Schwerle | 28.12.2013 12:32 | Hi schrauber ich habe den Router 30 Minuten lang vom strom entfehrt und dann ComboFix ausgeführt hier ist das Ergebnis:
#Combofix Logfile: Code:
ComboFix 13-12-26.01 - Dome 28.12.2013 12:13:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6126.4553 [GMT 1:00]
ausgeführt von:: c:\users\Dome\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\users\Dome\AppData\Local\lollipop
c:\users\Dome\AppData\Roaming\chrtmp
c:\windows\wininit.ini
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-28 bis 2013-12-28 ))))))))))))))))))))))))))))))
.
.
2013-12-26 20:26 . 2013-12-26 20:26 -------- d-----w- C:\NVIDIA
2013-12-26 12:03 . 2013-12-26 12:03 -------- d-----w- C:\FRST
2013-12-26 00:40 . 2013-12-26 13:03 -------- d-----w- c:\users\Dome\AppData\Local\DayZ
2013-12-25 23:48 . 2013-12-25 23:48 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-12-25 14:16 . 2013-10-12 01:28 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2013-12-25 14:16 . 2013-10-12 01:28 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-12-25 14:16 . 2013-10-12 01:28 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-12-25 00:59 . 2013-12-25 13:14 -------- d-----w- c:\users\Dome\AppData\Roaming\SleepTimerUltimate
2013-12-24 14:01 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAA165B7-7C48-4266-BBB9-9FB6E435F04C}\mpengine.dll
2013-12-23 20:25 . 2013-12-26 00:54 -------- d-----w- c:\programdata\SecTaskMan
2013-12-23 20:25 . 2013-12-23 20:25 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-12-23 14:25 . 2013-12-23 14:25 -------- d-----w- c:\users\Dome\AppData\Roaming\CyberLink
2013-12-23 14:25 . 2013-12-23 14:25 -------- d-----w- c:\users\Dome\AppData\Local\Cyberlink
2013-12-23 14:21 . 2013-12-23 14:21 -------- d-----w- c:\programdata\Symantec
2013-12-23 14:16 . 2013-12-23 14:16 -------- d-----w- c:\users\Dome\AppData\Local\DownloadGuide
2013-12-23 14:16 . 2013-12-23 14:16 -------- d-----w- c:\users\Dome\AppData\Local\Software Updater
2013-12-23 13:46 . 2013-12-23 13:46 -------- d-----w- c:\users\Dome\AppData\Roaming\InstallShield
2013-12-23 13:43 . 2013-12-23 13:43 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2013-12-23 13:42 . 2013-11-14 11:56 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-12-23 13:42 . 2013-11-14 11:56 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-12-23 13:42 . 2011-01-27 02:05 67176 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-23 13:42 . 2011-01-27 02:05 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-23 13:40 . 2013-12-23 13:40 -------- d-----w- c:\program files\ATI
2013-12-23 13:36 . 2013-12-23 13:36 -------- d-----w- C:\Intel
2013-12-22 15:13 . 2013-12-22 15:13 -------- d-----w- c:\users\Dome\AppData\Roaming\Malwarebytes
2013-12-22 15:13 . 2013-12-22 15:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-22 15:13 . 2013-12-22 15:13 -------- d-----w- c:\programdata\Malwarebytes
2013-12-22 15:13 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-22 14:09 . 2013-12-27 17:53 -------- d-----w- c:\users\Dome\AppData\Local\ElevatedDiagnostics
2013-12-19 19:44 . 2013-12-19 19:44 -------- d-----w- c:\users\Dome\AppData\Local\SoftwareUpdater
2013-12-18 18:26 . 2013-12-20 15:55 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-14 12:40 . 2013-12-14 19:16 2216 ----a-w- c:\windows\system32\ASOROSet.bin
2013-12-12 19:50 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-09 20:54 . 2013-12-25 23:59 -------- d-----w- c:\program files (x86)\Aeria Games
2013-12-09 20:54 . 2013-12-09 20:54 -------- d-----w- c:\users\Dome\AppData\Roaming\Aeria Games & Entertainment
2013-12-09 18:49 . 2013-12-09 18:49 -------- d-----w- c:\users\Dome\AppData\Roaming\Pirrit
2013-12-09 18:32 . 2013-12-25 16:22 -------- d-----w- C:\AeriaGames
2013-12-08 15:57 . 2013-12-08 15:56 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-12-08 15:56 . 2013-12-18 18:25 439648 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2013-12-08 13:16 . 2013-12-08 13:16 -------- d-----w- c:\windows\Migration
2013-12-08 13:08 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-12-07 22:05 . 2013-12-07 22:05 -------- d-----w- c:\users\Dome\AppData\Local\Avg2014
2013-12-07 22:04 . 2013-12-07 22:05 -------- d--h--w- c:\windows\Icons
2013-12-07 21:59 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-12-07 19:26 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-12-07 19:25 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-12-06 19:14 . 2013-12-25 14:15 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-12-06 19:09 . 2013-12-06 19:10 -------- d-----w- c:\users\Dome\AppData\Roaming\Free Sound Recorder
