Ja, jetzt gings. Code:
ComboFix 13-03-15.01 - oem 16.03.2013 13:48:04.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.5815.5052 [GMT 1:00]
ausgeführt von:: c:\users\Magnus\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\$recycle.bin\S-1-5-21-2151184538-3474108200-4023508122-1004\$926f3dfb4fd7b163e681954dfdd9949c\@
c:\$recycle.bin\S-1-5-21-2151184538-3474108200-4023508122-1004\$926f3dfb4fd7b163e681954dfdd9949c\U\00000001.@
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-16 bis 2013-03-16 ))))))))))))))))))))))))))))))
.
.
2013-03-16 13:01 . 2013-03-16 13:01 -------- d-----w- c:\users\oem\AppData\Local\temp
2013-03-16 13:01 . 2013-03-16 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-16 01:17 . 2013-03-16 01:17 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-16 01:17 . 2013-03-16 01:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-01 07:57 . 2013-03-01 07:57 -------- d-----w- c:\users\Magnus\AppData\Roaming\Avira
2013-03-01 07:31 . 2012-12-03 14:36 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-01 07:31 . 2012-12-03 14:36 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-01 07:31 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-01 07:31 . 2013-03-01 07:31 -------- d-----w- c:\programdata\Avira
2013-03-01 07:31 . 2013-03-01 07:31 -------- d-----w- c:\program files (x86)\Avira
2013-03-01 06:48 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C125072-5EDD-483C-87A2-2CBB9D81B1F0}\mpengine.dll
2013-02-28 14:48 . 2013-02-28 14:48 -------- d-----w- c:\users\Magnus\AppData\Roaming\dvdcss
2013-02-24 15:08 . 2013-02-24 15:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-02-23 13:14 . 2013-02-23 13:14 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-02-23 13:14 . 2013-02-23 13:14 -------- d-----w- c:\program files\Realtek
2013-02-23 13:11 . 2012-02-21 18:45 2605400 ----a-w- c:\windows\system32\WavesGUILib.dll
2013-02-23 13:11 . 2012-01-30 10:43 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
2013-02-23 13:11 . 2012-01-10 09:20 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
2013-02-23 13:11 . 2011-03-17 11:17 1361336 ----a-w- c:\windows\system32\tosade.dll
2013-02-23 13:11 . 2011-03-07 16:11 148416 ----a-w- c:\windows\system32\tadefxapo.dll
2013-02-23 13:11 . 2009-11-24 08:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2013-02-23 13:11 . 2009-11-24 08:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2013-02-23 13:11 . 2009-11-24 08:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2013-02-23 13:11 . 2009-11-24 08:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2013-02-23 13:09 . 2013-02-23 13:09 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Vorlagen
2013-02-23 13:01 . 2013-02-23 13:01 0 ----a-w- C:\user.js
2013-02-21 12:31 . 2013-02-21 12:31 -------- d-----w- c:\program files (x86)\LucasArts
2013-02-21 12:30 . 2005-04-03 22:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-02-21 12:30 . 2005-04-03 22:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-02-21 12:30 . 2005-04-03 22:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-02-21 12:30 . 2005-04-03 22:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-02-21 12:30 . 2005-04-03 22:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-02-21 12:30 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-02-21 12:30 . 2013-02-21 12:30 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-02-21 12:30 . 2013-02-21 12:30 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-02-16 12:14 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 12:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 20:50 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 20:50 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 20:50 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 19:44 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 18:49 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 18:49 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 18:49 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 18:49 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 18:49 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 18:49 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 18:48 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 18:48 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 01:23 . 2012-08-05 18:24 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-20 09:48 . 2012-09-09 18:01 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-20 09:48 . 2011-10-28 13:58 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 18:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-24 18:51 . 2012-12-24 18:51 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-12-24 18:51 . 2012-12-24 18:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-12-24 18:51 . 2012-12-24 18:51 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-12-24 18:51 . 2012-12-24 18:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-12-24 18:51 . 2012-12-24 18:51 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-12-24 18:51 . 2012-12-24 18:51 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-12-24 18:51 . 2012-12-24 18:51 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-12-24 18:51 . 2012-12-24 18:51 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-12-24 18:51 . 2012-12-24 18:51 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-12-24 18:51 . 2012-12-24 18:51 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-12-24 18:51 . 2012-12-24 18:51 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-12-24 18:51 . 2012-12-24 18:51 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-12-24 18:51 . 2012-12-24 18:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-12-24 18:51 . 2012-12-24 18:51 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-12-24 18:51 . 2012-12-24 18:51 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-12-24 18:51 . 2012-12-24 18:51 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-12-24 18:51 . 2012-12-24 18:51 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-12-24 18:51 . 2012-12-24 18:51 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-12-24 18:51 . 2012-12-24 18:51 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-12-24 18:51 . 2012-12-24 18:51 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-12-24 18:51 . 2012-12-24 18:51 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-12-24 18:51 . 2012-12-24 18:51 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-24 18:51 . 2012-12-24 18:51 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-24 18:51 . 2012-12-24 18:51 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-12-24 18:51 . 2012-12-24 18:51 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-12-24 18:50 . 2012-12-24 18:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-24 18:50 . 2012-12-24 18:50 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-24 18:50 . 2012-12-24 18:50 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-24 18:50 . 2012-12-24 18:50 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-24 18:50 . 2012-12-24 18:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-24 18:50 . 2012-12-24 18:50 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-24 18:50 . 2012-12-24 18:50 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-16 17:11 . 2012-12-21 12:55 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:55 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:55 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Spotify"="c:\users\oem\AppData\Roaming\Spotify\Spotify.exe" [2012-08-28 5576408]
"Spotify Web Helper"="c:\users\oem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-28 1193176]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-01-23 385248]
.
c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\oem\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-01-28 86752]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-01-05 867712]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-05-30 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-01-06 35840]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-24 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 243712]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-24 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-24 30208]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2151184538-3474108200-4023508122-1000Core.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 18:15]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2151184538-3474108200-4023508122-1000UA.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 18:15]
.
2013-03-16 c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job
- c:\program files (x86)\Packard Bell\Registration\GREG.exe [2011-05-11 11:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-05 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-21 296960]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{40D67CDE-88B8-42B4-81F4-0E3212D17EE7}: NameServer = 172.25.0.250
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-PlanetSide 2 PSG - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
AddRemove-soe-PlanetSide 2 PSG - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2151184538-3474108200-4023508122-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:01,8a,d2,61,47,ed,c6,bc,02,c6,a8,85,48,13,1a,19,2e,f2,27,5b,fe,d5,4f,
1b,a1,0e,43,15,1a,61,e5,eb,70,e3,c7,f1,7e,1f,4b,f7,a2,e6,a1,c5,36,a8,7b,ba,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-2151184538-3474108200-4023508122-1004\Software\SecuROM\License information*]
"datasecu"=hex:07,d9,57,be,3a,ad,3b,c6,6a,c6,62,86,25,37,ee,34,09,13,ab,0a,d9,
b0,a6,c5,8b,07,11,42,b9,5d,f6,5b,e9,05,c1,13,75,ab,57,ff,ab,dc,65,3f,b8,05,\
"rkeysecu"=hex:7e,78,a9,66,2e,09,51,9e,3e,f8,68,eb,dc,ca,31,17
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-16 14:04:02
ComboFix-quarantined-files.txt 2013-03-16 13:04
.
Vor Suchlauf: 9 Verzeichnis(se), 386.571.034.624 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 386.416.660.480 Bytes frei
.
- - End Of File - - 40215BD427CF46DB6825EF057EB3A366
|
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
SecurityCheck und:
Lesestoff: