ComboFix Log: Code:
ComboFix 12-10-12.01 - steffi 12.10.2012 22:15:12.1.4 - x64 NETWORK
ausgeführt von:: c:\users\steffi\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\zak_lo0i7g.pad
c:\users\Public\invokesi.exe
c:\users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\IsUn0407.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-12 bis 2012-10-12 ))))))))))))))))))))))))))))))
.
.
2012-10-12 20:21 . 2012-10-12 20:27 -------- d-----w- c:\users\steffi\AppData\Local\temp
2012-10-12 20:21 . 2012-10-12 20:21 -------- d-----w- c:\users\Toni\AppData\Local\temp
2012-10-12 20:21 . 2012-10-12 20:21 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\temp
2012-10-12 19:17 . 2012-10-12 19:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-12 11:15 . 2012-10-12 11:15 -------- d-----w- C:\_OTL
2012-10-11 14:19 . 2008-04-14 06:55 20480 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE
2012-10-08 21:42 . 2012-10-08 21:42 -------- d-----w- c:\program files (x86)\ESET
2012-10-08 15:05 . 2012-10-08 15:05 -------- d-----w- c:\users\steffi\AppData\Roaming\Malwarebytes
2012-10-07 23:09 . 2012-10-07 23:09 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Roaming\Simply Super Software
2012-10-07 23:09 . 2012-06-15 14:39 169744 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2012-10-07 23:09 . 2012-06-15 14:35 185616 ----a-w- c:\windows\SysWow64\ztvunrar39.dll
2012-10-07 23:09 . 2012-06-15 14:33 605968 ----a-w- c:\windows\SysWow64\ztv7z.dll
2012-10-07 23:09 . 2012-06-15 14:33 77072 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2012-10-07 23:09 . 2005-08-25 23:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2012-10-07 23:09 . 2003-02-02 18:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-10-07 23:09 . 2002-03-05 23:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-10-07 23:09 . 2012-10-07 23:09 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-10-07 23:09 . 2012-10-07 23:09 -------- d-----w- c:\programdata\Simply Super Software
2012-10-07 20:19 . 2012-10-07 20:19 -------- d-----w- c:\users\steffi\AppData\Local\Systweak
2012-10-07 19:41 . 2012-10-07 22:12 -------- d-----w- c:\users\steffi\AppData\Roaming\Systweak
2012-10-07 19:35 . 2012-10-07 19:35 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\CRE
2012-10-07 18:53 . 2012-10-07 18:53 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Roaming\Malwarebytes
2012-10-07 18:53 . 2012-10-07 18:53 -------- d-----w- c:\programdata\Malwarebytes
2012-10-07 18:53 . 2012-10-08 15:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-07 18:53 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-07 18:30 . 2012-10-07 22:19 1480 ----a-w- c:\windows\system32\ASOROSet.bin
2012-10-07 18:18 . 2012-10-07 18:18 -------- d-----w- c:\programdata\Systweak
2012-10-07 18:18 . 2012-07-24 21:33 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-10-07 18:17 . 2012-10-07 18:18 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Roaming\Systweak
2012-10-07 18:17 . 2012-09-21 10:05 17080 ----a-w- c:\windows\system32\roboot64.exe
2012-10-07 18:17 . 2012-10-07 18:17 -------- d-----w- c:\program files (x86)\RegClean Pro
2012-10-07 17:37 . 2012-10-07 17:37 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\Apple Computer
2012-10-07 17:33 . 2012-10-07 17:33 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-07 10:39 . 2012-10-07 10:39 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\The Lord of the Rings Online
2012-10-07 09:16 . 2012-10-07 09:32 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\Turbine
2012-10-07 09:16 . 2012-10-07 19:39 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\ApplicationHistory
2012-10-07 00:37 . 2012-10-07 00:37 -------- d-----w- c:\program files (x86)\Turbine
2012-10-05 12:26 . 2012-10-05 12:26 -------- d-----w- c:\program files\Realtek
2012-10-05 12:26 . 2012-10-05 12:26 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-10-05 12:24 . 2012-05-17 09:29 141152 ----a-w- c:\windows\system32\R4EEL64A.dll
2012-10-05 12:18 . 2012-10-05 12:18 -------- d-----w- c:\program files (x86)\Realtek
2012-10-05 12:18 . 2012-10-05 12:28 -------- d--h--w- c:\program files (x86)\Temp
2012-10-05 12:18 . 2012-10-07 17:35 -------- d-----w- c:\users\TONI~1~STE
2012-10-05 11:34 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2012-10-05 11:34 . 2012-10-05 11:35 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-10-05 11:27 . 2012-10-05 11:28 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Roaming\vlc
