Trojaner-Board - Gefälschten Online-Rechnungen von Vodafone

Hier die Ausgabe von Combofix:
Code:
ComboFix 12-10-23.01 - Tina 23.10.2012  18:52:43.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2243 [GMT 2:00]

ausgeführt von:: c:\users\Tina\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\muzapp.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-23 bis 2012-10-23  ))))))))))))))))))))))))))))))

.

.

2012-10-23 16:59 . 2012-10-23 16:59        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-10-23 16:58 . 2012-10-23 16:58        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1031742A-CB3A-49CC-9611-600EC0BD6A1C}\offreg.dll

2012-10-23 07:14 . 2012-10-12 07:19        9291768        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1031742A-CB3A-49CC-9611-600EC0BD6A1C}\mpengine.dll

2012-10-22 17:41 . 2012-10-22 17:41        --------        d-----w-        c:\users\Tina\AppData\Roaming\Malwarebytes

2012-10-22 17:40 . 2012-10-22 17:40        --------        d-----w-        c:\programdata\Malwarebytes

2012-10-22 17:40 . 2012-10-22 17:40        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-22 17:40 . 2012-09-29 17:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-10-21 10:13 . 2012-10-21 10:13        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-10-11 16:55 . 2012-10-11 17:01        --------        d-----w-        c:\users\Tina\AppData\Roaming\Notepad++

2012-10-10 11:45 . 2012-08-20 18:48        424448        ----a-w-        c:\windows\system32\KernelBase.dll

2012-10-10 11:45 . 2012-08-20 18:48        1162240        ----a-w-        c:\windows\system32\kernel32.dll

2012-10-10 11:43 . 2012-08-11 00:56        715776        ----a-w-        c:\windows\system32\kerberos.dll

2012-10-10 11:43 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\SysWow64\kerberos.dll

2012-10-10 11:43 . 2012-06-02 05:41        1464320        ----a-w-        c:\windows\system32\crypt32.dll

2012-10-10 11:43 . 2012-06-02 05:41        184320        ----a-w-        c:\windows\system32\cryptsvc.dll

2012-10-10 11:43 . 2012-06-02 05:41        140288        ----a-w-        c:\windows\system32\cryptnet.dll

2012-10-10 11:43 . 2012-06-02 04:36        1159680        ----a-w-        c:\windows\SysWow64\crypt32.dll

2012-10-10 11:43 . 2012-06-02 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2012-10-10 11:43 . 2012-06-02 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2012-10-09 08:23 . 2012-10-09 08:23        --------        d-----w-        c:\users\PinBack\AppData\Local\Macromedia

2012-10-03 16:26 . 2012-10-03 19:28        --------        d-----w-        c:\users\PinBack\AppData\Roaming\PC Suite

2012-10-03 16:00 . 2010-04-27 02:25        18944        ----a-w-        c:\windows\system32\drivers\ss_bmdfl.sys

2012-10-03 16:00 . 2010-04-27 02:25        161280        ----a-w-        c:\windows\system32\drivers\ss_bmdm.sys

2012-10-03 16:00 . 2010-04-27 02:25        15872        ----a-w-        c:\windows\system32\drivers\ss_bwhnt.sys

2012-10-03 16:00 . 2010-04-27 02:25        15360        ----a-w-        c:\windows\system32\drivers\ss_bcmnt.sys

2012-10-03 16:00 . 2010-04-27 02:25        127488        ----a-w-        c:\windows\system32\drivers\ss_bbus.sys

2012-10-03 15:59 . 2010-07-04 17:11        25960        ----a-w-        c:\windows\SysWow64\FsExService64.Exe

2012-10-03 15:59 . 2010-07-04 17:11        25960        ----a-w-        c:\windows\system32\FsExService64.exe

2012-10-03 15:59 . 2010-06-14 07:32        16448        ----a-w-        c:\windows\SysWow64\drivers\TFsExDisk.Sys

2012-10-03 15:59 . 2010-06-14 07:32        16448        ----a-w-        c:\windows\system32\drivers\TFsExDisk.sys

2012-10-03 15:41 . 2012-10-03 15:41        --------        d-----w-        c:\users\Tina\AppData\Local\Samsung

2012-10-03 15:41 . 2012-10-03 15:59        --------        d-----w-        c:\users\Tina\AppData\Roaming\Samsung

2012-10-03 15:39 . 2012-06-27 08:37        15872        ----a-w-        c:\windows\system32\drivers\ss_bwh.sys

2012-10-03 15:39 . 2012-06-27 08:37        15360        ----a-w-        c:\windows\system32\drivers\ss_bcm.sys

2012-10-03 15:38 . 2012-08-28 08:05        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll

2012-10-03 15:37 . 2012-10-03 15:37        --------        d-----w-        c:\program files (x86)\MarkAny

