| Dexteron | 08.12.2012 16:13 |
Schritt 1: ok
Schritt 2: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.9.9 (12.08.2012:3)
OS: Windows 7 Professional x64
Ran by *** on 08.12.2012 at 15:23:15,89
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-765039588-535241434-544004008-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_current_user\software\zugo"
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\***\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\softonic"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7cit0qvn.default\user.js
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7cit0qvn.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7cit0qvn.default\searchplugins\yahoo-zugo.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com"
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7cit0qvn.default\extensions\ffxtlbra@softonic.com
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7cit0qvn.default\prefs.js
user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2319825.CTID", "CT2319825");
user_pref("CT2319825.CurrentServerDate", "30-5-2010");
user_pref("CT2319825.DialogsAlignMode", "LTR");
user_pref("CT2319825.EMailNotifierPollDate", "Sun May 30 2010 13:55:13 GMT+0200");
user_pref("CT2319825.FeedLastCount128902288263982011", 0);
user_pref("CT2319825.FeedLastCount129056115025381886", 0);
user_pref("CT2319825.FeedLastCount129098533413278042", 0);
user_pref("CT2319825.FeedLastCount129125391839060113", 0);
user_pref("CT2319825.FeedLastCount129136397984372631", 60);
user_pref("CT2319825.FeedPollDate11908299", "Sun May 30 2010 13:55:21 GMT+0200");
user_pref("CT2319825.FeedPollDate128902288263982011", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.FeedPollDate129056115025381886", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.FeedPollDate129098533413278042", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.FeedPollDate129125391839060113", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.FeedPollDate129136397985935164", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.FeedPollDate129136397985935165", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.FeedPollDate129136397985935166", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.FeedTTL129136397985935164", 40);
user_pref("CT2319825.FeedTTL129136397985935165", 40);
user_pref("CT2319825.FeedTTL129136397985935166", 40);
user_pref("CT2319825.FirstServerDate", "30-5-2010");
user_pref("CT2319825.FirstTime", true);
user_pref("CT2319825.FirstTimeFF3", true);
user_pref("CT2319825.FixPageNotFoundErrors", true);
user_pref("CT2319825.GroupingServerCheckInterval", 1440);
user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2319825.Initialize", true);
user_pref("CT2319825.InitializeCommonPrefs", true);
user_pref("CT2319825.InstalledDate", "Sun May 30 2010 13:55:11 GMT+0200");
user_pref("CT2319825.InvalidateCache", false);
user_pref("CT2319825.IsGrouping", false);
user_pref("CT2319825.IsMulticommunity", false);
user_pref("CT2319825.IsOpenThankYouPage", false);
user_pref("CT2319825.IsOpenUninstallPage", true);
user_pref("CT2319825.LanguagePackLastCheckTime", "Sun May 30 2010 13:55:18 GMT+0200");
user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2319825.LastLogin_2.5.8.6", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("CT2319825.LatestVersion", "2.1.0.18");
user_pref("CT2319825.Locale", "de");
user_pref("CT2319825.LoginCache", 4);
user_pref("CT2319825.MCDetectTooltipHeight", "83");
user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2319825.MCDetectTooltipWidth", "295");
user_pref("CT2319825.RadioIsPodcast", false);
user_pref("CT2319825.RadioLastCheckTime", "Sun May 30 2010 13:55:14 GMT+0200");
user_pref("CT2319825.RadioLastUpdateIPServer", "3");
user_pref("CT2319825.RadioLastUpdateServer", "129089199971230000");
user_pref("CT2319825.RadioMediaID", "11949532");
user_pref("CT2319825.RadioMediaType", "Media Player");
user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
user_pref("CT2319825.RadioStationName", "1Live");
user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
user_pref("CT2319825.SHRINK_TOOLBAR", 1);
user_pref("CT2319825.SavedHomepage", "www.gidf.de");
user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2319825.SearchFromAddressBarIsInit", true);
user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
user_pref("CT2319825.SearchInNewTabEnabled", true);
user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun May 30 2010 13:55:13 GMT+0200");
user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SettingsCheckIntervalMin", 120);
user_pref("CT2319825.SettingsLastCheckTime", "Sun May 30 2010 13:55:07 GMT+0200");
user_pref("CT2319825.SettingsLastUpdate", "1274806145");
