Trojaner-Board - Problem mit Internet-Verbindung

et voila ...
Code:
ComboFix 13-07-20.03 - Andreas 21.07.2013   9:25.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4092.2371 [GMT 2:00]

ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\wininit.ini

.

c:\windows\SysWow64\user32.dll . . . ist infiziert!!

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-06-21 bis 2013-07-21  ))))))))))))))))))))))))))))))

.

.

2013-07-21 08:01 . 2013-07-21 08:01        --------        d-----w-        c:\users\Public\AppData\Local\temp

2013-07-21 08:01 . 2013-07-21 08:01        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-07-21 08:01 . 2013-07-21 08:01        --------        d-----w-        c:\users\AppData\AppData\Local\temp

2013-07-17 17:35 . 2013-07-17 17:35        --------        d-----w-        c:\program files\7-Zip

2013-07-15 16:53 . 2013-07-15 16:53        --------        d-----w-        C:\RegBackup

2013-07-15 16:00 . 2013-07-15 18:42        181064        ----a-w-        c:\windows\PSEXESVC.EXE

2013-07-11 19:13 . 2013-07-11 19:12        312232        ----a-w-        c:\windows\system32\javaws.exe

2013-07-11 19:12 . 2013-07-11 19:12        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2013-07-11 19:12 . 2013-07-11 19:12        189352        ----a-w-        c:\windows\system32\javaw.exe

2013-07-11 19:12 . 2013-07-11 19:12        188840        ----a-w-        c:\windows\system32\java.exe

2013-07-11 19:12 . 2013-07-11 19:12        --------        d-----w-        c:\program files\Java

2013-07-11 07:37 . 2013-07-11 07:37        --------        d-----w-        C:\FRST

2013-07-11 07:35 . 2013-05-08 04:18        1706496        ----a-w-        c:\windows\system32\WMVDECOD.DLL

2013-07-11 07:35 . 2013-05-08 04:04        1548288        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL

2013-07-11 07:35 . 2013-06-04 02:03        2775040        ----a-w-        c:\windows\system32\win32k.sys

2013-07-09 18:48 . 2013-07-09 18:48        478        ----a-w-        c:\windows\DeleteOnReboot.bat

2013-07-09 18:21 . 2013-07-09 18:21        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-09 18:03 . 2013-07-11 19:12        972712        ----a-w-        c:\windows\system32\deployJava1.dll

2013-07-09 18:03 . 2013-07-11 19:12        1093032        ----a-w-        c:\windows\system32\npDeployJava1.dll

2013-07-03 16:02 . 2013-07-03 16:04        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2013-06-30 22:45 . 2013-06-30 22:46        --------        d-----w-        c:\program files (x86)\Mozilla Firefox(132)

2013-06-27 14:52 . 2013-07-16 21:12        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird 16

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-11 19:07 . 2012-08-18 18:25        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-11 19:07 . 2011-05-31 06:56        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-11 09:03 . 2006-11-02 12:35        78185248        ----a-w-        c:\windows\system32\mrt.exe

2013-07-09 18:21 . 2012-08-18 17:52        867240        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2013-07-09 18:21 . 2010-05-12 05:05        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-05-16 20:40 . 2010-06-24 09:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-08 04:50 . 2013-06-12 07:47        1423720        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-05-02 04:16 . 2013-06-12 07:47        686080        ----a-w-        c:\windows\system32\win32spl.dll

2013-05-02 04:04 . 2013-06-12 07:47        443904        ----a-w-        c:\windows\SysWow64\win32spl.dll

2013-05-02 04:03 . 2013-06-12 07:47        37376        ----a-w-        c:\windows\SysWow64\printcom.dll

2013-04-24 04:09 . 2013-06-12 07:48        174592        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-04-24 04:09 . 2013-06-12 07:48        132096        ----a-w-        c:\windows\system32\cryptnet.dll

2013-04-24 04:09 . 2013-06-12 07:48        1269248        ----a-w-        c:\windows\system32\crypt32.dll

2013-04-24 04:09 . 2013-06-12 07:48        50688        ----a-w-        c:\windows\system32\certenc.dll

2013-04-24 04:00 . 2013-06-12 07:48        985600        ----a-w-        c:\windows\SysWow64\crypt32.dll

2013-04-24 04:00 . 2013-06-12 07:48        133120        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2013-04-24 04:00 . 2013-06-12 07:48        98304        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2013-04-24 04:00 . 2013-06-12 07:48        41984        ----a-w-        c:\windows\SysWow64\certenc.dll

2013-04-24 02:10 . 2013-06-12 07:48        1078272        ----a-w-        c:\windows\system32\certutil.exe

2013-04-24 01:46 . 2013-06-12 07:48        812544        ----a-w-        c:\windows\SysWow64\certutil.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        130736        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        130736        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        130736        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        130736        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-10 345144]

.

c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe;c:\program files (x86)\AAVUpdateManager\aavus.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 10:11        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 19:07]

.

2010-07-06 c:\windows\Tasks\{05622D7C-E102-421F-B9BD-F587BF569F37}.job

- c:\program files (x86)\mozilla firefox\firefox.exe [2013-05-24 14:21]

.

2010-07-06 c:\windows\Tasks\{26D45942-2C27-4338-93C2-049F1A435729}.job

- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]

.

2010-07-06 c:\windows\Tasks\{5B63F7D2-B10D-4B25-BCB3-4D2BBBDB9ABC}.job

- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]

.

2010-07-06 c:\windows\Tasks\{6E02B945-C0CE-453A-9BA6-230DC76E1BAC}.job

- c:\program files (x86)\mozilla firefox\firefox.exe [2013-05-24 14:21]

.

2011-04-01 c:\windows\Tasks\{83EBD7E3-5521-4D5A-897A-E105084669EA}.job

- c:\program files (x86)\mozilla firefox\firefox.exe [2013-05-24 14:21]

.

2009-05-18 c:\windows\Tasks\{B9B31758-9ABD-4FBC-875D-D4AA867B25D5}.job

- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        164016        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        164016        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        164016        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        164016        ----a-w-        c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-03 442368]

"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]

"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 790552]

"Ocs_SM"="c:\users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://webzugang.brnet.de/dana-na/auth/url_default/welcome.cgi

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com

mStart Page = 

mDefault_Page_URL = 

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\

FF - prefs.js: browser.search.selectedEngine - Google Default

FF - prefs.js: browser.startup.homepage - hxxp://tagesschau.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Audiograbber - c:\program files (x86)\Audiograbber\Uninstall.exe

AddRemove-Audiograbber-Lame - c:\program files (x86)\Audiograbber\Lame-Uninstall.exe

AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe

AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe

AddRemove-Winamp - c:\programme\Winamp\UninstWA.exe

AddRemove-WinRAR archiver - c:\programme\WinRaR\uninstall.exe

AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Dokan\DokanLibrary\mounter.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\SMINST\BLService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-07-21  10:12:03 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-07-21 08:12

ComboFix2.txt  2013-01-09 19:13

.

Vor Suchlauf: 20 Verzeichnis(se), 191.295.139.840 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 191.189.057.536 Bytes frei

.

- - End Of File - - E1AB5C5D92196C0024C4743D0383BA48

48E3F1D37D7213D84BE3E5B9893067F6