Trojaner-Board - Google chrom offnet sich unkontrolliert

Code:

RogueKiller V8.6.11 _x64_ [Sep 11 2013] durch Tigzy

mail: tigzyRK<at>gmail<dot>com
 

mail : tigzyRK<at>gmail<dot>com

Kommentare : hxxp://www.adlice.com/forum/

Webseite : hxxp://www.adlice.com/softwares/roguekiller/

Blog : hxxp://tigzyrk.blogspot.com/
 

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Gestartet in : Normaler Modus

Benutzer : bob [Admin Rechte]

Funktion : Scannen -- Datum : 09/12/2013 21:11:06

| ARK || FAK || MBR |
 

¤¤¤ Böswillige Prozesse : 1 ¤¤¤

[SUSP PATH] NIRCMD.exe -- C:\Windows\NIRCMD.exe [x] -> GELÖSCHT [TermThr]
 

¤¤¤ Registry-Einträge : 5 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> GEFUNDEN

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> GEFUNDEN

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
 

¤¤¤ Geplante Tasks : 0 ¤¤¤
 

¤¤¤ Autostart-Einträge : 0 ¤¤¤
 

¤¤¤ Web-Browsern : 0 ¤¤¤
 

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
 

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
 

¤¤¤ Externe Hives: ¤¤¤
 

¤¤¤ Infektion :  ¤¤¤
 

¤¤¤ Hosts-Datei: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts
 
 

127.0.0.1       localhost
 
 

¤¤¤ MBR überprüfen: ¤¤¤
 

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++

--- User ---

[MBR] c90dd1f6db71dfc05d2ccf9413a95945

[BSP] 07035b8de983a85744001f121d30edea : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 699416 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1432813568 | Size: 15685 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 3d27731d1309ad1b3c19abeadc234650

[BSP] 07035b8de983a85744001f121d30edea : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77823 Mo

1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159791104 | Size: 400 Mo
 

Abgeschlossen : << RKreport[0]_S_09122013_211106.txt >>

RKreport[0]_S_09122013_151154.txt

Code:

RogueKiller V8.6.11 _x64_ [Sep 11 2013] durch Tigzy

mail: tigzyRK<at>gmail<dot>com
 

mail : tigzyRK<at>gmail<dot>com

Kommentare : hxxp://www.adlice.com/forum/

Webseite : hxxp://www.adlice.com/softwares/roguekiller/

Blog : hxxp://tigzyrk.blogspot.com/
 

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Gestartet in : Normaler Modus

Benutzer : bob [Admin Rechte]

Funktion : Entfernen -- Datum : 09/12/2013 21:14:20

| ARK || FAK || MBR |
 

¤¤¤ Böswillige Prozesse : 1 ¤¤¤

[SUSP PATH] NIRCMD.exe -- C:\Windows\NIRCMD.exe [x] -> GELÖSCHT [TermThr]
 

¤¤¤ Registry-Einträge : 5 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> GELÖSCHT

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> GELÖSCHT

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Das System kann die angegebene Datei nicht finden. 

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
 

¤¤¤ Geplante Tasks : 0 ¤¤¤
 

¤¤¤ Autostart-Einträge : 0 ¤¤¤
 

¤¤¤ Web-Browsern : 0 ¤¤¤
 

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
 

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
 

¤¤¤ Externe Hives: ¤¤¤
 

¤¤¤ Infektion :  ¤¤¤
 

¤¤¤ Hosts-Datei: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts
 
 

127.0.0.1       localhost
 
 

¤¤¤ MBR überprüfen: ¤¤¤
 

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++

--- User ---

[MBR] c90dd1f6db71dfc05d2ccf9413a95945

[BSP] 07035b8de983a85744001f121d30edea : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 699416 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1432813568 | Size: 15685 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 3d27731d1309ad1b3c19abeadc234650

[BSP] 07035b8de983a85744001f121d30edea : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77823 Mo

1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159791104 | Size: 400 Mo
 

Abgeschlossen : << RKreport[0]_D_09122013_211420.txt >>

RKreport[0]_S_09122013_151154.txt;RKreport[0]_S_09122013_211106.txt

Code:

ComboFix 13-09-12.01 - bob 12.09.2013  21:17:08.3.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8140.6032 [GMT 2:00]

ausgeführt von:: c:\users\bob\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-08-12 bis 2013-09-12  ))))))))))))))))))))))))))))))

.

.

