so
Das ist die Datei die am Ende ausgegeben wurde
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-02-01.01 - Sca 01.02.2012 16:24:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2237 [GMT 1:00]
ausgeführt von:: c:\users\Sca\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sca\Desktop\Setup.exe
G:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-01 bis 2012-02-01 ))))))))))))))))))))))))))))))
.
.
2012-02-01 15:16 . 2012-02-01 15:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD80D29F-B5E7-44D7-85D7-BC62DDD85ED7}\offreg.dll
2012-02-01 15:10 . 2012-02-01 15:19 -------- d-----w- C:\_OTL
2012-01-31 13:46 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD80D29F-B5E7-44D7-85D7-BC62DDD85ED7}\mpengine.dll
2012-01-28 14:40 . 2012-01-28 14:40 -------- d-----w- c:\program files (x86)\Veetle
2012-01-11 06:54 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:54 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 06:54 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 06:54 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 06:54 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:54 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 06:54 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:54 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 15:21 . 2012-01-07 15:21 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 15:21 . 2012-01-07 15:21 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-07 15:21 . 2012-01-07 15:21 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 15:21 . 2012-01-07 15:21 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:39 . 2011-09-07 20:47 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-14 17:50 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 13:41 . 2011-11-23 13:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-23 13:41 . 2011-11-23 13:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-23 13:41 . 2011-11-23 13:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-23 13:41 . 2011-11-23 13:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-23 13:41 . 2011-11-23 13:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-23 13:41 . 2011-11-23 13:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-23 13:41 . 2011-11-23 13:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-23 13:41 . 2011-11-23 13:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-23 13:41 . 2011-11-23 13:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-23 13:41 . 2011-11-23 13:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-23 13:41 . 2011-11-23 13:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-23 13:41 . 2011-11-23 13:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-23 13:41 . 2011-11-23 13:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-23 13:41 . 2011-11-23 13:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 13:41 . 2011-11-23 13:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-23 13:41 . 2011-11-23 13:41 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-23 13:41 . 2011-11-23 13:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-23 13:41 . 2011-11-23 13:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-23 13:41 . 2011-11-23 13:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-23 13:41 . 2011-11-23 13:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 13:41 . 2011-11-23 13:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-23 13:41 . 2011-11-23 13:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-23 13:41 . 2011-11-23 13:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-23 13:41 . 2011-11-23 13:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-23 13:41 . 2011-11-23 13:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-23 13:41 . 2011-11-23 13:41 448512 ----a-w- c:\windows\system32\html.iec
2011-11-23 13:41 . 2011-11-23 13:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-23 13:41 . 2011-11-23 13:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-23 13:41 . 2011-11-23 13:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-23 13:41 . 2011-11-23 13:41 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-23 13:41 . 2011-11-23 13:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-23 13:41 . 2011-11-23 13:41 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-23 13:41 . 2011-11-23 13:41 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-23 13:41 . 2011-11-23 13:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-23 13:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-23 13:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-17 20:54 . 2011-09-07 20:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-14 17:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 17:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 02:02 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 02:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 02:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 02:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 02:02 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 02:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 02:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 02:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-07 3077528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Facebook Update"="c:\users\Sca\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-12 137536]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"EADM"="d:\program files (x86)\Origin\Origin.exe" [2011-09-23 27763336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-07 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
c:\users\Sca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sca\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-09-07 340136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-07 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-07 428200]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-10 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-10 381248]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [x]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000Core.job
- c:\users\Sca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 11:15]
.
2012-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3472669657-3745622161-1674079058-1000UA.job
- c:\users\Sca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 11:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-09 01:54 167416 ----a-w- c:\users\Sca\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-05-18 310784]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-05-18 158208]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://startsear.ch/?aff=1&cf=0cb7fe67-1399-11e1-8ca2-002215439681
mStart Page = hxxp://startsear.ch/?aff=1&cf=0cb7fe67-1399-11e1-8ca2-002215439681
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Sca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sca\AppData\Roaming\Mozilla\Firefox\Profiles\m2rtfyre.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=0cb7fe67-1399-11e1-8ca2-002215439681&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-01 16:30:20
ComboFix-quarantined-files.txt 2012-02-01 15:30
.
Vor Suchlauf: 9 Verzeichnis(se), 50.690.134.016 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 50.179.768.320 Bytes frei
.
- - End Of File - - FEC5F79196AD52033A823B69B494B094
--- --- ---
01.02.2012, 16:32
Das ist die Datei die am Ende ausgegeben wurde 
Baum-Darstellung