So habe ComboFix durchlaufen lassen. Musste aber einmal vorzeitig abbrechen, weil Avira sich beschwert hat. Hatte vergessen den Haken bei Überwachen der Registry zu entfernen. Hoffe das war nicht schlimm. Code:
ComboFix 12-11-28.02 - Dirk 28.11.2012 23:24:34.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.1837 [GMT 1:00]
ausgeführt von:: c:\users\Dirk\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\program files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe
c:\programdata\1&1
c:\programdata\1&1\1&1 SoftPhone\ContextMenuHandler.html
c:\programdata\1&1\1&1 SoftPhone\que\notifyq.dqueue
c:\programdata\1&1\1&1 SoftPhone\que\notifyq.lqueue
c:\programdata\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\programdata\47BDCAD994.sys
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Dirk\AppData\Local\assembly\tmp
c:\users\Dirk\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Dirk\AppData\Local\TempDIR
c:\users\Dirk\AppData\Local\TempDIR\WindowsXP-KB893357-v2-x86-DEU.exe
c:\users\Dirk\AppData\Local\TempDIR\WindowsXP-KB917021-v3-x86-DEU.exe
c:\users\Dirk\AppData\Roaming\1&1
c:\users\Dirk\AppData\Roaming\1&1\1&1 SoftPhone\CurrentLog.txt
c:\users\Dirk\AppData\Roaming\1&1\1&1 SoftPhone\QuickDial.xml
c:\users\Dirk\AppData\Roaming\1&1\1&1 SoftPhone\SipClientHistory.xml
c:\users\Dirk\AppData\Roaming\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\users\Dirk\AppData\Roaming\1&1\1&1 SoftPhone\SipLog.cdb
c:\users\Dirk\AppData\Roaming\1&1\1&1 SoftPhone\SipLog.lck
c:\users\Dirk\AppData\Roaming\1&1\Common\Contacts.cdb
c:\users\Dirk\AppData\Roaming\1&1\Common\Contacts.lck
c:\users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Dirk\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
d:\programme\phonostar-Player\phonostarTimer.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-28 bis 2012-11-28 ))))))))))))))))))))))))))))))
.
.
2012-11-27 15:32 . 2012-10-26 18:01 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-11-27 15:32 . 2012-10-26 17:59 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-11-21 20:50 . 2012-11-23 19:34 -------- d-----w- c:\users\Dirk\AppData\Roaming\Media Player Classic
2012-11-21 20:33 . 2012-11-21 20:33 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-11-21 20:33 . 2012-11-21 20:33 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-17 20:06 . 2012-11-17 20:06 -------- d-----w- c:\users\Dirk\AppData\Roaming\MusE
2012-11-17 20:06 . 2012-11-17 20:06 -------- d-----w- c:\users\Dirk\AppData\Local\MusE
2012-11-15 17:04 . 2012-11-15 17:13 -------- d-----w- c:\users\Dirk\AppData\Roaming\Skype
2012-11-15 17:04 . 2012-11-15 17:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-15 17:04 . 2012-11-15 17:04 -------- d-----r- c:\program files (x86)\Skype
2012-11-15 17:04 . 2012-11-15 17:04 -------- d-----w- c:\programdata\Skype
2012-11-14 14:39 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-14 14:39 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 14:39 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 14:39 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 14:25 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 14:18 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 14:18 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 14:18 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 14:18 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 14:18 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 14:18 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 14:18 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 14:14 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 14:14 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-10 11:23 . 2012-11-10 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-10 11:23 . 2012-11-10 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-10 11:23 . 2012-11-10 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-10 11:23 . 2012-11-10 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-10 11:23 . 2012-11-10 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-10 11:23 . 2012-11-10 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-10 11:23 . 2012-11-10 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-10 11:23 . 2012-11-10 11:23 -------- d-----w- c:\program files (x86)\QuickTime
2012-11-06 15:31 . 2012-11-06 15:31 -------- d-----w- c:\users\Dirk\AppData\Local\Black_Tree_Gaming
2012-11-02 10:49 . 2012-11-06 20:50 -------- d-----w- c:\users\Dirk\AppData\Local\Skyrim
2012-10-31 20:56 . 2012-10-31 20:56 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
