| schustan | 10.10.2012 12:53 |
und das nächste :-) Code:
ComboFix 12-10-09.01 - Andreas 10.10.2012 12:47:02.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4092.2602 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Andreas\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\users\Andreas\Desktop\services.exe --> c:\windows\system32\Services.exe
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-10 bis 2012-10-10 ))))))))))))))))))))))))))))))
.
.
2012-10-10 10:56 . 2012-10-10 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 10:37 . 2012-10-10 10:37 -------- d-----w- C:\TB
2012-10-09 16:14 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E00222FC-A86C-4DD0-99E7-86FF04D7C87F}\mpengine.dll
2012-10-08 14:23 . 2012-10-08 14:23 208216 ----a-w- c:\windows\system32\drivers\54311847.sys
2012-10-08 14:15 . 2012-10-08 15:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-07 20:29 . 2012-10-07 20:29 -------- d-----w- C:\_OTL
2012-10-05 18:39 . 2012-10-05 18:39 -------- d-----w- c:\program files (x86)\ESET
2012-10-05 18:39 . 2012-10-05 18:39 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-04 15:27 . 2012-10-04 15:27 -------- d-----w- c:\users\Andreas\AppData\Roaming\Malwarebytes
2012-10-04 15:26 . 2012-10-04 15:26 -------- d-----w- c:\programdata\Malwarebytes
2012-10-04 15:26 . 2012-10-04 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-04 15:26 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 10:46 . 2012-10-03 10:46 -------- d-----w- c:\program files\Reimage
2012-10-03 09:12 . 2012-10-03 09:12 -------- d-----w- c:\users\Andreas\AppData\Local\Macroplant_LLC
2012-10-03 09:12 . 2012-10-03 09:12 -------- d-----w- c:\program files (x86)\Dokan
2012-10-03 09:12 . 2012-10-03 09:12 -------- d-----w- c:\program files (x86)\Phone Disk
2012-09-30 06:46 . 2012-09-30 06:46 -------- d-----w- c:\users\Andreas\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
2012-09-30 06:46 . 2012-09-30 06:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-09-30 06:46 . 2012-09-30 06:46 -------- d-----w- c:\program files (x86)\GMX SMS-Manager
2012-09-26 19:51 . 2012-09-26 19:51 -------- d-----w- c:\program files (x86)\Bigasoft Audio Converter
2012-09-26 19:46 . 2012-09-26 19:46 -------- d-----w- c:\programdata\AVS4YOU
2012-09-26 19:46 . 2012-09-26 19:46 -------- d-----w- c:\users\Andreas\AppData\Roaming\AVS4YOU
2012-09-26 19:45 . 2012-09-26 19:49 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-09-26 19:44 . 2012-03-26 10:27 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-09-26 19:44 . 2010-11-12 18:18 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-09-26 19:44 . 2010-11-12 18:18 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-09-26 19:43 . 2012-09-26 19:49 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-09-18 18:56 . 2012-09-18 18:56 -------- d-----w- c:\program files (x86)\No.23 Recorder
2012-09-18 18:29 . 2012-09-18 18:29 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-09-18 18:15 . 2012-06-09 17:21 206336 ----a-w- c:\windows\system32\unrar.dll
2012-09-18 18:15 . 2011-12-07 17:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2012-09-18 18:15 . 2012-08-17 18:00 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2012-09-18 18:15 . 2012-09-18 18:15 -------- d-----w- c:\program files\K-Lite Codec Pack x64
2012-09-18 17:24 . 2012-10-08 19:38 -------- d-----w- c:\users\AppData
2012-09-18 17:23 . 2012-09-18 18:12 -------- d-----w- c:\users\Andreas\AppData\Roaming\NCH Software
2012-09-18 17:21 . 2012-09-18 18:12 -------- d-----w- c:\programdata\NCH Software
2012-09-17 10:44 . 2012-09-17 10:44 -------- d-----w- c:\users\Andreas\AppData\Roaming\HandBrake
2012-09-17 10:40 . 2012-09-17 10:41 -------- d-----w- c:\program files (x86)\DVDVideoSoft Free Studio
2012-09-15 15:24 . 2012-09-18 18:14 -------- d-----w- c:\programdata\VistaCodecs
2012-09-15 14:17 . 2012-09-15 14:17 -------- d-----w- c:\users\Andreas\AppData\Roaming\TuneUp Software