user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun May 30 2010 13:55:07 GMT+0200");
user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1274806145");
user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2319825.UserID", "UN35165272629889513");
user_pref("CT2319825.ValidationData_Toolbar", 1);
user_pref("CT2319825.WeatherNetwork", "");
user_pref("CT2319825.WeatherPollDate", "Sun May 30 2010 13:55:21 GMT+0200");
user_pref("CT2319825.WeatherUnit", "C");
user_pref("CT2319825.alertChannelId", "715912");
user_pref("CT2319825.clientLogIsEnabled", true);
user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2319825.myStuffEnabled", true);
user_pref("CT2319825.myStuffPublihserMinWidth", 400);
user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://widgets.tictacti.com/Shared/Apps/GameArcade/Games.html?ctId=CT2319825", "278x237");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://widgets.tictacti.com/Shared/Apps/GameArcade/Games.html?ctId=CT2319825", "1000x720");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun May 30 2010 13:55:13 GMT+0200");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
user_pref("CommunityToolbar.twitter.user_45621383.LastCheckTime", "Sun May 30 2010 13:55:12 GMT+0200");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109980&babsrc=NT_ss&mntrId=4ac61fbf000000000000bc0543051b85");
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"ffxtlbr@babylon.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extension
user_pref("extensions.softonic.admin", false);
user_pref("extensions.softonic.aflt", "SD");
user_pref("extensions.softonic.cntry", "DE");
user_pref("extensions.softonic.dfltLng", "DE");
user_pref("extensions.softonic.dfltSrch", false);
user_pref("extensions.softonic.envrmnt", "production");
user_pref("extensions.softonic.excTlbr", false);
user_pref("extensions.softonic.hdrMd5", "5BD3DA94A2FDB51053DB2B6158F05A80");
user_pref("extensions.softonic.hmpg", false);
user_pref("extensions.softonic.id", "4ac61fbf000000000000000fb599d236");
user_pref("extensions.softonic.instlDay", "15363");
user_pref("extensions.softonic.instlRef", "MON00052");
user_pref("extensions.softonic.isdcmntcmplt", true);
user_pref("extensions.softonic.lastVrsnTs", "1.5.11.519:20:03");
user_pref("extensions.softonic.mntrvrsn", "1.3.0");
user_pref("extensions.softonic.newTab", false);
user_pref("extensions.softonic.noFFXTlbr", false);
user_pref("extensions.softonic.prdct", "softonic");
user_pref("extensions.softonic.prtnrId", "softonic");
user_pref("extensions.softonic.sg", "az");
user_pref("extensions.softonic.smplGrp", "eng7");
user_pref("extensions.softonic.tlbrId", "base");
user_pref("extensions.softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00052/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.softonic.updateRunOnce", true);
user_pref("extensions.softonic.updateRunOnce1", true);
user_pref("extensions.softonic.vrsn", "1.5.11.5");
user_pref("extensions.softonic.vrsnTs", "1.5.11.519:20:03");
user_pref("extensions.softonic.vrsni", "1.5.11.5");
user_pref("extensions.softonic_i.aflt", "SD");
user_pref("extensions.softonic_i.dfltLng", "de");
user_pref("extensions.softonic_i.excTlbr", false);
user_pref("extensions.softonic_i.id", "4ac61fbf000000000000000fb599d236");
user_pref("extensions.softonic_i.instlDay", "15363");
user_pref("extensions.softonic_i.instlRef", "MON00052");
user_pref("extensions.softonic_i.newTab", false);
user_pref("extensions.softonic_i.prdct", "softonic");
user_pref("extensions.softonic_i.prtnrId", "softonic");
user_pref("extensions.softonic_i.smplGrp", "eng7");
user_pref("extensions.softonic_i.tlbrId", "eng7");
user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00052/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
user_pref("extensions.softonic_i.vrsnTs", "1.5.11.519:20:03");
user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.12.2012 at 15:38:22,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schritt 3: geklappt
Schritt 4: Code:
Combofix Logfile:
Code:
ComboFix 12-12-07.01 - *** 08.12.2012 15:49:33.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6147 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Panda Internet Security 2011 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2011 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Internet Security 2011 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xmlB0B1.tmp
c:\programdata\xmlBD44.tmp
c:\programdata\xmlC39E.tmp
c:\users\***\AppData\Roaming\88ab8f72.dat
c:\users\***\AppData\Roaming\AcroIEHelpe.txt
c:\users\***\AppData\Roaming\srvblck5.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-08 bis 2012-12-08 ))))))))))))))))))))))))))))))
.
