| H4rdDiskDriv | 26.06.2012 14:06 |
Nachdem der Rechner neugestartet hat kam ne Fehlermeldung:
c:\program files (x86)\avira\antivir desktop\lpmGui.exe
Es wurde versucht, einem Registrierungsschlüssel in einem unzulässigem Vorgang zu unterziehen, der zum Löschen markiert wurde. Code:
ComboFix 12-06-26.01 - Benni 26.06.2012 14:36:13.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.2470 [GMT 2:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Benni\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ130
-------\Service_cpuz130
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-26 bis 2012-06-26 ))))))))))))))))))))))))))))))
.
.
2012-06-25 08:07 . 2012-06-25 08:07 -------- dc----w- C:\_OTL
2012-06-22 22:46 . 2012-06-22 22:46 -------- dc----w- C:\TDSS
2012-06-22 15:17 . 2012-06-22 15:17 -------- d-----w- c:\users\Benni\AppData\Roaming\Malwarebytes
2012-06-22 15:16 . 2012-06-22 15:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 15:16 . 2012-06-23 08:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 17:53 . 2012-06-23 08:03 -------- dc----w- C:\Games
2012-06-21 10:03 . 2012-06-21 10:11 -------- d-----w- c:\users\Benni\AppData\Roaming\pdfforge
2012-06-21 10:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-21 10:03 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-21 10:03 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-06-21 10:03 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-06-21 10:03 . 2012-06-21 10:03 -------- d-----w- c:\program files (x86)\PDFCreator
2012-06-21 10:03 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-06-21 10:03 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-06-11 22:17 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-11 22:17 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-06-11 11:46 . 2012-06-11 11:46 -------- d-----w- c:\users\Benni\AppData\Local\Macromedia
2012-06-08 17:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CF7CD86-7F5D-478B-806F-3BB74D1C682B}\mpengine.dll
2012-06-07 14:25 . 2012-06-07 14:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 14:25 . 2012-06-07 14:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 15:43 . 2012-06-06 15:43 -------- d-----w- c:\programdata\Battle.net
2012-06-02 17:37 . 2009-12-05 17:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-06-02 17:37 . 2012-06-02 17:37 -------- d-----w- c:\program files (x86)\ffdshow
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 12:48 . 2010-08-19 16:46 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-06-11 11:45 . 2012-04-02 19:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 11:45 . 2011-06-08 16:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-04 11:59 . 2012-03-08 14:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-04 11:59 . 2012-03-08 14:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-23 23:29 . 2012-05-23 23:29 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 23:29 . 2012-01-14 08:28 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 21:48 . 2012-04-02 19:48 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 20:34 . 2012-04-06 20:34 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-04-04 16:47 . 2012-05-21 14:24 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2011-08-27 16:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-01 21:40 . 2012-04-01 21:40 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-01 21:39 . 2012-04-01 21:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_08.41.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 00:35 . 2012-06-26 12:23 91836 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-26 12:23 40452 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-18 11:44 . 2012-06-26 12:23 16432 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-598987727-3280365519-1545562274-1001_UserData.bin
- 2010-01-28 21:57 . 2012-06-25 02:08 3752 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-01-28 21:57 . 2012-06-26 01:11 3752 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-26 12:48 . 2012-06-26 12:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 08:41 . 2012-06-25 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 08:41 . 2012-06-25 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-26 12:48 . 2012-06-26 12:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-25 14:14 625010 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-05 15:09 625010 c:\windows\system32\perfh009.dat
- 2009-12-28 12:26 . 2012-06-05 15:09 664868 c:\windows\system32\perfh007.dat
+ 2009-12-28 12:26 . 2012-06-25 14:14 664868 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-05 15:09 110648 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-25 14:14 110648 c:\windows\system32\perfc009.dat
- 2009-12-28 12:26 . 2012-06-05 15:09 135004 c:\windows\system32\perfc007.dat
+ 2009-12-28 12:26 . 2012-06-25 14:14 135004 c:\windows\system32\perfc007.dat
+ 2012-06-10 03:20 . 2012-06-26 12:47 877808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-10 03:20 . 2012-06-25 08:23 877808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-25 08:23 351644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-26 12:47 351644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-29 20:41 . 2012-06-26 12:47 61862340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-598987727-3280365519-1545562274-1001-12288.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2010-12-23 3344384]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2012-05-23 5208928]
"Xvid"="c:\program files (x86)\XviD\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-04 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.exe - Verknüpfung.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-04 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-10-21 73728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-28 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23&v=10.2.0.3&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\e9koplpd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/|hxxp://ts6.travian.de/dorf1.php
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3789daa5-d450-42db-ab92-525375a232f9%7D&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-03-22%2015%3A23%3A38&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ba,cc,d6,33,5d,6d,c2,9b,20,2e,2f,32,9a,52,cd,eb,5f,58,35,46,99,a2,32,
7a,bc,ca,ef,66,6e,7e,8c,77,82,5f,4f,f0,a3,a6,70,2e,c9,33,69,ec,49,4c,ea,c5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\License information*]
"datasecu"=hex:11,86,7a,b0,b7,81,06,bc,e8,7a,ef,aa,47,ec,f7,ec,87,4c,be,de,8c,
d6,90,59,e4,94,07,f4,3a,82,ae,20,90,7e,29,75,82,d0,f8,2e,8f,e2,2d,82,59,75,\
"rkeysecu"=hex:5e,77,cf,8f,e9,3c,8e,63,76,b9,f2,ef,ec,45,bd,78
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-26 15:02:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-26 13:02
ComboFix2.txt 2012-06-25 19:56
ComboFix3.txt 2012-06-25 14:52
ComboFix4.txt 2012-06-25 08:46
.
Vor Suchlauf: 18 Verzeichnis(se), 354.323.529.728 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 354.065.870.848 Bytes frei
.
- - End Of File - - 409BBABDDD18AB232359CE2F4EB349DE
|
