| Kékfrankos | 18.01.2012 21:14 |
So. Combo ist fertig. Anbei dessen .log- Datei.
Combofix Logfile: Code:
ComboFix 12-01-18.04 - Melanie 18.01.2012 20:55:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3000.1466 [GMT 1:00]
ausgeführt von:: c:\users\Melanie\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.rtf
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-18 bis 2012-01-18 ))))))))))))))))))))))))))))))
.
.
2012-01-18 20:08 . 2012-01-18 20:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-18 20:08 . 2012-01-18 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 17:52 . 2012-01-18 17:52 202381 ----a-w- c:\program files\Microsoft Games\Train Simulator\Uninst_MSTS Patch 1.7.0519.exe
2012-01-18 17:51 . 2001-06-01 14:01 163840 ----a-w- c:\program files\Microsoft Games\Train Simulator\string.dll
2012-01-18 17:51 . 2001-06-01 14:01 40960 ----a-w- c:\program files\Microsoft Games\Train Simulator\menu.dll
2012-01-18 17:51 . 2001-06-01 14:01 139264 ----a-w- c:\program files\Microsoft Games\Train Simulator\dialog.dll
2012-01-18 17:42 . 2002-08-15 14:36 4259840 ----a-w- c:\program files\Microsoft Games\Train Simulator\SETUPENU.DLL
2012-01-18 17:42 . 2002-03-12 18:46 73779 ----a-w- c:\program files\Microsoft Games\Train Simulator\ebueula1.dll
2012-01-18 17:42 . 2001-06-01 14:01 65587 ----a-w- c:\program files\Microsoft Games\Train Simulator\ebueula2.dll
2012-01-18 17:42 . 2001-05-09 23:48 32768 ----a-w- c:\program files\Microsoft Games\Train Simulator\UTILS\txt2uni.exe
2012-01-18 17:42 . 2001-05-08 03:11 118784 ----a-w- c:\program files\Microsoft Games\Train Simulator\UTILS\FFEDIT\ffeditc_unicode.exe
2012-01-18 17:42 . 2001-05-08 01:56 176128 ----a-w- c:\program files\Microsoft Games\Train Simulator\UTILS\tsunpack.exe
2012-01-18 17:42 . 2001-05-08 01:13 152992 ----a-w- c:\program files\Microsoft Games\Train Simulator\dw.exe
2012-01-18 17:28 . 2001-06-01 14:06 65536 ----a-w- c:\program files\Microsoft Games\Train Simulator\ROUTE GEOGRAPHY CREATOR\string.dll
2012-01-18 17:28 . 2001-05-08 01:15 65587 ----a-w- c:\program files\Microsoft Games\Train Simulator\ROUTE GEOGRAPHY CREATOR\ebueula1.dll
2012-01-18 17:28 . 2001-05-08 01:15 278528 ----a-w- c:\program files\Microsoft Games\Train Simulator\ROUTE GEOGRAPHY CREATOR\tsdataex.exe
2012-01-18 17:28 . 2001-02-06 20:47 49152 ----a-w- c:\program files\Microsoft Games\Train Simulator\HELP\tswshlp.dll
2012-01-18 17:28 . 2002-09-19 14:08 4100154 ----a-w- c:\program files\Microsoft Games\Train Simulator\UNINSTAL.EXE
2012-01-18 17:28 . 2001-06-01 14:01 360448 ----a-w- c:\program files\Microsoft Games\Train Simulator\tsmvhlp.dll
2012-01-18 17:28 . 2001-06-01 14:01 34576 ----a-w- c:\program files\Microsoft Games\Train Simulator\tsqtz32.dll
2012-01-18 17:28 . 2001-06-01 14:01 11808 ----a-w- c:\program files\Microsoft Games\Train Simulator\tsqtz.drv
2012-01-18 17:28 . 2001-06-01 14:01 3461120 ----a-w- c:\program files\Microsoft Games\Train Simulator\tsbmphlp.dll
2012-01-18 17:28 . 2001-05-08 01:14 54688 ----a-w- c:\program files\Microsoft Games\Train Simulator\1033\dwintl.dll
2012-01-18 17:28 . 2001-03-07 01:42 49152 ----a-w- c:\program files\Microsoft Games\Train Simulator\1031\dwintl.dll
2012-01-18 16:29 . 2012-01-18 16:29 -------- d-----w- c:\program files\VS Revo Group
2012-01-18 14:25 . 2001-05-08 02:14 114688 ----a-w- c:\program files\Microsoft Games\Train Simulator\GLOBAL\iomconvunicode.exe
2012-01-18 13:46 . 2001-05-08 02:14 114688 ----a-w- c:\program files\Microsoft Games\Train Simulator\ROUTES\Trat 321\GLOBAL\iomconvunicode.exe
2012-01-18 13:27 . 2012-01-18 17:56 -------- d-----w- c:\users\Melanie\AppData\Local\CrashDumps
2012-01-18 09:10 . 2012-01-18 09:14 -------- d-----w- c:\users\Melanie\AppData\Local\NPE
2012-01-18 09:10 . 2012-01-18 09:10 -------- d-----w- c:\programdata\Norton
2012-01-17 18:18 . 2012-01-17 18:18 -------- d-----w- c:\users\Melanie\AppData\Roaming\Canneverbe Limited
2012-01-17 18:18 . 2012-01-17 18:18 -------- d-----w- c:\programdata\Canneverbe Limited
2012-01-17 18:18 . 2012-01-17 18:18 -------- d-----w- c:\program files\CDBurnerXP
2012-01-17 18:03 . 2012-01-17 18:03 -------- d-----w- c:\program files\LSoft Technologies
