slavezero | 12.01.2012 21:35 | ComboFix Log / Das Programm löscht einfach mein Auto IT 3 Script :S
Combofix Logfile: Code:
ComboFix 12-01-12.04 - Ersetzter Name 12.01.2012 21:15:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3959.2747 [GMT 1:00]
ausgeführt von:: c:\users\Ersetzter Name\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ersetzter Name\AHAH.exe
c:\users\Ersetzter Name\AppData\Roaming\chrtmp
c:\users\Ersetzter Name\AutoIt v3 Script (neu).exe
c:\windows\IsUn0407.exe
c:\windows\system32\java.exe
c:\windows\system32\server.log
c:\windows\SysWow64\server.log
D:\setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-12 bis 2012-01-12 ))))))))))))))))))))))))))))))
.
.
2012-01-12 20:24 . 2012-01-12 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 13:54 . 2012-01-12 13:54 -------- d-----w- C:\_OTL
2012-01-11 17:30 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 17:30 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 17:30 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 17:30 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 17:30 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 17:30 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 17:30 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 17:30 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 13:48 . 2011-12-29 00:53 597320 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-01-10 13:12 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB1DBB21-7787-4A1F-826A-63A8AC9F9831}\mpengine.dll
2012-01-09 20:29 . 2012-01-09 20:29 -------- d-----w- c:\program files (x86)\ESET
2012-01-04 19:08 . 2012-01-04 19:17 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-01-03 00:23 . 2012-01-03 00:26 -------- d-----w- C:\8713fcb950e373192c071a78dc91c8ac
2012-01-03 00:22 . 2011-10-19 22:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-03 00:09 . 2012-01-03 00:09 -------- d-----w- c:\programdata\IObit
2012-01-03 00:09 . 2012-01-05 15:19 -------- d-----w- c:\users\Ersetzter Name\AppData\Roaming\IObit
2012-01-03 00:09 . 2012-01-03 00:09 -------- d-----w- c:\program files (x86)\IObit
2012-01-02 22:13 . 2012-01-02 22:13 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-02 22:12 . 2012-01-02 22:12 -------- d-----w- c:\users\Ersetzter Name\AppData\Local\PunkBuster
2012-01-02 22:09 . 2012-01-02 22:13 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-02 22:09 . 2012-01-02 22:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-02 22:00 . 2012-01-02 22:00 -------- d-----w- c:\program files (x86)\EA Games
2012-01-02 13:09 . 2012-01-08 19:47 -------- d-----w- c:\users\UpdatusUser
2012-01-02 13:08 . 2012-01-02 13:09 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-01-02 13:08 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-01-02 13:08 . 2012-01-02 13:08 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-02 13:00 . 2012-01-02 13:00 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-01-02 13:00 . 2012-01-02 13:00 -------- d-----w- c:\users\Ersetzter Name\SystemRequirementsLab
2012-01-01 22:06 . 2012-01-01 22:06 -------- d-----w- c:\program files (x86)\BestGameEver
2011-12-29 22:56 . 2012-01-12 13:57 -------- d-----w- c:\users\Ersetzter Name\AppData\Local\LogMeIn Hamachi
2011-12-29 22:56 . 2011-12-29 22:56 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-28 22:16 . 2011-12-28 22:16 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-12-26 18:00 . 2011-12-26 18:00 -------- d-----w- c:\programdata\Nokia
2011-12-23 09:01 . 2011-12-23 09:01 -------- d-----w- c:\users\Ersetzter Name\AppData\Local\Chromium
2011-12-16 15:14 . 2011-11-04 01:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-16 15:14 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-16 15:14 . 2011-11-03 22:42 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-15 18:01 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 18:01 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 18:01 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 18:01 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 18:00 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 18:00 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 17:16 . 2011-12-15 17:16 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-12-14 20:18 . 2011-12-15 17:49 -------- d-----w- c:\program files (x86)\UltraISO
2011-12-14 19:46 . 2011-12-15 17:49 -------- d-----w- c:\program files (x86)\Diablo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-01-02 08:09 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 22:12 . 2011-12-09 22:12 34064 ----a-w- c:\windows\SysWow64\lhacm.acm
2011-12-04 15:31 . 2011-12-04 15:31 21840 ----a-w- c:\windows\SysWow64\SIntfNT.dll
2011-12-04 15:31 . 2011-12-04 15:31 17212 ----a-w- c:\windows\SysWow64\SIntf32.dll
2011-12-04 15:31 . 2011-12-04 15:31 12067 ----a-w- c:\windows\SysWow64\SIntf16.dll
2011-12-04 15:22 . 2011-12-04 15:22 2829 ----a-w- c:\windows\DIIUnin.pif
2011-12-04 15:22 . 2011-12-04 15:22 102400 ----a-w- c:\windows\DIIUnin.exe
2011-11-28 18:01 . 2011-09-18 10:50 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-09-18 10:50 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-01-19 12:04 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-09-18 10:51 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-09-18 10:51 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-09-18 10:51 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-09-18 10:51 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-09-18 10:51 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-09-18 10:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-22 06:15 . 2011-05-14 08:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 08:53 . 2010-11-11 10:15 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2010-05-22 03:43 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2010-05-22 03:43 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2010-05-22 03:43 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-05-22 03:43 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-05-22 03:43 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2010-05-22 03:43 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-01-03 619352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
R3 X6va005;X6va005;c:\users\Ersetzter Name\AppData\Local\Temp\005EEF4.tmp [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-01-03 494424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DynDNS Updater;DynDNS Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-04-15 93048]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-12-29 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-12-28 329544]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3542729651-2652698517-2674502472-1000Core.job
- c:\users\Ersetzter Name\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 17:39]
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3542729651-2652698517-2674502472-1000UA.job
- c:\users\Ersetzter Name\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 17:39]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 20:32]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-12-28 23:57 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Free YouTube Download - c:\users\Ersetzter Name\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Ersetzter Name\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{C0C48533-4EEF-415C-B2BF-2A19940488FB}: NameServer = 10.74.72.1
FF - ProfilePath - c:\users\Ersetzter Name\AppData\Roaming\Mozilla\Firefox\Profiles\7gh1llr1.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Ersetzter Name\AppData\Local\Temp\005EEF4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3542729651-2652698517-2674502472-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3542729651-2652698517-2674502472-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3542729651-2652698517-2674502472-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,29,ad,1c,ec,93,0e,37,f1,a4,63,88,96,b4,7d,3b,48,a6,23,2c,5c,
ba,dc,f0,49,51,fb,15,78,76,59,13,d8,1a,a9,e7,02,0c,33,54,73,6d,16,2d,73,93,\
"rkeysecu"=hex:b4,b8,10,51,60,ab,94,eb,67,5e,66,f0,20,18,c1,85
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-12 21:30:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-12 20:30
.
Vor Suchlauf: 18 Verzeichnis(se), 395.924.226.048 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 396.067.962.880 Bytes frei
.
- - End Of File - - 65621D36CC6A12AEE984AF2F5E5C110E --- --- --- |