[CODE]
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-03-14.01 - Nightvision 14.03.2012 15:06:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8188.6798 [GMT 1:00]
ausgeführt von:: c:\users\Nightvision\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nightvision\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-14 bis 2012-03-14 ))))))))))))))))))))))))))))))
.
.
2012-03-14 14:08 . 2012-03-14 14:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-14 14:08 . 2012-03-14 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 10:08 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:08 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:08 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 10:06 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:06 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:06 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:05 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 10:05 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 10:05 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 10:05 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 10:05 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 10:05 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 10:05 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 15:25 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F5C1470-E283-46A6-87F5-10DDEFC1A829}\mpengine.dll
2012-03-13 15:23 . 2012-03-13 15:23 -------- d-----w- c:\users\Nightvision\AppData\Roaming\Malwarebytes
2012-03-13 15:22 . 2012-03-13 15:22 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 15:22 . 2012-03-13 15:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 15:22 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 14:48 . 2012-03-06 14:48 -------- d-----w- c:\users\Nightvision\AppData\Roaming\WinLernen
2012-02-20 16:11 . 2012-02-20 16:14 -------- d-----w- c:\programdata\Electronic Arts
2012-02-20 16:11 . 2012-02-20 16:11 -------- d-----w- c:\programdata\EA Core
2012-02-19 18:08 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-02-19 17:17 . 2012-02-19 17:17 -------- d-----w- c:\users\Nightvision\AppData\Roaming\elsterformular
2012-02-19 17:17 . 2012-02-19 17:17 -------- d-----w- c:\programdata\elsterformular
2012-02-19 17:16 . 2012-02-19 17:16 -------- d-----w- c:\program files (x86)\ElsterFormular
2012-02-18 15:35 . 2012-02-18 15:35 -------- d-----w- c:\program files\iPod
2012-02-18 15:35 . 2012-02-18 15:35 -------- d-----w- c:\program files\iTunes
2012-02-18 14:53 . 2012-02-18 14:54 -------- d-----w- c:\users\Nightvision\AppData\Local\Darksiders
2012-02-18 14:29 . 2012-02-18 14:29 -------- d-----w- c:\users\Nightvision\AppData\Roaming\AVS4YOU
2012-02-18 14:25 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-02-18 14:25 . 2012-02-18 14:29 -------- d-----w- c:\programdata\AVS4YOU
2012-02-18 14:24 . 2011-06-22 10:32 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-02-18 14:24 . 2011-06-22 10:32 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
2012-02-18 14:24 . 2011-06-22 10:32 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-02-18 14:24 . 2011-06-22 10:32 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-02-18 14:24 . 2011-06-22 10:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-02-18 14:23 . 2012-02-18 14:25 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-02-18 14:23 . 2012-02-18 14:25 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-02-18 12:40 . 2012-02-18 12:40 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2012-02-15 08:46 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 08:46 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 08:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 08:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 08:46 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 08:46 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 08:46 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 09:04 . 2011-12-28 17:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 06:19 . 2012-02-10 06:19 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7555B213-B4C1-4FB9-9BC8-6633528B6CEE}\gapaengine.dll
2012-02-08 07:13 . 2011-12-30 10:40 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-12-28 16:45 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 14:13 . 2011-12-29 14:13 31808 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2011-12-29 13:12 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-29 13:12 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-28 17:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-28 17:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-28 17:27 . 2012-02-10 06:19 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-12-28 17:22 . 2011-12-28 17:22 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2011-12-28 17:22 . 2011-12-28 17:22 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-28 17:00 . 2011-12-28 17:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-28 17:00 . 2011-12-28 17:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-28 17:00 . 2011-12-28 17:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-28 17:00 . 2011-12-28 17:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-28 17:00 . 2011-12-28 17:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-28 17:00 . 2011-12-28 17:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-28 17:00 . 2011-12-28 17:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-28 17:00 . 2011-12-28 17:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-28 17:00 . 2011-12-28 17:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-28 17:00 . 2011-12-28 17:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-28 17:00 . 2011-12-28 17:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-28 17:00 . 2011-12-28 17:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-28 17:00 . 2011-12-28 17:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-28 17:00 . 2011-12-28 17:00 448512 ----a-w- c:\windows\system32\html.iec
2011-12-28 17:00 . 2011-12-28 17:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-28 17:00 . 2011-12-28 17:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-28 17:00 . 2011-12-28 17:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-28 17:00 . 2011-12-28 17:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-28 17:00 . 2011-12-28 17:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-28 17:00 . 2011-12-28 17:00 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-28 17:00 . 2011-12-28 17:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-28 17:00 . 2011-12-28 17:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-28 17:00 . 2011-12-28 17:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-28 17:00 . 2011-12-28 17:00 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-28 17:00 . 2011-12-28 17:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-28 17:00 . 2011-12-28 17:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-28 17:00 . 2011-12-28 17:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-28 17:00 . 2011-12-28 17:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-28 17:00 . 2011-12-28 17:00 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-28 17:00 . 2011-12-28 17:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-28 17:00 . 2011-12-28 17:00 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-28 17:00 . 2011-12-28 17:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-28 17:00 . 2011-12-28 17:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-28 17:00 . 2011-12-28 17:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-28 16:30 . 2011-12-28 16:30 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-23 366024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-12-28 4942336]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="d:\program files (x86)\Itunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Nightvision\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 ALSysIO;ALSysIO;c:\users\NIGHTV~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.goggle.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Nightvision\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Nightvision\AppData\Roaming\Mozilla\Firefox\Profiles\otjwknr1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.goggle.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\IncrediMail\Bin\ImApp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-14 15:11:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-14 14:11
.
Vor Suchlauf: 9 Verzeichnis(se), 56.523.476.992 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 56.357.773.312 Bytes frei
.
- - End Of File - - D17C16EC6F9D91F6B1CA3AC7E1773269
--- --- ---
14.03.2012, 15:15
Baum-Darstellung