2012-09-15 14:16 . 2012-09-15 14:18 -------- d-----w- c:\programdata\TuneUp Software
2012-09-15 14:16 . 2012-09-15 14:16 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-09-15 14:16 . 2012-09-15 14:16 -------- d--h--w- c:\programdata\Common Files
2012-09-15 14:16 . 2009-09-27 07:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2012-09-15 14:16 . 2005-07-14 10:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll
2012-09-15 14:16 . 2004-02-22 08:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2012-09-15 14:16 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2012-09-15 14:16 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2012-09-15 14:16 . 2012-09-15 14:16 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-09-15 14:14 . 2004-07-01 23:00 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2012-09-15 14:13 . 2012-09-15 14:13 -------- d-----w- c:\program files (x86)\eRightSoft
2012-09-15 11:26 . 2012-09-15 11:26 -------- d-----w- c:\programdata\xml_param
2012-09-15 11:22 . 2012-09-15 11:22 -------- d-----w- c:\users\Andreas\AppData\Roaming\iSkysoft Video Converter
2012-09-15 11:22 . 2011-08-31 12:39 892928 ----a-w- c:\windows\SysWow64\iconv.dll
2012-09-15 11:22 . 2011-08-31 12:39 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
2012-09-15 11:22 . 2011-08-31 12:39 496640 ----a-w- c:\windows\SysWow64\xvid.ax
2012-09-15 10:56 . 2012-09-15 10:56 -------- d-----w- c:\program files (x86)\Ashampoo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 10:39 . 2009-05-26 20:40 384512 ----a-w- c:\windows\system32\Services.exe
2012-10-03 10:11 . 2012-08-18 18:25 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 10:11 . 2011-05-31 06:56 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 11:38 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-08-28 18:24 . 2012-08-18 17:52 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2010-05-12 05:05 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Infium"="c:\program files (x86)\QIP 2010\qip.exe" [2011-08-22 6821248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PDFPrint"="c:\program files (x86)\pdf24\pdf24.exe" [2011-12-16 220744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-03-02 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2010-07-06 c:\windows\Tasks\{05622D7C-E102-421F-B9BD-F587BF569F37}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-09-08 09:37]
.
2010-07-06 c:\windows\Tasks\{26D45942-2C27-4338-93C2-049F1A435729}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{5B63F7D2-B10D-4B25-BCB3-4D2BBBDB9ABC}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{6E02B945-C0CE-453A-9BA6-230DC76E1BAC}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-09-08 09:37]
.
2011-04-01 c:\windows\Tasks\{83EBD7E3-5521-4D5A-897A-E105084669EA}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-09-08 09:37]
.
2009-05-18 c:\windows\Tasks\{B9B31758-9ABD-4FBC-875D-D4AA867B25D5}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-03 442368]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 790552]
"Ocs_SM"="c:\users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webzugang.brnet.de/dana-na/auth/url_default/welcome.cgi
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page =
mDefault_Page_URL =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\
FF - prefs.js: browser.startup.homepage - heute.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe
AddRemove-Winamp - c:\programme\Winamp\UninstWA.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-10 13:13:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-10 11:12
ComboFix2.txt 2012-10-09 20:00
ComboFix3.txt 2012-10-08 19:38
.
Vor Suchlauf: 19 Verzeichnis(se), 249.362.980.864 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 250.012.704.768 Bytes frei
.
- - End Of File - - 37D272C0B6A07F79618B318C3C227904
|
aswMBR.exe und speichere die Datei auf deinem Desktop.