~1\ settings\all users\application data\browserprotect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]
2011-01-20 10:43 80448 ----a-w- c:\program files\Agfaphoto\MediaImpression 3D\ArcMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-03-30 15:54 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-23 07:14 116648 ----atw- c:\users\MEDION\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jaksta Free Video History]
2011-11-24 01:11 164184 ----a-w- c:\program files\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-11-29 08:22 162408 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 19:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 88322147
*Deregistered* - 88322147
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 13:33 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2755007580-1909110404-1396301959-1000Core.job
- c:\users\MEDION\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 20:28]
.
2013-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2755007580-1909110404-1396301959-1000UA.job
- c:\users\MEDION\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 20:28]
.
2013-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-30 14:16]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:46]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:46]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2755007580-1909110404-1396301959-1000Core.job
- c:\users\MEDION\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-12 07:14]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2755007580-1909110404-1396301959-1000UA.job
- c:\users\MEDION\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-12 07:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=99d61649-e13c-48c6-8bc0-29d56a048adb&searchtype=hp
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=99d61649-e13c-48c6-8bc0-29d56a048adb&searchtype=ds&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Free YouTube Download - c:\users\MEDION\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\MEDION\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Senden an &Bluetooth-Gerät... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\gr4oogbm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\gr4oogbm.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2010-01-07 16:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQOJGKy8M&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - cedae3900000000000000002721a85a9
FF - user.js: extensions.incredibar_i.instlDay - 15648
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:19
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQOJGKy8M
FF - user.js: extensions.incredibar_i.upn2n - 92543870491390904
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10674
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=orgnl&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDyEtCyD0E0E0EtAzytDtN0D0Tzu0CyEzytCtN1L2XzutBtFtBtFtCtFyCtDtBtN1L1Czu&cr=736230633&ir=
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=orgnl&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDyEtCyD0E0E0EtAzytDtN0D0Tzu0CyEzytCtN1L2XzutBtFtBtFtCtFyCtDtBtN1L1Czu&cr=736230633&ir=
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=orgnl&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtDyEtCyD0E0E0EtAzytDtN0D0Tzu0CyEzytCtN1L2XzutBtFtBtFtCtFyCtDtBtN1L1Czu&cr=736230633&ir=&q=
FF - user.js: extensions.funmoods.id - 0024210415EEE390
FF - user.js: extensions.funmoods.instlDay - 15830
FF - user.js: extensions.funmoods.vrsn - 1.8.11.0
FF - user.js: extensions.funmoods.vrsni - 1.8.11.0
FF - user.js: extensions.funmoods_i.vrsnTs - 1.8.11.019:34
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - orgnl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.appId - {EA28B360-05E0-4F93-8150-02891F1D8D3C}
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods_i.hmpg - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKCU-Run-WinClicker.exe - c:\program files\Salling Software AB\Salling Clicker\WinClicker.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll
MSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Motocross Madness 2 Trial - c:\program files\Aspyr Media
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
AddRemove-Angel König - Spinnfischen in Deutschland - c:\users\MEDION\Desktop\Angelkönig\Angelkoenig_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-04 15:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{70DD86E8-B5BC-4E4A-9D5C-B6234C24323C}"=hex:51,66,7a,6c,4c,1d,38,12,86,85,ce,
74,8e,fb,24,0b,e2,4a,f5,63,49,7a,76,28
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{E5B66461-19EB-4DA5-BBF7-DF2D266D975B}"=hex:51,66,7a,6c,4c,1d,38,12,0f,67,a5,
e1,d9,57,cb,08,c4,e1,9c,6d,23,33,d3,4f
"{AE07101B-46D4-4A98-AF68-0333EA26E113}"=hex:51,66,7a,6c,4c,1d,38,12,75,13,14,
aa,e6,08,f6,0f,d0,7e,40,73,ef,78,a5,07
"{F9639E4A-801B-4843-AEE3-03D9DA199E77}"=hex:51,66,7a,6c,4c,1d,38,12,24,9d,70,
fd,29,ce,2d,0d,d1,f5,40,99,df,47,da,63
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31AD400D-1B06-4E33-A59A-90C2C140CBA0}"=hex:51,66,7a,6c,4c,1d,38,12,63,43,be,
35,34,55,5d,0b,da,8c,d3,82,c4,1e,8f,b4
"{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}"=hex:51,66,7a,6c,4c,1d,38,12,8f,de,00,
6a,5c,65,a0,03,f4,70,9f,cb,f6,31,2f,8d
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,
7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}"=hex:51,66,7a,6c,4c,1d,38,12,72,c0,6c,
d6,0f,20,6b,06,f2,45,ef,9a,ea,fb,bc,76
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{AE420039-7F28-47A6-AAB4-D9BD0075BE23}"=hex:51,66,7a,6c,4c,1d,38,12,57,03,51,
aa,1a,31,c8,02,d5,a2,9a,fd,05,2b,fa,37
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{77BEC163-D389-42c1-91A4-C758846296A5}"=hex:51,66,7a,6c,4c,1d,3b,1b,5e,1c,32,
30,8e,b0,4d,3e,b5,9f,b5,35,bb,11,e3,89
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2b,99,a9,c8,9f,bf,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.aac"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.cda"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.flac"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.m4a"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.mp3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.mp4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.ogg"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.wav"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.wma"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4240)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2013-07-04 15:26:45
ComboFix-quarantined-files.txt 2013-07-04 13:26
.
Vor Suchlauf: 16 Verzeichnis(se), 669.987.336.192 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 671.748.268.032 Bytes frei
.
- - End Of File - - 981F61AE3B12F1F9D3DC6931E19AF60B
--- --- ---
5C616939100B85E558DA92B899A0FC36
[/CODE] |
TDSSKiller.exe und speichere diese Datei auf dem Desktop
WARNUNG an die MITLESER: