| Allbande | 17.08.2012 17:22 |
COMBOFIX.TXT Code:
ComboFix 12-08-17.02 - Alexander 17.08.2012 17:53:01.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.4095.2925 [GMT 2:00]
ausgeführt von:: c:\users\Alexander\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alexander\AppData\Local\._Revolution_
c:\users\Alexander\AppData\Roaming\msconfig.ini
c:\windows\SysWow64\drivers\hwinterface.sys
c:\windows\SysWow64\networkdlllsp.dll
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-17 bis 2012-08-17 ))))))))))))))))))))))))))))))
.
.
2012-08-17 16:05 . 2012-08-17 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 18:08 . 2012-08-16 18:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-16 17:14 . 2012-08-16 17:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-16 17:12 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-15 22:47 . 2012-08-17 15:24 -------- d-----w- c:\users\Alexander\AppData\Roaming\KeePass
2012-08-15 21:51 . 2012-08-15 21:51 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2012-08-15 17:17 . 2012-08-15 17:17 -------- d-----w- c:\program files (x86)\WinMerge
2012-08-15 17:17 . 2008-12-21 21:22 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2012-08-15 17:03 . 2012-08-15 18:09 -------- d-----w- c:\users\Alexander\AppData\Roaming\TrueCrypt
2012-08-15 17:01 . 2012-08-15 17:01 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-08-15 17:01 . 2012-08-15 17:03 -------- d-----w- c:\program files\TrueCrypt
2012-08-15 10:59 . 2012-08-15 10:59 -------- d-----w- c:\program files\Recuva
2012-08-15 08:42 . 2012-08-15 12:51 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-14 17:21 . 2012-08-14 17:21 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes
2012-08-14 17:21 . 2012-08-14 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 17:21 . 2012-08-14 17:21 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 17:21 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 16:30 . 2012-08-14 16:30 -------- d-----w- c:\users\Alexander\AppData\Local\GNU
2012-08-14 16:30 . 2012-08-14 16:55 -------- d-----w- c:\users\Alexander\AppData\Roaming\gnupg
2012-08-14 16:30 . 2012-08-14 16:30 -------- d-----w- c:\programdata\GNU
2012-08-14 16:07 . 2012-08-14 16:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-08-14 15:36 . 2012-08-16 18:19 -------- d-----w- C:\_OTL
2012-08-10 11:21 . 2012-08-10 11:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-08 19:31 . 2012-08-08 20:00 -------- d-----w- c:\program files (x86)\MB-Ruler
2012-08-04 14:00 . 2012-08-04 14:00 -------- d-----w- c:\users\Alexander\AppData\Roaming\Lingoes
2012-08-04 14:00 . 2012-08-04 14:00 -------- d-----w- c:\users\Alexander\AppData\Local\Lingoes
2012-08-04 14:00 . 2012-08-04 14:00 -------- d-----w- c:\programdata\Lingoes
2012-08-04 13:30 . 2012-08-04 13:40 -------- d-----w- c:\program files (x86)\Nar Dictionary
2012-08-04 13:30 . 2008-11-18 14:53 218624 ----a-w- c:\windows\SysWow64\WCapture.dll
2012-08-04 13:15 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2012-08-04 13:15 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2012-08-04 13:14 . 2012-08-04 13:14 -------- d-----w- c:\users\Alexander\AppData\Roaming\OCS
2012-08-01 12:15 . 2012-08-01 12:15 -------- d-----w- c:\users\Alexander\AppData\Roaming\CAD-KAS
2012-08-01 12:15 . 2012-08-01 23:51 -------- d-----w- c:\program files (x86)\PDF Editor 3
2012-08-01 12:15 . 2012-08-01 12:15 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2012-07-31 09:17 . 2012-07-31 09:17 119808 ----a-r- c:\users\Alexander\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-31 09:16 . 2012-07-31 09:16 -------- d-----w- c:\users\Alexander\AppData\Roaming\Canneverbe Limited
2012-07-31 09:16 . 2012-07-31 09:16 -------- d-----w- c:\programdata\Canneverbe Limited
2012-07-31 09:16 . 2012-07-31 09:16 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-24 15:00 . 2012-07-24 15:00 -------- d-----w- c:\users\Alexander\.m2
2012-07-24 11:41 . 2012-07-24 12:45 -------- d-----w- c:\program files (x86)\android-sdk
2012-07-24 11:39 . 2012-07-24 15:36 -------- d-----w- c:\users\Alexander\.android
2012-07-24 11:01 . 2012-07-24 11:01 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-24 11:01 . 2012-05-04 16:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-24 11:01 . 2012-07-24 11:01 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-24 11:01 . 2012-07-24 11:01 188912 ----a-w- c:\windows\system32\java.exe
2012-07-24 10:51 . 2012-07-24 10:51 -------- d-----w- c:\program files (x86)\android-sdk-windows
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 15:09 . 2012-04-01 16:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 15:09 . 2011-05-18 15:24 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 20:24 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-24 20:24 . 2009-08-18 09:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-11 11:34 . 2010-10-10 10:09 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 20:06 . 2010-10-11 14:22 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-11 11:39 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 11:31 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:31 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:31 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:30 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:31 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:31 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:30 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 11:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 11:33 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 11:33 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 11:33 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 11:33 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 11:33 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 11:33 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 11:33 