.
2012-12-08 14:23 . 2012-12-08 14:23 -------- d-----w- c:\windows\ERUNT
2012-12-08 14:23 . 2012-12-08 14:23 -------- d-----w- C:\JRT
2012-12-07 16:05 . 2012-12-07 16:05 -------- d-----w- C:\FRST
2012-12-02 22:49 . 2012-12-02 23:30 -------- d-----w- c:\programdata\HitmanPro
2012-12-01 23:08 . 2012-12-08 14:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F952A6FB-6BC9-4D6D-8F4A-DBD780A35542}\offreg.dll
2012-11-26 20:52 . 2012-11-26 20:52 -------- d-----w- c:\users\***\AppData\Roaming\Canneverbe Limited
2012-11-26 20:52 . 2012-11-26 20:52 -------- d-----w- c:\programdata\Canneverbe Limited
2012-11-26 20:52 . 2012-11-26 20:52 -------- d-----w- c:\program files (x86)\CDBurnerXP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 10:13 . 2012-04-10 20:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-26 10:13 . 2011-05-29 09:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2012-09-21 08:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 11:16 . 2012-09-21 11:16 133248 ----a-w- c:\windows\system32\drivers\dnelwf64.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2011-09-05 984576]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Terminkalender2.lnk - c:\softwarenetz\Terminkalender2\kalender2.exe [2011-6-24 2502752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 cpuz130;cpuz130;c:\users\THORST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys [2011-05-18 58368]
R3 GPU-Z;GPU-Z;c:\users\THORST~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-04 1255736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [2008-08-04 1075712]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-02 834544]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [2010-06-22 30792]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-04-16 1263200]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [2009-10-27 48136]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-16 3246040]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [2010-05-21 65608]
S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [2010-02-18 118280]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2010-10-04 15928]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-07-30 119632]
S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [2009-09-25 82952]
S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [2009-09-25 31752]
S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [2009-09-25 78856]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [2009-09-25 12:54 170504]
S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe [2010-08-16 28992]
S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [2009-09-25 74760]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-04-16 285280]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-30 20552]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 714368]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\DRIVERS\n64i1642.sys [2010-02-18 214536]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:13]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 00:18]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 00:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2011-05-25 49152]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = fritz.box;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6124B780-E1F5-4C27-8D22-685920D660D1}: NameServer = 192.168.0.10
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7cit0qvn.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Tactical_Sailing_de - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-765039588-535241434-544004008-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f5,b1,04,29,40,fa,29,84,78,48,71,29,1e,6e,62,96,4b,1c,00,27,c5,dc,b6,
1c,8a,f9,71,59,35,d2,9c,45,30,6f,d9,49,a7,3e,3b,e8,d5,69,3c,1b,d5,23,14,5f,\
"??"=hex:10,41,43,6c,93,a9,75,dd,73,b6,8b,20,56,40,8f,6a
.
[HKEY_USERS\S-1-5-21-765039588-535241434-544004008-1000\Software\SecuROM\License information*]
"datasecu"=hex:e2,ed,ea,fc,50,3d,cd,6a,3f,72,6f,cf,c5,1e,f4,d6,2f,b6,8e,e5,72,
b2,df,fe,dc,78,4c,e2,16,7b,ef,f6,aa,c1,c9,38,c7,0b,c2,45,02,a7,ed,81,c7,f7,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\PCTools\EtVv *]
"Language Dir"="c:\\Users\\THORST~1\\AppData\\Local\\Temp\\PC Tools Download Manager\\lang\\"
"Current Language"="DEUTSCH"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe
c:\program files (x86)\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE
c:\program files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
c:\windows\DAODx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-08 16:06:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-08 15:06
.
Vor Suchlauf: 30 Verzeichnis(se), 226.713.329.664 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 226.459.787.264 Bytes frei
.
- - End Of File - - 27D8AB0B436FE55868F811849CC9874C
--- --- ---
Allerdings habe ich jetz iwie auf keine datei mehr zugriff, muss überall "als Admin ausführen" klicken um nicht "zugriff verweigert" zu bekommen |