2013-09-12 19:22 . 2013-09-12 19:22        --------        d-----w-        c:\users\Public\AppData\Local\temp

2013-09-12 19:22 . 2013-09-12 19:22        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-09-12 05:21 . 2013-09-12 05:21        --------        d-----w-        c:\users\bob\AppData\Local\FalloutNV

2013-09-09 16:07 . 2013-09-09 16:07        --------        d-----w-        c:\programdata\Malwarebytes

2013-09-09 16:07 . 2013-09-09 16:41        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-09-08 15:55 . 2013-09-08 15:55        --------        d-----w-        c:\users\bob\AppData\Roaming\The Creative Assembly

2013-09-07 10:20 . 2013-09-07 10:20        --------        d-----w-        c:\users\bob\AppData\Local\QtWeb.NET

2013-09-07 10:20 . 2013-09-07 10:20        --------        d-----w-        c:\program files (x86)\QtWeb

2013-09-03 21:56 . 2013-09-03 21:56        --------        d--h--w-        c:\windows\PIF

2013-09-03 21:52 . 2013-09-03 21:52        --------        d-----w-        c:\program files\7-Zip

2013-09-03 21:51 . 2009-03-18 16:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys

2013-09-03 21:51 . 2013-09-03 21:51        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2013-09-03 21:51 . 2013-09-09 17:08        --------        d-----w-        c:\users\bob\AppData\Local\LogMeIn Hamachi

2013-09-03 21:25 . 2013-09-03 21:25        --------        d-----w-        c:\users\bob\AppData\Local\Fallout3

2013-09-02 20:03 . 2013-09-03 10:48        --------        d-----w-        c:\users\bob\AppData\Local\My Games

2013-09-02 16:01 . 2013-09-02 16:01        --------        d-----w-        c:\users\bob\AppData\Local\Mozilla

2013-09-02 12:32 . 2013-09-02 12:32        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2013-09-02 12:32 . 2013-09-02 12:32        --------        d-----r-        c:\program files (x86)\Skype

2013-09-02 12:26 . 2013-09-02 12:26        --------        d-----w-        c:\users\bob\AppData\Local\LogiShrd

2013-09-02 12:23 . 2013-09-02 12:23        --------        d-----w-        c:\users\bob\AppData\Roaming\Leadertech

2013-09-02 12:22 . 2013-09-02 12:23        --------        d-----w-        c:\program files (x86)\Common Files\LogiShrd

2013-09-02 12:22 . 2013-09-02 12:22        --------        d-----w-        c:\program files\Logitech

2013-09-02 12:22 . 2013-09-02 12:22        --------        d-----w-        c:\program files\Common Files\Logishrd

2013-09-02 12:21 . 2013-09-02 12:21        --------        d-----w-        c:\users\bob\AppData\Local\Downloaded Installations

2013-09-02 12:21 . 2013-09-02 12:22        --------        d-----w-        c:\programdata\LogiShrd

2013-09-01 16:52 . 2013-09-06 18:38        --------        d-----w-        c:\users\bob\AppData\Roaming\Skype

2013-09-01 16:52 . 2013-09-02 12:32        --------        d-----w-        c:\programdata\Skype

2013-09-01 16:23 . 2013-09-01 16:23        --------        d-----w-        c:\users\bob\AppData\Roaming\LolClient

2013-09-01 14:07 . 2013-09-01 14:07        --------        d-----w-        c:\users\bob\AppData\Roaming\.minecraft

2013-09-01 14:01 . 2013-09-01 14:07        --------        d-----w-        c:\users\bob\AppData\Roaming\ftblauncher

2013-09-01 13:58 . 2008-07-12 06:18        467984        ----a-w-        c:\windows\SysWow64\d3dx10_39.dll

2013-09-01 13:58 . 2008-07-12 06:18        1493528        ----a-w-        c:\windows\SysWow64\D3DCompiler_39.dll

2013-09-01 13:58 . 2008-07-12 06:18        3851784        ----a-w-        c:\windows\SysWow64\D3DX9_39.dll

2013-09-01 13:57 . 2013-09-01 13:57        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin

2013-09-01 13:55 . 2013-09-01 13:55        --------        d-----w-        c:\users\bob\AppData\Local\Evernote

2013-09-01 13:35 . 2013-09-01 13:35        --------        d-----w-        c:\users\bob\unifl_registry_backup

2013-09-01 13:31 . 2013-09-01 13:31        0        ----a-w-        c:\windows\ativpsrm.bin

2013-09-01 13:29 . 2013-09-01 13:29        --------        d-----w-        c:\program files\Common Files\ATI Technologies