2012-10-30 20:21 . 2005-04-03 22:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-10-30 20:21 . 2005-04-03 22:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-10-30 20:21 . 2005-04-03 22:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-10-30 20:21 . 2005-04-03 22:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-10-30 20:21 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-10-30 20:21 . 2005-04-03 22:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-10-30 20:21 . 2012-10-30 20:21 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-10-30 20:21 . 2012-10-30 20:21 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 14:19 . 2010-03-20 20:13 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-13 15:29 . 2012-10-16 13:47 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-13 15:29 . 2012-10-16 13:47 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-12 18:02 . 2012-04-24 15:39 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-12 18:02 . 2011-05-19 16:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 18:00 . 2012-10-26 18:00 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-09-29 18:54 . 2011-07-25 19:47 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 21:16 . 2012-10-22 15:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-24 07:58 . 2012-10-16 13:47 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-19 15:57 . 2012-09-19 15:57 17896 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-09-14 19:19 . 2012-10-11 08:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 08:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-06 14:48 . 2012-03-16 12:10 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-06 14:48 . 2011-07-17 18:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-11 08:51 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-03 09:16 175400 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-08-10 09:59 3100288 ----a-w- d:\programme\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 16:17 222712 ----a-w- c:\users\Dirk\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 16:17 222712 ----a-w- c:\users\Dirk\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 16:17 222712 ----a-w- c:\users\Dirk\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Dirk\AppData\Local\Apps\2.0\HW2HGARV.XEZ\3MDA28PK.PWM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-02-23 147456]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-11 39408]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"Ubuntu One"="c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-08-15 47304]
"Ubuntu One Icon"="c:\program files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-08-15 40136]
"SkyDrive"="c:\users\Dirk\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
"Wallpaper4U"="d:\programme\Wallpaper4U\Wallpaper4U.exe" [2007-05-05 1167360]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-09 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5082488]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"CloneCDTray"="d:\programme\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"CherryConfigDlg"="c:\program files (x86)\Cherry\SmartDevice\ConfigDlg.exe" [2008-07-14 606208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"ZoneAlarm"="d:\programme\CheckPoint\ZoneAlarm\zatray.exe" [2012-06-01 73392]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Reader Application Helper"="d:\programme\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-07-12 892928]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-28 384800]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="d:\programme\real player\Update\realsched.exe" [2012-11-21 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Dirk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Wallpaper4U.lnk - d:\programme\Wallpaper4U\Wallpaper4U.exe [2007-5-5 1167360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk.disabled [2011-9-7 956]
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R0 TwkMs;CHIPDRIVE Mouse Adapter; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]
R3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader;c:\windows\system32\DRIVERS\TwkUsb2K.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-15 343856]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [2010-11-12 196992]
R3 PCTINDIS4;PCTINDIS4 NDIS Protocol Driver;c:\windows\system32\PCTINDIS4.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 S332x64;SPRx3x USB SmartCard Reader;c:\windows\system32\DRIVERS\S332x64.sys [2011-08-11 77952]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\programme\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe [2009-06-13 68760]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TWKSER2K;CHIPDRIVE Serial SmartCardReader;c:\windows\system32\DRIVERS\TWKSER2K.sys [x]
R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\DRIVERS\U6000ALL.sys [2010-01-14 276480]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 43792]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 18288]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-04-08 37392]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-03-21 1455648]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-21 2326920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-28 85280]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-04-30 33672]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-04-30 827520]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-07-14 211232]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-10-22 11576]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;d:\programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TMPService;TrafficMonitor Packettreiber Initialisierung;d:\programme\NetStat4Win\TMPacketServiceInit.exe [2010-01-04 692808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 Virtual Router;VirtualRouterService;d:\programme\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-21 250400]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-03-20 116096]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:02]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 16:50]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 16:50]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263986277-1405207633-1788618665-1001Core.job
- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-17 09:49]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263986277-1405207633-1788618665-1001UA.job
- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-17 09:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 16:17 261624 ----a-w- c:\users\Dirk\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 16:17 261624 ----a-w- c:\users\Dirk\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 16:17 261624 ----a-w- c:\users\Dirk\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-04-30 1126528]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1
uInternet Settings,ProxyServer = 24.123.195.115:3128
IE: Alles mit FDM herunterladen - file://d:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\programme\Free Download Manager\dllink.htm
IE: In 1&&1 SoftPhone wählen - c:\programdata\1&1\1&1 SoftPhone\ContextMenuHandler.html
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
IE: Videos mit FDM herunterladen - file://d:\programme\Free Download Manager\dlfvideo.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\b8faeuto.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de&source=iglk
FF - prefs.js: network.proxy.ftp - 71.239.103.253
FF - prefs.js: network.proxy.ftp_port - 34056
FF - prefs.js: network.proxy.http - 178.18.17.250
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 71.239.103.253
FF - prefs.js: network.proxy.socks_port - 34056
FF - prefs.js: network.proxy.ssl - 71.239.103.253
FF - prefs.js: network.proxy.ssl_port - 34056
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-22 20:23; admin@proxy-listen.de; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\b8faeuto.default\extensions\admin@proxy-listen.de.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
Wow6432Node-HKCU-Run-phonostarTimer - d:\programme\phonostar-Player\phonostarTimer.exe
Wow6432Node-HKCU-Run-myscriptstylus.exe - c:\program files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe
Wow6432Node-HKCU-Run-BambooScribe.exe - c:\program files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-phonostar-PlayerTimer - d:\programme\phonostar-Player\phonostarTimer.exe
Wow6432Node-HKLM-Run-BambooCore - e:\programme\Bamboo Dock\BambooCore.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-ksupmgr
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-BTmod - d:\programme\Steam\steamapps\common\Oblivion\Data\BTmod-Uninstall.exe
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-Oblivion mod manager_is1 - d:\programme\Steam\steamapps\common\Oblivion\obmm\uninstall\unins000.exe
AddRemove-pcsx2-r4600 - j:\spiele\Emulatoren\PS2\Uninst-pcsx2-r4600.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-Simon3D - c:\windows\IsUn0407.exe
AddRemove-Unofficial Oblivion Patch_is1 - d:\programme\Steam\steamapps\common\Oblivion\Unofficial Oblivion Patch\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*#ŠGo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*e*i*e*r*èv•m\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*K*o*e*r*p*e*
u•m\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*u*n*g*l*a*‡ïó[\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*cu•m]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*cu•m\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*cu•m]
"0"=hex:66,69,6c,65,3a,2f,2f,2f,48,3a,2f,46,69,6c,6d,65,2f,41,76,61,74,61,72,
2f,41,76,61,74,61,72,32,2f,31,37,25,32,30,2d,25,32,30,44,65,72,25,32,30,4c,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{15AE2FBA-B4B6-4E80-D917-D1C5EF8D7DBC}*]
@Allowed: (Read) (RestrictedCode)
"iammidhgfdgbabbgpd"=hex:6b,61,69,70,64,63,6b,64,61,61,6b,6d,6d,6d,6c,6c,70,61,
61,6a,6e,69,00,00
"haglocgghajckglb"=hex:6b,61,69,70,64,63,6b,64,61,61,6b,6d,6d,6d,6c,6c,70,61,
61,6a,6e,69,00,00
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:89,34,78,ec,7f,3a,46,cc,27,b1,82,75,f3,af,61,ad,a6,5e,33,45,e1,a3,22,
36,2f,9e,da,72,bd,84,ae,be,11,f6,2b,ee,b8,1e,7b,e1,96,b0,4d,38,53,35,f0,49,\
"??"=hex:f5,54,f1,23,dd,6b,80,35,ad,30,d9,73,4f,71,de,4f
.
[HKEY_USERS\S-1-5-21-263986277-1405207633-1788618665-1001\Software\SecuROM\License information*]
"datasecu"=hex:b2,25,45,99,c2,fb,23,bf,a9,bb,ed,22,cf,a1,35,f7,e7,51,95,4e,7f,
71,54,2e,2d,0e,40,1d,f9,62,91,35,ed,cb,bd,76,d9,d3,ec,00,21,00,3c,a4,cc,ed,\
"rkeysecu"=hex:20,a6,c3,91,25,1e,04,0d,32,b3,52,41,82,43,5e,25
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-28 23:49:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-28 22:49
.
Vor Suchlauf: 1.662.050.304 Bytes frei
Nach Suchlauf: 1.624.862.720 Bytes frei
.
- - End Of File - - 64CF7E2725B0ECD1729F6AD73F4085C2 |