| Boombastic | 13.02.2012 19:10 |
Combofix Logfile: Code:
ComboFix 12-02-13.01 - Simon 13.02.2012 19:02:37.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4076.2659 [GMT 1:00]
ausgeführt von:: c:\users\Simon\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Simon\Downloads\Cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-13 bis 2012-02-13 ))))))))))))))))))))))))))))))
.
.
2012-02-13 18:05 . 2012-02-13 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 15:37 . 2012-02-13 15:44 -------- d-----w- C:\_OTL
2012-02-10 13:42 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D57BF0E0-12B5-4927-AF9D-9842F6F93E98}\mpengine.dll
2012-02-09 18:33 . 2012-02-09 18:33 -------- d-----w- c:\users\Simon\AppData\Roaming\Wireshark
2012-02-09 18:15 . 2012-02-09 18:15 -------- d-----w- c:\program files (x86)\WinPcap
2012-02-09 18:15 . 2012-02-09 18:15 -------- d-----w- c:\program files\Wireshark
2012-02-09 18:09 . 2012-02-09 18:09 840264 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-09 17:30 . 2012-02-10 13:25 -------- d-----w- c:\users\Simon\AppData\Local\ESN Sonar
2012-02-08 22:54 . 2012-02-08 22:54 58 ----a-w- C:\user.js
2012-02-08 22:54 . 2012-02-08 22:54 -------- d-----w- c:\program files (x86)\Softonic
2012-02-01 22:17 . 2012-02-01 22:17 -------- d-----w- c:\windows\Sun
2012-01-24 14:10 . 2012-01-24 20:18 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-01-18 16:18 . 2012-01-18 16:18 -------- d-----w- c:\users\Simon\AppData\Roaming\EPSON
2012-01-15 12:19 . 2012-01-24 20:17 -------- d-----w- c:\users\Simon\AppData\Roaming\DVDVideoSoft
2012-01-15 12:09 . 2012-01-15 12:09 -------- d-----w- c:\users\Simon\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 17:14 . 2012-01-03 22:55 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-13 17:14 . 2012-01-03 16:41 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-13 17:13 . 2012-01-03 16:41 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-09 18:09 . 2012-01-03 16:41 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-26 23:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-09 16:48 . 2012-01-09 16:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-14 15:57 . 2011-07-11 08:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 15:23 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-09 11:40 . 2011-12-14 15:27 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-09 11:40 . 2011-12-14 15:27 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-09 11:40 . 2011-12-14 15:27 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-24 04:52 . 2011-12-15 14:31 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-10 22:10 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-10 22:10 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 09:28 . 2011-11-17 09:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-17 09:28 . 2011-11-17 09:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-17 09:28 . 2011-11-17 09:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-17 09:28 . 2011-11-17 09:28 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-17 09:28 . 2011-11-17 09:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-17 09:28 . 2011-11-17 09:28 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-17 09:28 . 2011-11-17 09:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-17 09:28 . 2011-11-17 09:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-17 09:28 . 2011-11-17 09:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-17 09:28 . 2011-11-17 09:28 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-17 09:28 . 2011-11-17 09:28 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-17 09:28 . 2011-11-17 09:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-17 09:28 . 2011-11-17 09:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-17 09:28 . 2011-11-17 09:28 448512 ----a-w- c:\windows\system32\html.iec
2011-11-17 09:28 . 2011-11-17 09:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-17 09:28 . 2011-11-17 09:28 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-17 09:28 . 2011-11-17 09:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-17 09:28 . 2011-11-17 09:28 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-17 09:28 . 2011-11-17 09:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-17 09:28 . 2011-11-17 09:28 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-17 09:28 . 2011-11-17 09:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-17 09:28 . 2011-11-17 09:28 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-17 09:28 . 2011-11-17 09:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-17 09:28 . 2011-11-17 09:28 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-17 09:28 . 2011-11-17 09:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-17 09:28 . 2011-11-17 09:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-17 09:28 . 2011-11-17 09:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-17 09:28 . 2011-11-17 09:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-17 09:28 . 2011-11-17 09:28 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-17 09:28 . 2011-11-17 09:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-17 09:28 . 2011-11-17 09:28 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-17 09:28 . 2011-11-17 09:28 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-17 09:28 . 2011-11-17 09:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-17 09:28 . 2011-11-17 09:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-17 06:41 . 2012-01-10 22:10 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-10 22:10 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-13_16.15.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-02-13 18:00 44000 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-13 18:00 30710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-14 20:13 . 2012-02-13 17:58 4746 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-14 15:21 . 2012-02-13 18:00 5922 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2563334624-2375897184-497729389-1001_UserData.bin
+ 2012-02-13 18:06 . 2012-02-13 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 16:15 . 2012-02-13 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-13 18:06 . 2012-02-13 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-13 16:15 . 2012-02-13 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-02-13 18:04 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-13 15:43 615810 c:\windows\system32\perfh009.dat
- 2011-11-14 21:42 . 2012-02-13 15:43 653928 c:\windows\system32\perfh007.dat
+ 2011-11-14 21:42 . 2012-02-13 18:04 653928 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-02-13 15:43 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-13 18:04 106190 c:\windows\system32\perfc009.dat
- 2011-11-14 21:42 . 2012-02-13 15:43 129800 c:\windows\system32\perfc007.dat
+ 2011-11-14 21:42 . 2012-02-13 18:04 129800 c:\windows\system32\perfc007.dat
- 2011-11-17 09:11 . 2012-02-13 16:15 778632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-17 09:11 . 2012-02-13 18:05 778632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-02-13 16:15 276788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-13 18:05 276788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-14 20:13 . 2012-02-13 18:05 9611092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2563334624-2375897184-497729389-1001-8192.dat
- 2011-12-14 20:13 . 2012-02-13 16:15 9611092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2563334624-2375897184-497729389-1001-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-12-27 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-12-27 131072]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-13 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-05-11 11:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4ldyvtww.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 8e43abfe0000000000003860774b1181
FF - user.js: extensions.softonic_i.instlDay - 15378
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.523:54
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - orgnl
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - eng7
FF - user.js: extensions.softonic_i.instlRef - MON00001
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2563334624-2375897184-497729389-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{367E8D88-9EFD-219D-4718-A68298AC7287}*]
"oadpfhfjakplkijchpahdgeoalpgfi"=hex:6a,61,68,63,67,69,67,6f,70,6f,63,6d,63,6d,
63,63,69,61,6d,66,00,00
"nafpibccbgiebklepikdjfbkcgkk"=hex:6a,61,68,63,67,69,67,6f,70,6f,63,6d,63,6d,
63,63,69,61,6d,66,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-13 19:08:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-13 18:08
ComboFix2.txt 2012-02-13 17:57
ComboFix3.txt 2012-02-13 16:18
.
Vor Suchlauf: 13 Verzeichnis(se), 386.664.968.192 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 386.344.267.776 Bytes frei
.
- - End Of File - - 63DCDF202395A1F8E64C177B5F276B4C
--- --- --- |