2013-09-01 13:29 . 2013-09-01 13:29        --------        d-----w-        c:\program files (x86)\Common Files\ATI Technologies

2013-09-01 13:26 . 2013-09-01 13:26        --------        d-----w-        c:\program files\ATI

2013-09-01 13:25 . 2013-09-01 13:28        --------        d-----w-        c:\program files\ATI Technologies

2013-09-01 12:50 . 2013-09-01 12:50        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2013-09-01 12:50 . 2013-09-01 12:50        --------        d--h--w-        c:\programdata\Common Files

2013-09-01 12:49 . 2013-09-01 13:11        --------        d-----w-        c:\program files (x86)\Driver Fusion

2013-09-01 12:49 . 2013-09-01 12:49        --------        d-----w-        c:\users\bob\AppData\Roaming\OpenCandy

2013-09-01 12:20 . 2013-09-01 13:57        --------        d-----w-        C:\AI_RecycleBin

2013-09-01 12:20 . 2013-09-01 12:20        --------        d-----w-        C:\Riot Games

2013-09-01 12:17 . 2013-09-12 19:11        --------        d-----w-        c:\users\bob\AppData\Local\PMB Files

2013-09-01 12:17 . 2013-09-12 19:11        --------        d-----w-        c:\programdata\PMB Files

2013-09-01 12:17 . 2013-09-01 12:17        --------        d-----w-        c:\program files (x86)\Pando Networks

2013-09-01 12:17 . 2013-09-01 12:17        --------        d-----w-        c:\users\bob\AppData\Roaming\Riot Games

2013-08-30 18:10 . 2013-08-30 18:10        --------        d-----w-        c:\users\bob\AppData\Local\The Witcher 2

2013-08-28 16:19 . 2013-08-28 16:19        --------        d-----w-        c:\programdata\AMD

2013-08-28 16:19 . 2013-08-28 16:19        --------        d-----w-        c:\program files (x86)\AMD AVT

2013-08-28 16:09 . 2013-03-29 03:13        222720        ----a-w-        c:\windows\system32\clinfo.exe

2013-08-28 16:09 . 2013-03-29 03:13        64000        ----a-w-        c:\windows\system32\OVDecode64.dll

2013-08-28 16:09 . 2013-03-29 03:12        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll

2013-08-28 16:09 . 2013-03-29 03:09        54784        ----a-w-        c:\windows\system32\OpenCL.dll

2013-08-28 16:09 . 2013-03-29 03:09        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2013-08-28 16:09 . 2013-03-29 03:00        76800        ----a-w-        c:\windows\system32\coinst_12.104.dll

2013-08-28 15:29 . 2013-08-28 15:29        --------        d-----w-        c:\programdata\Synaptics

2013-08-28 11:55 . 2013-09-12 05:34        --------        d-----w-        c:\windows\system32\MRT

2013-08-28 11:47 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll

2013-08-28 11:47 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2013-08-28 11:47 . 2012-08-24 18:13        154480        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2013-08-28 11:47 . 2012-08-24 18:09        458712        ----a-w-        c:\windows\system32\drivers\cng.sys

2013-08-28 11:47 . 2012-08-24 18:05        340992        ----a-w-        c:\windows\system32\schannel.dll

2013-08-28 11:47 . 2012-08-24 18:03        1448448        ----a-w-        c:\windows\system32\lsasrv.dll

2013-08-28 11:47 . 2012-08-24 16:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll

2013-08-28 11:47 . 2012-08-24 16:57        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2013-08-28 11:47 . 2012-08-24 16:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2013-08-28 11:37 . 2013-09-01 13:19        --------        d-----w-        C:\Drivers

2013-08-28 11:10 . 2013-08-28 11:10        715038        ----a-w-        c:\windows\unins000.exe

2013-08-28 11:10 . 2011-12-07 17:37        148992        ----a-w-        c:\windows\system32\lagarith.dll

2013-08-28 11:10 . 2011-12-07 17:32        216064        ----a-w-        c:\windows\SysWow64\lagarith.dll

2013-08-28 11:08 . 2013-08-28 11:08        --------        d-----w-        c:\users\bob\AppData\Roaming\NetBeans

2013-08-28 11:08 . 2013-08-28 11:08        --------        d-----w-        c:\users\bob\AppData\Local\NetBeans

2013-08-28 11:05 . 2013-08-28 11:05        --------        d-----w-        c:\users\bob\AppData\Local\Dxtory Software