2013-12-06 19:09 . 2005-05-18 10:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2013-12-06 19:09 . 2005-05-17 11:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2013-12-06 19:09 . 2005-04-25 12:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2013-12-06 19:09 . 2005-04-25 12:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2013-12-06 19:09 . 2005-04-15 11:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2013-12-06 19:09 . 2005-04-04 16:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2013-12-06 19:09 . 2005-03-28 14:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2013-12-06 19:09 . 2004-11-04 12:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2013-12-06 19:09 . 2002-01-05 15:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-11-28 15:44 . 2013-11-28 15:44 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-28 01:29 . 2013-10-30 13:48 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-28 01:23 . 2012-10-16 09:20 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-18 18:26 . 2013-11-08 11:54 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-18 18:26 . 2013-11-08 11:54 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-18 18:26 . 2013-11-08 11:54 422216 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-12-18 18:26 . 2013-11-08 11:54 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-18 18:26 . 2012-11-27 16:48 334136 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-18 18:26 . 2013-11-08 11:53 43152 ----a-w- c:\windows\avastSS.scr
2013-12-11 18:20 . 2012-10-27 15:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:20 . 2012-10-27 15:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-08 15:56 . 2013-11-08 11:54 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-01 13:42 . 2012-09-27 17:18 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 11:25 . 2012-09-24 07:22 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-15 14:13 . 2012-10-16 09:27 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-11-14 11:57 . 2013-10-28 23:30 1064224 ----a-w- c:\windows\system32\nvspcap64.dll
2013-11-14 11:57 . 2013-10-28 23:30 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-11-14 11:56 . 2013-11-20 13:52 1242400 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-11-14 11:56 . 2012-10-10 20:23 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:56 . 2013-11-20 13:52 9619872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-11-14 11:56 . 2013-11-20 13:52 11514624 ----a-w- c:\windows\system32\nvopencl.dll
2013-11-14 11:56 . 2013-11-20 13:52 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-11-14 11:56 . 2013-11-20 13:52 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-11-14 11:56 . 2013-11-20 13:52 707360 ----a-w- c:\windows\system32\NvFBC64.dll
2013-11-14 11:56 . 2013-11-20 13:52 657184 ----a-w- c:\windows\system32\NvIFR64.dll
2013-11-14 11:56 . 2013-11-20 13:52 609568 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-11-14 11:56 . 2013-11-20 13:52 562464 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-11-14 11:56 . 2013-11-20 13:52 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-11-14 11:56 . 2013-11-20 13:52 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
2013-11-14 11:56 . 2013-11-20 13:52 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-11-14 11:56 . 2013-11-20 13:52 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
2013-11-14 11:56 . 2012-10-10 20:23 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-14 11:56 . 2012-10-10 20:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-11 15:02 . 2011-01-26 17:52 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2011-01-26 17:52 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2011-01-26 17:53 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2011-01-26 17:53 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2011-01-26 17:53 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-11 15:01 . 2011-01-26 16:53 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-10-03 16:32 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-11-08 11:53 . 2013-11-08 11:54 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-08 11:53 . 2013-11-08 11:54 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-30 13:48 . 2013-10-30 13:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-25 20:50 . 2013-10-25 20:50 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2013-10-23 10:30 . 2013-10-28 23:41 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-10-28 23:41 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-16 00:48 . 2013-10-27 23:40 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
2013-10-16 00:48 . 2013-10-27 23:40 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
2013-10-14 17:00 . 2013-05-08 15:36 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-09-30 07:16 . 2013-10-05 15:57 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-19 3764024]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 PirritUpdater;PirritUpdater;c:\program files (x86)\Pirrit\AutoUpdater.exe;c:\program files (x86)\Pirrit\AutoUpdater.exe [x]
R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\Wolfteam-DE\GameGuard\dump_wmimmc.sys;c:\aeriagames\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0073.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0073.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys;c:\windows\SYSNATIVE\drivers\see.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 wod0205;WeOnlyDo Network Adapter 2.5;c:\windows\system32\DRIVERS\wod0205.sys;c:\windows\SYSNATIVE\DRIVERS\wod0205.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 18:21]
.
2013-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962208086-2550042306-4176666752-1000Core.job
- c:\users\Dome\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 15:50]
.
2013-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962208086-2550042306-4176666752-1000UA.job
- c:\users\Dome\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 15:50]
.
2012-12-31 c:\windows\Tasks\hpwebreg_CN14K3N0N305D1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE64.dll" [2013-12-18 1372864]
.
[HKEY_CLASSES_ROOT\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-19 12:37 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-14 1064224]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {24896211-7A6C-4C7A-A4D9-686B5490B8DC} - hxxp://wk2.gameheart.jp/GameheartWebStart.cab
FF - ProfilePath - c:\users\Dome\AppData\Roaming\Mozilla\Firefox\Profiles\mpjf4wj2.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-11-02 02:11; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-11-15 20:10; {e9876d64-8bac-4287-bdc4-0f0c56804b4f}; c:\users\Dome\AppData\Roaming\Mozilla\Firefox\Profiles\mpjf4wj2.default\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=airmsd&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtCyCyE0DyB0DyE0B0AyCtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1T1L1C1H1B1Q&cr=318048556&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=airmsd&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtCyCyE0DyB0DyE0B0AyCtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1T1L1C1H1B1Q&cr=318048556&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=airmsd&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtCyCyE0DyB0DyE0B0AyCtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1T1L1C1H1B1Q&cr=318048556&ir=&q=
FF - user.js: extensions.mysearchdial.id - F80F41164D7D4BA6
FF - user.js: extensions.mysearchdial.instlDay - 15846
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 7:37
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - airmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - airmsd
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 318048556
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtCyCyE0DyB0DyE0B0AyCtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1T1L1C1H1B1Q
user_pref(extensions.eseeky.hmpgUrl,hxxp://eseeky.com/ws/?source=0e457f76&tbp=homepage&toolbarid=base&u=24b74ba60000000000009444529b4209);
user_pref(extensions.eseeky.srchPrvdr,Search The Web (eseeky));
user_pref(extensions.eseeky.newTabUrl,hxxp://eseeky.com/ws/?source=0e457f76&tbp=homepage&toolbarid=base&u=24b74ba60000000000009444529b4209);
user_pref(extensions.eseeky.newTab,true);
user_pref(extensions.eseeky.rvrt,false);
user_pref(extensions.eseeky.cmpny,eseeky);
user_pref(extensions.eseeky.prdct,eseeky);
user_pref(extensions.eseeky.prtnrId,eseeky);
user_pref(extensions.eseeky.vrsn,1.8.21.26);
user_pref(extensions.eseeky.vrsnTs,);
user_pref(extensions.eseeky.afltId,00006);
user_pref(extensions.eseeky.aflt,00006);
user_pref(extensions.eseeky.smplGrp,none);
user_pref(extensions.eseeky.tlbrId,base);
user_pref(extensions.eseeky.instlRef,0e457f76);
user_pref(extensions.eseeky.dfltLng,);
user_pref(extensions.eseeky.tlbrSrchUrl,hxxp://eseeky.com/ws/?source=0e457f76&tbp=main&toolbarid=base&u=24b74ba60000000000009444529b4209&q=);
user_pref(extensions.eseeky.admin,false);
user_pref(extensions.eseeky.dpblck,);
user_pref(extensions.eseeky.cntry,);
user_pref(extensions.eseeky.id,24b74ba60000000000009444529b4209);
user_pref(extensions.eseeky.hardid,24b74ba60000000000009444529b4209);
user_pref(extensions.eseeky.instlDay,15914);
user_pref(extensions.eseeky.excTlbr,true);
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 24b74ba600000000000000ac17ad889b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15983
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.618:03
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120695&tsp=5026
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=24b74ba60000000000009444529b4209&q=
FF - user.js: extensions.Softonic.id - 24b74ba60000000000009444529b4209
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16045
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1420:10
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=24b74ba60000000000009444529b4209
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=24b74ba60000000000009444529b4209
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Microsoft Visual Basic 2010 Express - DEU - c:\program files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - DEU\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,
ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:dd,3d,85,4b,d5,84,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,fe,b4,b1,be,c8,0c,44,ac,4b,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,fe,b4,b1,be,c8,0c,44,ac,4b,20,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-28 12:22:10
ComboFix-quarantined-files.txt 2013-12-28 11:22
.
Vor Suchlauf: 15 Verzeichnis(se), 122.870.784.000 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 122.788.892.672 Bytes frei
.
- - End Of File - - E2B10676C78C3D64551E07AB9C0A1368 --- --- --- |