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 11:33 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 11:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 11:33 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 11:33 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 11:33 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 11:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 11:33 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 11:33 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 11:33 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 11:33 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 11:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 11:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 11:31 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:31 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:31 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:31 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:31 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:31 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:31 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:31 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:31 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Timerle"="c:\program files (x86)\Timerle\Timerle.exe" [2006-02-19 160899]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2011-01-07 1992704]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Apache2.2;Apache2.2;c:\program files (x86)\xampp\xampp\apache\bin\httpd.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 cpuz134;cpuz134;c:\users\Alexander\Downloads\pc-wizard_2010.1.961\pcwiz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 13312]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-27 270912]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys [2011-11-03 21984]
S2 DRHMSR64;DRHMSR64;c:\windows\system32\drivers\DRHMSR64.sys [2011-12-06 14760]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2010-11-22 23040]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: Interfaces\{9E886633-3C63-4DB1-8DC6-E9BD28CCE249}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\si9npmx2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.diedudes.org/news.php
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4051122581-733451636-1599817466-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d1,5d,f1,af,3a,ad,7e,da,df,dc,bc,9c,6c,9b,60,38,ea,33,d3,75,8f,3a,bd,
b7,6b,26,e5,9d,2d,09,b0,44,3c,1d,66,ce,e9,37,7e,91,2c,7a,0d,75,0d,54,3b,50,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-4051122581-733451636-1599817466-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,35,ca,b6,cd,46,78,01,28,4c,ab,0b,a8,ab,c5,1e,3c,10,de,92,a9,
25,36,bf,0c,c6,d7,8b,03,e7,05,ea,ad,6c,01,8a,66,c2,ef,31,c5,f1,4f,c7,2f,69,\
"rkeysecu"=hex:f3,f8,f0,1e,c2,ff,bb,5b,70,fe,e2,c1,f1,ac,8b,ed
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-17 18:12:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-17 16:12
.
Vor Suchlauf: 28.875.014.144 bytes free
Nach Suchlauf: 28.527.427.584 bytes free
.
- - End Of File - - A90FFBE16978152FCD2C3BA29FA2BA54
Add-Remove Programs.txt Code:
7-Zip 4.65
AAVUpdateManager
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
Akamai NetSession Interface
Akamai NetSession Interface Service
Bass Audio Decoder (remove only)
Bastion
Batman: Arkham Asylum GOTY Edition
BioShock
BrettspielWelt
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Canon CanoScan Toolbox 4.1
CCS64 V3.7
CD Audio Reader Filter (remove only)
CDBurnerXP
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes Online Launcher (THQ)
DAEMON Tools Lite
DCoder Image Source (remove only)
DirectVobSub (remove only)
Dr. Hardware 2012 12.0d
Dragon Age: Origins
DScaler 5 Mpeg Decoders
Emu64 V4.30
EVEREST Home Edition v2.20
Fallout 3
ffdshow [rev 3124] [2009-11-03]
FFMPEG Core Files (remove only)
Firebird SQL Server - MAGIX Edition
Free YouTube Download version 3.0.18.1123
Gabest MPEG Splitter (remove only)
GameMaker 8.1
GIMP 2.6.11
Google Earth Plug-in
Google Update Helper
GPL Ghostscript Lite 8.70
Haali Media Splitter
Heroes of Might and Magic V
Heroes of Newerth
InlineTranslate für Firefox
IrfanView (remove only)
Java Auto Updater
Java(TM) 7 Update 5
JDownloader
JPG to PDF Converter 1.0
KeePass Password Safe 2.19
Last.fm 1.5.4.27091
Left 4 Dead 2
LIMBO
Logitech MouseWare 9.80
LogMeIn Hamachi
MAGIX Music Maker 16 Premium Download Version
MAGIX Screenshare
MAGIX Speed burnR
Malwarebytes Anti-Malware Version 1.62.0.1300
Maxima 5.25.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MiKTeX 2.9
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 10.0 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA PhysX
OpenOffice.org 3.2
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
OpenTTD 1.1.1
PDF Editor 3
PDF24 Creator 2.8.6
Prince of Persia Warrior Within
Rainy Screensaver 2.2.16
RandomFill 1.1
ReaConverter 6.0 Pro
RealMedia (remove only)
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SHOUTcast Source (remove only)
Sid Meier's Civilization V
SIW version 2011.09.16
Skat-Online V9
Skype™ 5.10
Steam
Steuer-Spar-Erklärung 2011
Steuer-Spar-Erklärung 2012
Tail for Win32
Tanascius
TeamSpeak 3 Client
Terraria
TeXnicCenter Version 1.0 Stable RC1
Text-To-Speech-Runtime
Timerle 1.04
Trine 2
TrueCrypt
Vegas Movie Studio 9.0
Vessel
VLC media player 1.1.11
W² Random Playlist Creator
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Erkennungs-Plug-in
Windows 7 USB/DVD Download Tool
Windows Media Player Firefox Plugin
WinMerge 2.12.4
WinSCP 4.2.9
Wolfenstein - Enemy Territory
World of Warcraft
World of Warcraft(R): Cataclysm(TM) MMO Gaming Mouse
XChat 2 (remove only)
Yahoo! Detect
Zoom Player (remove only)
BTW: Das schien mir noch wichtig. Ich kann die Windows Firewall nicht ein- oder ausschlalten: Es erscheint folgende Meldung: http://s16.postimage.org/4zti612v9/e...s_firewall.jpg |