2013-08-28 11:05 . 2013-02-15 20:44        8300544        ----a-w-        c:\windows\SysWow64\DxtoryCodec.dll

2013-08-28 11:05 . 2013-02-15 20:44        8043008        ----a-w-        c:\windows\system32\DxtoryCodec.dll

2013-08-28 11:05 . 2013-08-28 11:05        --------        d-----w-        c:\program files (x86)\Dxtory Software

2013-08-28 11:05 . 2013-08-28 11:05        --------        d-----w-        c:\users\bob\AppData\Local\Programs

2013-08-28 10:46 . 2013-08-28 10:48        --------        d-----w-        c:\program files\NetBeans 7.3.1

2013-08-28 10:21 . 2013-08-28 10:21        1093032        ----a-w-        c:\windows\system32\npDeployJava1.dll

2013-08-28 10:21 . 2013-08-28 10:21        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2013-08-28 10:12 . 2013-08-28 11:06        --------        d-----w-        c:\users\bob\.nbi

2013-08-27 13:45 . 2013-08-30 13:07        --------        d-----w-        c:\users\bob\AppData\Roaming\Rogue Legacy

2013-08-27 13:44 . 2013-08-27 13:44        --------        d-----w-        c:\program files (x86)\Microsoft XNA

2013-08-27 13:41 . 2013-08-27 13:41        --------        d-----w-        c:\program files (x86)\Microsoft.NET

2013-08-19 09:38 . 2013-08-19 09:48        --------        d-----w-        c:\program files (x86)\Reise nach Nordland

2013-08-19 09:37 . 2013-08-19 09:37        --------        d-----w-        c:\users\Public\CyberLink

2013-08-19 09:37 . 2013-08-19 09:37        --------        d-----w-        c:\users\bob\AppData\Roaming\CyberLink

2013-08-16 12:34 . 2013-07-09 05:52        224256        ----a-w-        c:\windows\system32\wintrust.dll

2013-08-16 12:34 . 2013-07-09 05:46        184320        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-08-16 12:34 . 2013-07-09 05:46        1472512        ----a-w-        c:\windows\system32\crypt32.dll

2013-08-16 12:34 . 2013-07-09 05:46        139776        ----a-w-        c:\windows\system32\cryptnet.dll

2013-08-16 12:34 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll

2013-08-16 12:34 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2013-08-16 12:34 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll

2013-08-16 12:34 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2013-08-16 12:34 . 2013-07-19 01:58        2048        ----a-w-        c:\windows\system32\tzres.dll

2013-08-16 12:34 . 2013-07-19 01:41        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2013-08-16 12:33 . 2013-07-25 09:25        1888768        ----a-w-        c:\windows\system32\WMVDECOD.DLL

2013-08-16 12:33 . 2013-07-25 08:57        1620992        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL

2013-08-16 12:33 . 2013-07-09 05:51        1217024        ----a-w-        c:\windows\system32\rpcrt4.dll

2013-08-16 12:33 . 2013-07-09 04:52        663552        ----a-w-        c:\windows\SysWow64\rpcrt4.dll

2013-08-16 12:33 . 2013-07-06 06:03        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-08-16 12:33 . 2013-06-15 04:32        39936        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-12 13:55 . 2013-08-01 09:23        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-12 13:55 . 2013-08-01 09:23        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-04 11:27 . 2013-08-01 18:49        81112        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-09-04 11:27 . 2013-07-31 17:34        132088        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-09-04 11:27 . 2013-07-31 17:34        105344        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-08-28 10:21 . 2011-03-31 14:01        312232        ----a-w-        c:\windows\system32\javaws.exe

2013-08-28 10:21 . 2011-03-31 14:01        189352        ----a-w-        c:\windows\system32\javaw.exe

2013-08-28 10:21 . 2011-03-31 14:01        188840        ----a-w-        c:\windows\system32\java.exe

2013-08-28 10:21 . 2011-03-31 14:01        972712        ----a-w-        c:\windows\system32\deployJava1.dll

2013-08-02 01:48 . 2013-09-11 08:51        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2013-08-01 09:21 . 2013-08-01 09:21        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-01 09:21 . 2011-03-31 14:01        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-07-31 17:33 . 2013-07-31 17:34        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-07-31 15:28 . 2010-06-24 09:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-14 01:23 . 2013-07-14 01:23        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys

2013-07-14 01:23 . 2013-07-14 01:23        476160        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2013-07-14 01:23 . 2013-07-14 01:23        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2013-07-14 01:23 . 2013-07-14 01:23        357888        ----a-w-        c:\windows\system32\dnsapi.dll