2012-10-03 15:37 . 2012-10-03 15:58        --------        d-----w-        c:\program files (x86)\Samsung

2012-10-03 15:37 . 2012-10-03 15:50        --------        d-----w-        c:\programdata\Samsung

2012-10-03 15:09 . 2012-10-19 17:02        --------        d-----w-        c:\users\Tina\AppData\Roaming\Nokia Suite

2012-10-03 15:09 . 2012-10-19 17:02        --------        d-----w-        c:\users\Tina\AppData\Roaming\Nokia

2012-10-03 15:06 . 2012-10-03 16:01        --------        d-----w-        c:\users\Tina\AppData\Local\Downloaded Installations

2012-10-03 14:51 . 2012-10-03 14:52        --------        d-----w-        c:\users\Tina\AppData\Local\Nokia

2012-10-03 14:51 . 2012-10-03 15:00        --------        d-----w-        c:\users\Tina\AppData\Roaming\PC Suite

2012-10-03 14:51 . 2012-10-03 15:00        --------        d-----w-        c:\programdata\PC Suite

2012-10-03 14:50 . 2012-10-19 17:03        --------        d-----w-        c:\programdata\Nokia

2012-10-03 14:49 . 2012-10-03 14:49        --------        d-----w-        c:\program files\DIFX

2012-10-03 14:49 . 2012-06-27 13:18        26112        ----a-w-        c:\windows\system32\drivers\pccsmcfdx64.sys

2012-10-03 14:49 . 2012-10-03 14:49        --------        d-----w-        c:\program files (x86)\PC Connectivity Solution

2012-10-03 14:49 . 2012-01-09 15:28        57856        ----a-w-        c:\windows\system32\nmwcdclsX64.dll

2012-10-03 14:45 . 2012-10-19 17:03        --------        d-----w-        c:\program files (x86)\Nokia

2012-09-26 15:29 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe

2012-09-26 15:22 . 2012-09-26 15:22        --------        d-----w-        c:\users\Tina\Bluetooth Software

2012-09-26 15:22 . 2012-09-26 15:22        --------        d-----w-        c:\users\Tina\AppData\Roaming\ICAClient

2012-09-26 15:20 . 2012-09-26 15:21        --------        d-----w-        c:\users\Tina\AppData\Local\Citrix

2012-09-25 13:21 . 2012-09-25 13:21        --------        d-----w-        c:\users\PinBack\Bluetooth Software

2012-09-25 13:20 . 2006-11-06 13:13        20016        ----a-w-        c:\windows\system32\drivers\btwrchid.sys

2012-09-25 13:20 . 2006-11-06 13:13        94512        ----a-w-        c:\windows\system32\drivers\btwavdt.sys

2012-09-25 13:20 . 2006-11-06 15:52        86832        ----a-w-        c:\windows\system32\drivers\btwaudio.sys

2012-09-25 13:19 . 2006-11-03 17:03        293376        ----a-w-        c:\windows\system32\BtwRSupport.dll

2012-09-25 13:18 . 2012-09-25 13:18        --------        d-----w-        c:\windows\system32\es-MX

2012-09-25 13:18 . 2012-09-25 13:18        --------        d-----w-        c:\windows\system32\es-AR

2012-09-25 13:18 . 2012-09-25 13:18        --------        d-----w-        c:\program files\WIDCOMM

2012-09-25 13:17 . 2012-09-25 13:17        --------        d-----w-        C:\dell

2012-09-24 17:03 . 2012-09-24 17:03        --------        d-----w-        c:\users\PinBack\AppData\Roaming\ICAClient

2012-09-24 17:02 . 2012-09-24 17:03        --------        d-----w-        c:\programdata\Citrix

2012-09-24 17:02 . 2012-09-24 17:03        --------        d-----w-        c:\users\PinBack\AppData\Local\Citrix

2012-09-24 17:02 . 2012-09-24 17:03        --------        d-----w-        c:\program files (x86)\Citrix

2012-09-24 17:02 . 2012-09-24 17:02        --------        d-----w-        c:\program files (x86)\Common Files\Citrix

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-10 12:18 . 2011-12-04 00:28        65309168        ----a-w-        c:\windows\system32\MRT.exe

2012-10-09 08:21 . 2012-04-03 20:47        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 08:21 . 2011-12-04 00:21        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-29 10:08 . 2011-12-04 21:24        2420448        ----a-w-        c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll

2012-09-24 13:32 . 2012-08-19 11:25        477168        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2011-12-08 20:50        473072        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-08-28 08:04 . 2012-08-28 08:04        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-08-28 08:04 . 2012-08-28 08:04        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-08-28 08:04 . 2012-08-28 08:04        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll

2012-08-28 08:04 . 2012-08-28 08:04        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll

2012-08-28 08:04 . 2012-08-28 08:04        45056        ----a-w-        c:\windows\SysWow64\MaXMLProto.dll

