Hallo schrauber,
tausend Dank dass du mir hilfst.
Beim Revo Uninstaller konnte ich nur Avira deinstallieren.
Der Windows Defender wird nicht als installiertes Programm angezeigt.
Hier der Inhalt nach FRST Fix: Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Angie at 2014-08-13 15:25:51 Run:1
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ==== Soll ich ComboFix ausführen?
Gruss
xvolt
Hier nun das Combofix-Log: Code:
Combofix Logfile:
Code:
ComboFix 14-08-12.01 - Angie 13.08.2014 15:44:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1978.1005 [GMT 2:00]
ausgeführt von:: c:\users\Angie\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Minibar\FrOGgy.dll
c:\program files\Minibar\KaNGo.dll
c:\program files\Minibar\MiNIbarbutton.dll
c:\programdata\OletAyuxm.dat
c:\users\Angie\AppData\Local\Minibar
c:\users\Angie\AppData\Local\Minibar\chrome\background.html
c:\users\Angie\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Angie\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Angie\AppData\Local\Minibar\chrome\main.js
c:\users\Angie\AppData\Local\Minibar\chrome\manifest.json
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Angie\AppData\Local\Minibar\chrome\popup.html
c:\users\Angie\AppData\Local\Minibar\chrome\popup.js
c:\users\Angie\AppData\Local\Minibar\chrome\tab.html
c:\users\Angie\AppData\Local\Minibar\chrome\tab.js
c:\users\Angie\AppData\Local\Minibar\chrome_installer.js
c:\users\Angie\AppData\Local\Minibar\common.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\cached_http_request.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\Angie\AppData\Local\Minibar\firefox\install.rdf
c:\users\Angie\AppData\Local\Minibar\firefox_installer.js
c:\users\Angie\AppData\Local\Minibar\ie_installer.js
c:\users\Angie\AppData\Local\Minibar\install.json
c:\users\Angie\AppData\Local\Minibar\minibar.crx
c:\users\Angie\AppData\Local\Minibar\minibar.xpi
c:\users\Angie\AppData\Local\Minibar\sqlite3.exe
c:\users\Angie\AppData\Local\Minibar\Uninstall.exe
c:\users\Angie\AppData\Roaming\7go
c:\users\Angie\AppData\Roaming\7go\7go.crx
c:\users\Angie\AppData\Roaming\7go\icon.ico
c:\windows\system32\drivers\5be5bf43b64694ac.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Run
-------\Service_syshost32
-------\Legacy_5be5bf43b64694ac
-------\Service_5be5bf43b64694ac
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-13 bis 2014-08-13 ))))))))))))))))))))))))))))))
.
.
2014-08-13 13:55 . 2014-08-13 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-13 13:09 . 2014-08-13 13:09 -------- d-----w- c:\program files\VS Revo Group
2014-08-13 11:54 . 2014-08-13 13:25 -------- d-----w- C:\FRST
2014-08-13 10:59 . 2014-08-13 10:59 -------- d-----w- c:\users\Angie\AppData\Roaming\Avira
2014-08-13 10:41 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-08-13 10:41 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-08-13 10:41 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2014-08-13 10:41 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2014-08-13 10:41 . 2014-08-13 11:19 -------- d-----w- c:\programdata\Avira
2014-08-13 10:41 . 2014-08-13 11:18 -------- d-----w- c:\program files\Avira
2014-08-02 07:56 . 2014-08-13 10:55 -------- d-----w- c:\programdata\UstuWogu
2014-08-02 07:55 . 2014-08-13 10:55 -------- d-----w- c:\programdata\UskiTqop
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 11:13 . 2014-07-10 18:48 18872 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-07-12 06:32 . 2013-04-14 08:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-12 06:32 . 2013-04-14 08:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-12 06:32 . 2014-07-12 06:32 10603008 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{99a9c3ba-07f6-4699-bc81-65cab16e204b}"= "c:\program files\FileConverter_1.3_B2\prxtbFile.dll" [2013-03-05 231168]
.
[HKEY_CLASSES_ROOT\clsid\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
2013-03-05 12:37 231168 ----a-w- c:\program files\FileConverter_1.3_B2\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99a9c3ba-07f6-4699-bc81-65cab16e204b}"= "c:\program files\FileConverter_1.3_B2\prxtbFile.dll" [2013-03-05 231168]
.
[HKEY_CLASSES_ROOT\clsid\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-11 39408]
"Exetender"="c:\program files\FantastiGames\GPlayer.exe" [2012-12-04 4936152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\FantastiGames\GPlayer.exe" [2012-12-04 4936152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1332518490-556231238-1997960668-1000]
"EnableNotificationsRef"=dword:00000002
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 06:41 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 06:32]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 20:41]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 20:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{525ba996-1ce4-4677-91c5-9fc4ead2d245} - c:\program files\appbarioDE\prxtbappb.dll
BHO-{525ba996-1ce4-4677-91c5-9fc4ead2d245} - c:\program files\appbarioDE\prxtbappb.dll
Toolbar-10 - (no file)
Toolbar-{525ba996-1ce4-4677-91c5-9fc4ead2d245} - c:\program files\appbarioDE\prxtbappb.dll
WebBrowser-{525BA996-1CE4-4677-91C5-9FC4EAD2D245} - c:\program files\appbarioDE\prxtbappb.dll
HKCU-Run-OletAyuxm - c:\programdata\OletAyuxm.dat
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-7go - c:\program files\7go\uninst.exe
AddRemove-7Go Games - c:\program files\7Go Games\uninstall.exe
AddRemove-PC Performer_is1 - c:\program files\PC Performer\unins000.exe
AddRemove-Speed Analysis 3 - c:\program files\Speed Analysis 3\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-13 16:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{99A9C3BA-07F6-4699-BC81-65CAB16E204B}"=hex:51,66,7a,6c,4c,1d,38,12,d4,c0,ba,
9d,c4,49,f7,03,c3,97,26,8a,b4,30,64,5f
"{525BA996-1CE4-4677-91C5-9FC4EAD2D245}"=hex:51,66,7a,6c,4c,1d,38,12,f8,aa,48,
56,d6,52,19,03,ee,d3,dc,84,ef,8c,96,51
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}"=hex:51,66,7a,6c,4c,1d,38,12,db,11,7d,
81,e5,6c,4c,0b,e5,dc,a9,da,05,d3,92,4f
"{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}"=hex:51,66,7a,6c,4c,1d,38,12,92,62,71,
a2,1c,f6,a9,0b,e0,7b,81,b3,6e,d9,59,e4
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AA74D58F-ACD0-450D-A85E-6C04B171C044}"=hex:51,66,7a,6c,4c,1d,38,12,e1,d6,67,
ae,e2,e2,63,00,d7,48,2f,44,b4,2f,84,50
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EB9E4CDF-B007-450C-B0AF-B66467C3D6E0}"=hex:51,66,7a,6c,4c,1d,38,12,b1,4f,8d,
ef,35,fe,62,00,cf,b9,f5,24,62,9d,92,f4
"{FF103732-4528-4322-AA8B-F7849AB7776B}"=hex:51,66,7a,6c,4c,1d,38,12,5c,34,03,
fb,1a,0b,4c,06,d5,9d,b4,c4,9f,e9,33,7f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:20,82,89,dc,5d,6c,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,51,a9,d3,6a,5d,8d,4a,b2,0c,42,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\conime.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Tbccint\ToolbarService\ToolbarService.exe
c:\program files\Wajam\Updater\WajamUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\regsvr32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Browny02\BrYNSvc.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-13 16:06:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-13 14:06
.
Vor Suchlauf: 12 Verzeichnis(se), 201.077.706.752 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 202.577.977.344 Bytes frei
.
- - End Of File - - 31A670EE8E5E7BE6E36CF5CF87AD79BD --- --- ---
85D751F0E41B8E520AEE8C07A8DA777B |