2013-07-14 01:23 . 2013-07-14 01:23        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe

2013-07-14 01:23 . 2013-07-14 01:23        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe

2013-07-14 01:23 . 2013-07-14 01:23        183296        ----a-w-        c:\windows\system32\dnsrslvr.dll

2013-07-14 01:22 . 2013-07-14 01:22        1395712        ----a-w-        c:\windows\system32\mfc42.dll

2013-07-14 01:22 . 2013-07-14 01:22        1359872        ----a-w-        c:\windows\system32\mfc42u.dll

2013-07-14 01:22 . 2013-07-14 01:22        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll

2013-07-14 01:22 . 2013-07-14 01:22        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll

2013-07-14 01:22 . 2013-07-14 01:22        642944        ----a-w-        c:\windows\system32\winload.efi

2013-07-14 01:22 . 2013-07-14 01:22        605552        ----a-w-        c:\windows\system32\winload.exe

2013-07-14 01:22 . 2013-07-14 01:22        566208        ----a-w-        c:\windows\system32\winresume.efi

2013-07-14 01:22 . 2013-07-14 01:22        518672        ----a-w-        c:\windows\system32\winresume.exe

2013-07-14 01:22 . 2013-07-14 01:22        20352        ----a-w-        c:\windows\system32\kdusb.dll

2013-07-14 01:22 . 2013-07-14 01:22        19328        ----a-w-        c:\windows\system32\kd1394.dll

2013-07-14 01:22 . 2013-07-14 01:22        17792        ----a-w-        c:\windows\system32\kdcom.dll

2013-07-14 01:21 . 2013-07-14 01:21        267776        ----a-w-        c:\windows\system32\FXSCOVER.exe

2013-07-14 01:20 . 2013-07-14 01:20        961024        ----a-w-        c:\windows\system32\CPFilters.dll

2013-07-14 01:20 . 2013-07-14 01:20        850944        ----a-w-        c:\windows\SysWow64\sbe.dll

2013-07-14 01:20 . 2013-07-14 01:20        642048        ----a-w-        c:\windows\SysWow64\CPFilters.dll

2013-07-14 01:20 . 2013-07-14 01:20        259072        ----a-w-        c:\windows\system32\mpg2splt.ax

2013-07-14 01:20 . 2013-07-14 01:20        199680        ----a-w-        c:\windows\SysWow64\mpg2splt.ax

2013-07-14 01:20 . 2013-07-14 01:20        1118720        ----a-w-        c:\windows\system32\sbe.dll

2013-07-13 15:48 . 2013-07-13 15:48        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll

2013-07-13 15:48 . 2011-02-02 13:31        505128        ----a-w-        c:\windows\SysWow64\msvcp71.dll

2013-07-13 15:48 . 2011-02-02 13:31        353576        ----a-w-        c:\windows\SysWow64\msvcr71.dll

2013-07-13 15:39 . 2013-07-13 15:39        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-07-13 15:39 . 2013-07-13 15:39        89088        ----a-w-        c:\windows\system32\ie4uinit.exe

2013-07-13 15:39 . 2013-07-13 15:39        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2013-07-13 15:39 . 2013-07-13 15:39        85504        ----a-w-        c:\windows\system32\iesetup.dll

2013-07-13 15:39 . 2013-07-13 15:39        82432        ----a-w-        c:\windows\system32\icardie.dll

2013-07-13 15:39 . 2013-07-13 15:39        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2013-07-13 15:39 . 2013-07-13 15:39        76800        ----a-w-        c:\windows\system32\tdc.ocx

2013-07-13 15:39 . 2013-07-13 15:39        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll

2013-07-13 15:39 . 2013-07-13 15:39        65024        ----a-w-        c:\windows\system32\pngfilt.dll

2013-07-13 15:39 . 2013-07-13 15:39        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx

2013-07-13 15:39 . 2013-07-13 15:39        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll

2013-07-13 15:39 . 2013-07-13 15:39        534528        ----a-w-        c:\windows\system32\ieapfltr.dll

2013-07-13 15:39 . 2013-07-13 15:39        49664        ----a-w-        c:\windows\system32\imgutil.dll

2013-07-13 15:39 . 2013-07-13 15:39        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2013-07-13 15:39 . 2013-07-13 15:39        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-07-13 15:39 . 2013-07-13 15:39        452608        ----a-w-        c:\windows\system32\dxtmsft.dll

2013-07-13 15:39 . 2013-07-13 15:39        448512        ----a-w-        c:\windows\system32\html.iec