2012-10-05 11:26 . 2012-10-05 11:26 -------- d-----w- c:\program files\VideoLAN
2012-10-05 11:08 . 2012-10-05 11:08 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Roaming\DivX
2012-10-05 11:05 . 2012-10-05 11:05 -------- d-----w- c:\program files (x86)\Lavalys
2012-10-04 19:50 . 2012-10-04 19:51 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Roaming\PCPowerSpeed
2012-10-04 19:48 . 2012-10-04 21:38 -------- d-----w- C:\Herr der Ringe Online
2012-10-04 14:38 . 2012-10-07 16:03 -------- d-----w- c:\users\Toni.steffi-PC\Tracing
2012-10-04 14:37 . 2012-10-04 14:37 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Roaming\AVG2012
2012-10-04 14:37 . 2012-10-04 14:40 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\IM
2012-10-04 14:37 . 2012-10-10 14:56 -------- d-----w- c:\users\Toni.steffi-PC\AppData\Local\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 12:25 . 2008-08-12 21:33 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-07-27 17:29 . 2012-05-25 05:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 17:29 . 2011-07-27 07:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2011-11-22 366024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-12-20 4555072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-26 68856]
"PCSpeedUp"="c:\program files (x86)\PC Beschleunigen\PCSpeedUp.lnk" [2012-01-19 2034]
"Facebook Update"="c:\users\steffi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-09-27 220744]
"PCPowerSpeed"="c:\program files (x86)\PCPowerSpeed\PCPowerTray.exe" [2012-06-21 385696]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\steffi\Desktop\OTL.exe" [2012-10-12 602112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 17:29]
.
2012-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000Core.job
- c:\users\steffi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-10 08:17]
.
2012-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
- c:\users\steffi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-10 08:17]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-16 18:02]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-16 18:02]
.
2012-10-07 c:\windows\Tasks\RegClean Pro.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-10-07 10:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:39 51248 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ocs_SM"="c:\users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-10-22 106496]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 315936]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-27 74752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-27 10721312]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-04 560688]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
FF - ProfilePath - c:\users\steffi\AppData\Roaming\Mozilla\Firefox\Profiles\dqxh7hlm.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-avgnt - c:\avira\AntiVir Desktop\avgnt.exe
Wow6432Node-HKLM-Run-Advanced System Protector_startup - c:\program files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
WebBrowser-{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - (no file)
HKLM-Run-NvSvc - c:\windows\system32\nvsvc64.dll
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-GameSpy Arcade - c:\progra~2\GAMESP~1\UNWISE.EXE
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-FoxTab Music Converter - c:\program files (x86)\FoxTabMusicConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{893A571E-7638-B049-5B37-C4D80F3DC826}*]
"abkkmelcadhncilplppmfkdekffdkkinjb"=hex:6a,61,63,68,68,67,6c,65,6a,64,6d,66,
67,6b,66,6b,65,62,66,6f,00,00
"bbmkkfinhdlpdjoefmkldgdmcmpcglealcnp"=hex:6a,61,61,68,69,66,6a,69,67,6e,6d,6b,
66,6c,66,66,67,68,65,6b,00,00
.
[HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\SecuROM\License information*]
"datasecu"=hex:f1,26,8c,34,62,05,42,46,22,62,11,4e,ec,ca,67,64,95,7a,14,b5,9a,
3b,b5,c9,e1,d6,d1,a6,d7,10,bc,28,d3,61,6e,63,56,f6,09,f9,96,e6,5c,12,88,b4,\
"rkeysecu"=hex:c6,1e,2d,aa,6a,f1,b4,57,db,77,d5,16,71,7a,c6,99
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-12 22:32:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-12 20:32
.
Vor Suchlauf: 19 Verzeichnis(se), 342.390.620.160 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 341.905.862.656 Bytes frei
.
- - End Of File - - 6EFFA15446F066C960CF65876111D90E
|
aswMBR.exe und speichere die Datei auf deinem Desktop.