2012-08-28 08:04 . 2012-08-28 08:04        40960        ----a-w-        c:\windows\SysWow64\MTTELECHIP.dll

2012-08-28 08:04 . 2012-08-28 08:04        200704        ----a-w-        c:\windows\SysWow64\muzwmts.dll

2012-08-28 08:04 . 2012-08-28 08:04        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax

2012-08-28 08:04 . 2012-08-28 08:04        135168        ----a-w-        c:\windows\SysWow64\muzaf1.dll

2012-08-28 08:04 . 2012-08-28 08:04        122880        ----a-w-        c:\windows\SysWow64\muzeffect.ax

2012-08-28 08:04 . 2012-08-28 08:04        118784        ----a-w-        c:\windows\SysWow64\MaDRM.dll

2012-08-28 08:04 . 2012-08-28 08:04        110592        ----a-w-        c:\windows\SysWow64\muzmp4sp.ax

2012-08-28 08:04 . 2012-08-28 08:04        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll

2012-08-28 08:04 . 2012-08-28 08:04        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll

2012-08-28 08:04 . 2012-08-28 08:04        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll

2012-08-28 08:04 . 2012-08-28 08:04        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax

2012-08-28 08:04 . 2012-08-28 08:04        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll

2012-08-28 08:04 . 2012-08-28 08:04        45320        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll

2012-08-28 08:04 . 2012-08-28 08:04        45056        ----a-w-        c:\windows\SysWow64\MACXMLProto.dll

2012-08-28 08:04 . 2012-08-28 08:04        352256        ----a-w-        c:\windows\SysWow64\MSLUR71.dll

2012-08-28 08:04 . 2012-08-28 08:04        258048        ----a-w-        c:\windows\SysWow64\muzoggsp.ax

2012-08-28 08:04 . 2012-08-28 08:04        245760        ----a-w-        c:\windows\SysWow64\MSCLib.dll

2012-08-28 08:04 . 2012-08-28 08:04        24576        ----a-w-        c:\windows\SysWow64\MASetupCleaner.exe

2012-08-28 08:04 . 2012-08-28 08:04        155648        ----a-w-        c:\windows\SysWow64\MSFLib.dll

2012-08-28 08:04 . 2012-08-28 08:04        131072        ----a-w-        c:\windows\SysWow64\muzmpgsp.ax

2012-08-22 18:12 . 2012-09-12 12:32        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 12:32        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 12:32        376688        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 12:32        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-10 11:44        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 12:32        574464        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 12:32        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2009-10-07 19:12        85768        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]

.

c:\users\PinBack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 961840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R3 abraxas - Bloomberg Service;abraxas - Bloomberg Service;c:\program files (x86)\abraxas\Bloomberg Service\AbrBloomberg.Service.exe [2012-04-03 51200]

R3 abraxas Data Collector Bloomberg API;abraxas - DcBloombergAPI;c:\program files (x86)\abraxas\RiskLine-P\DcBloombergAPI\DcBloomberg.exe [2012-07-06 69120]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 glassfishService;glassfish GlassFish Server;c:\glassfish3\glassfish\domains\glassfish\bin\glassfishServiceService.exe [2012-09-20 30208]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-16 115168]

R3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\oracle\Database\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-02-28 38400]

R3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\oracle\Database\product\11.2.0\dbhome_1\BIN\TNSLSNR  [x]

R3 OracleServiceORCL;OracleServiceORCL;c:\oracle\database\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL [x]

R3 OracleVssWriterORCL;Oracle ORCL VSS Writer Service;c:\oracle\database\product\11.2.0\dbhome_1\bin\OraVSSW.exe ORCL [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]

R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\database\product\11.2.0\dbhome_1\Bin\extjob.exe ORCL [x]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 91864]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 privoxy;Privoxy (privoxy);c:\program files (x86)\Privoxy\privoxy.exe [2011-11-20 359936]

S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe [2009-05-01 77032]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\h14keo50.default\

FF - ExtSQL: 2012-09-04 21:03; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-21 12:13; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

.

.

------- Dateityp-Verknüpfung -------

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

Wow6432Node-HKLM-Run-NPSStartup - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{81CD4D13-C212-4D68-94F5-D7EE9A54EA90}\delldock.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1ClrAgent]

"ImagePath"="c:\oracle\Database\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:c:\oracle\Database\product\11.2.0\dbhome_1\bin\oraclr11.dll\""

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]

"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1TNSListener]

"ImagePath"="c:\oracle\Database\product\11.2.0\dbhome_1\BIN\TNSLSNR "

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-10-23  19:03:02

ComboFix-quarantined-files.txt  2012-10-23 17:03

.

Vor Suchlauf: 13 Verzeichnis(se), 406.707.683.328 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 407.748.214.784 Bytes frei

.

- - End Of File - - 58972A9DDF3060C1B559C0E42A28C609