2013-07-13 15:39 . 2013-07-13 15:39        403248        ----a-w-        c:\windows\system32\iedkcs32.dll

2013-07-13 15:39 . 2013-07-13 15:39        39936        ----a-w-        c:\windows\system32\iernonce.dll

2013-07-13 15:39 . 2013-07-13 15:39        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat

2013-07-13 15:39 . 2013-07-13 15:39        367104        ----a-w-        c:\windows\SysWow64\html.iec

2013-07-13 15:39 . 2013-07-13 15:39        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll

2013-07-13 15:39 . 2013-07-13 15:39        30720        ----a-w-        c:\windows\system32\licmgr10.dll

2013-07-13 15:39 . 2013-07-13 15:39        282112        ----a-w-        c:\windows\system32\dxtrans.dll

2013-07-13 15:39 . 2013-07-13 15:39        267776        ----a-w-        c:\windows\system32\ieaksie.dll

2013-07-13 15:39 . 2013-07-13 15:39        249344        ----a-w-        c:\windows\system32\webcheck.dll

2013-07-13 15:39 . 2013-07-13 15:39        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2013-07-13 15:39 . 2013-07-13 15:39        222208        ----a-w-        c:\windows\system32\msls31.dll

2013-07-13 15:39 . 2013-07-13 15:39        197120        ----a-w-        c:\windows\system32\msrating.dll

2013-07-13 15:39 . 2013-07-13 15:39        165888        ----a-w-        c:\windows\system32\iexpress.exe

2013-07-13 15:39 . 2013-07-13 15:39        163840        ----a-w-        c:\windows\system32\ieakui.dll

2013-07-13 15:39 . 2013-07-13 15:39        161792        ----a-w-        c:\windows\SysWow64\msls31.dll

2013-07-13 15:39 . 2013-07-13 15:39        160256        ----a-w-        c:\windows\system32\wextract.exe

2013-07-13 15:39 . 2013-07-13 15:39        160256        ----a-w-        c:\windows\system32\ieakeng.dll

2013-07-13 15:39 . 2013-07-13 15:39        152064        ----a-w-        c:\windows\SysWow64\wextract.exe

2013-07-13 15:39 . 2013-07-13 15:39        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2013-07-13 15:39 . 2013-07-13 15:39        149504        ----a-w-        c:\windows\system32\occache.dll

2013-07-13 15:39 . 2013-07-13 15:39        145920        ----a-w-        c:\windows\system32\iepeers.dll

2013-07-13 15:39 . 2013-07-13 15:39        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-07-13 15:39 . 2013-07-13 15:39        12288        ----a-w-        c:\windows\system32\mshta.exe

2013-07-13 15:39 . 2013-07-13 15:39        11776        ----a-w-        c:\windows\SysWow64\mshta.exe

2013-07-13 15:39 . 2013-07-13 15:39        114176        ----a-w-        c:\windows\system32\admparse.dll

2013-07-13 15:39 . 2013-07-13 15:39        111616        ----a-w-        c:\windows\system32\iesysprep.dll

2013-07-13 15:39 . 2013-07-13 15:39        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2013-07-13 15:39 . 2013-07-13 15:39        10752        ----a-w-        c:\windows\system32\msfeedssync.exe

2013-07-13 15:39 . 2013-07-13 15:39        103936        ----a-w-        c:\windows\system32\inseng.dll

2013-07-13 15:39 . 2013-07-13 15:39        101888        ----a-w-        c:\windows\SysWow64\admparse.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-06 1811368]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-04 347192]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2008-11-7 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]

R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]

R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

R4 CLKMSVC10_38F51D56;CyberLink Product - 2013/07/13 17:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]

R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01 13:55]

.

2013-09-09 c:\windows\Tasks\HPCeeScheduleForbob.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://www.google.at/

uLocal Page = c:\windows\system32\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll

Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-Reise nach Nordland - c:\windows\IsUn0407.exe

AddRemove-{967E55B4-6DDD-4A2F-BFC7-07F1E327971E}_is1 - c:\program files (x86)\7DaysToDie-Alpha\unins000.exe

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-09-12  21:25:10

ComboFix-quarantined-files.txt  2013-09-12 19:25

ComboFix2.txt  2013-09-07 15:40

.

Vor Suchlauf: 19 Verzeichnis(se), 602.377.183.232 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 602.370.838.528 Bytes frei

.

- - End Of File - - FB3695C8CEB5ADEBC3EF67053DBE642B