2012-01-17 16:10 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-17 16:10 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-17 16:10 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 16:10 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-17 16:10 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-17 16:10 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-16 16:56 . 2012-01-16 16:56 -------- d-----w- c:\program files\Shape Viewer
2012-01-11 09:10 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 09:10 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 09:10 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 09:10 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 09:10 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 09:10 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 09:10 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 09:10 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 18:04 . 2009-11-03 14:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-23 13:37 . 2011-12-15 06:18 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 21:18 . 2010-12-23 19:04 286720 ----a-w- c:\windows\iun506.exe
2011-11-16 04:52 . 2011-05-15 06:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-15 06:18 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22 . 2011-12-15 06:17 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17 . 2011-12-15 06:17 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17 . 2011-12-15 06:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17 . 2011-12-15 06:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17 . 2011-12-15 06:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22 . 2011-12-15 06:17 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45 . 2011-12-15 06:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43 . 2011-12-15 06:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-15 06:18 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-15 06:18 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-15 06:18 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]
"{548f6736-8fe4-4680-82f2-170d6c07e1d2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\TranslatorBar_1.2\tbTran.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-26 05:38 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]
"{548f6736-8fe4-4680-82f2-170d6c07e1d2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]
"{548F6736-8FE4-4680-82F2-170D6C07E1D2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 24064]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-9-10 1216512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Melanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.8087520392255758.exe.lnk]
path=c:\users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.8087520392255758.exe.lnk
backup=c:\windows\pss\0.8087520392255758.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-05-07 110304]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-18 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-04 13:10]
.
2012-01-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-03 09:16]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 16:16]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 16:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
mStart Page = hxxp://home.sweetim.com
IE: Free YouTube Download - c:\users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\uoiz31cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: softonic-de3 Community Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Magic ISO Maker v5.5 (build 0276) - c:\progra~1\MagicISO\UNWISE.EXE
AddRemove-Rollmaterial für die Westbahn - c:\users\Melanie\Desktop\Uninstal rollmaterial westbahn.exe
AddRemove-TrainSim.pl PMK v2.3 - c:\users\Melanie\Desktop\uninstall_pmk_route.exe
AddRemove-Wupper Express 11 Actpack 1.0 - c:\train simulator\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-18 21:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-78928637-2002754984-348181283-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,53,24,3e,a1,fc,48,82,d0,94,d1,3a,f3,3e,c9,bf,05,bc,2f,e3,30,
45,8c,42,07,c7,68,47,a6,79,89,8c,4b,4f,de,a3,7a,dd,11,99,67,a3,fe,ad,a2,40,\
"rkeysecu"=hex:f2,48,57,24,39,38,75,42,be,54,5e,0a,19,64,10,96
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-01-18 21:13:22
ComboFix-quarantined-files.txt 2012-01-18 20:13
.
Vor Suchlauf: 21 Verzeichnis(se), 25.224.998.912 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 27.693.223.936 Bytes frei
.
- - End Of File - - 7E785674AB08DC93A035A3B5D3EEE7D3
--- --- --- |
