| journeyman | 24.03.2011 11:52 |
Nach der Aktion kann ich nichts mehr machen. Sobald ich ein Programm öffnen will kommt die Meldung Code:
Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde
Wat nu?:confused:
hier noch das log-file, das ich über Umwege auf einem anderen System speichern konnte: Code:
ComboFix 11-03-23.04 - Admin 24.03.2011 10:50:16.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8191.6159 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\tcpview\tcpview.exe
c:\users\Admin\AppData\Local\Temp\sfamcc00001.dll
c:\users\Admin\AppData\Local\Temp\sfareca00001.dll
c:\users\Admin\AppData\Roaming\Bilder
c:\users\Admin\AppData\Roaming\Sysutils_Update
c:\windows\SysWow64\Ijl11.dll
c:\windows\SysWow64\ui
c:\windows\SysWow64\ui\BANNER\LOADINGEVENT1.SOR
c:\windows\SysWow64\ui\BANNER\LOADINGEVENT2.SOR
c:\windows\SysWow64\ui\BANNER\LOADINGIMGOPT.SOR
c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER1.SOR
c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER2.SOR
c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER3.SOR
c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER4.SOR
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-24 bis 2011-03-24 ))))))))))))))))))))))))))))))
.
.
2011-03-24 09:54 . 2011-03-24 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-24 09:31 . 2011-03-24 09:31 -------- d-----w- c:\program files\CCleaner
2011-03-23 21:28 . 2011-03-23 21:28 -------- d-----w- C:\_OTL
2011-03-23 11:42 . 2011-03-23 11:42 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2011-03-23 11:42 . 2011-03-23 11:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-23 11:42 . 2011-03-23 11:42 -------- d-----w- c:\programdata\!SASCORE
2011-03-23 11:42 . 2011-03-23 11:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-22 16:52 . 2009-08-17 16:58 529920 ----a-w- c:\windows\system32\VIASysFx.dll
2011-03-16 16:41 . 2011-03-16 16:41 -------- d-----w- c:\programdata\Ubisoft
2011-03-16 16:34 . 2011-03-16 16:34 -------- d-----w- c:\users\Admin\AppData\Roaming\PunkBuster
2011-03-15 12:13 . 2011-03-15 12:13 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-03-14 11:21 . 2011-02-18 14:57 2128360 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\CPU-Z\cpuz.exe
2011-03-14 09:34 . 2011-03-14 09:34 -------- d-----w- c:\windows\system32\SPReview
2011-03-14 09:34 . 2011-03-14 09:34 -------- d-----w- c:\windows\system32\EventProviders
2011-03-14 09:31 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-14 09:31 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-14 09:29 . 2010-11-20 13:27 475136 ----a-w- c:\windows\system32\wlangpui.dll
2011-03-14 09:28 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\wups2.dll
2011-03-14 09:27 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-03-14 09:27 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-03-14 09:27 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-03-14 09:27 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-03-14 09:27 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 14:57 . 2010-09-24 20:21 307200 ----a-w- c:\windows\SysWow64\TubeFinder.exe
2011-03-14 09:38 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-14 09:38 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-01-08 19:08 . 2010-02-22 13:52 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-05 03:37 . 2011-01-05 03:37 8283136 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-05 03:22 . 2011-01-05 03:22 22100480 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-05 03:03 . 2011-01-05 03:03 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-05 03:02 . 2011-01-05 03:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-05 03:02 . 2011-01-05 03:02 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-05 03:01 . 2010-09-29 01:54 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-05 02:58 . 2011-01-05 02:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-05 02:58 . 2011-01-05 02:58 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-05 02:57 . 2011-01-05 02:57 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-05 02:56 . 2011-01-05 02:56 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-05 02:56 . 2011-01-05 02:56 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-05 02:56 . 2011-01-05 02:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-05 02:55 . 2011-01-05 02:55 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-05 02:55 . 2011-01-05 02:55 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-05 02:55 . 2011-01-05 02:55 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-05 02:55 . 2011-01-05 02:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-05 02:52 . 2011-01-05 02:52 4101632 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-05 02:43 . 2010-09-29 01:37 4844544 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-05 02:33 . 2011-01-05 02:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-05 02:33 . 2011-01-05 02:33 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-05 02:33 . 2011-01-05 02:33 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-05 02:33 . 2011-01-05 02:33 4162048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-05 02:33 . 2011-01-05 02:33 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-05 02:33 . 2011-01-05 02:33 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-05 02:32 . 2011-01-05 02:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-05 02:32 . 2009-11-25 02:43 3218944 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-05 02:31 . 2011-01-05 02:31 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-05 02:28 . 2010-03-20 12:52 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-05 02:27 . 2009-11-25 02:50 5305856 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-05 02:25 . 2011-01-05 02:25 3461120 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-05 02:20 . 2011-01-05 02:20 353792 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-05 02:20 . 2011-01-05 02:20 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-05 02:19 . 2011-01-05 02:19 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 32256 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-05 02:19 . 2011-01-05 02:19 27648 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 294400 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-05 02:18 . 2010-03-20 12:52 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-05 02:18 . 2011-01-05 02:18 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-05 02:18 . 2010-03-20 12:52 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-05 02:18 . 2011-01-05 02:18 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-05 02:17 . 2011-01-05 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-24 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-11-25 4009592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 135664]
R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\ShotOnline\GameGuard\dump_wmimmc.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-10-01 26240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [x]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-14 515560]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-20 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 15:42]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 15:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files (x86)\CADE 2.18.3\Web\new.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a88u9ehd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7f,89,bb,9f,2a,c2,c0,79,fa,7f,53,22,e0,30,57,e1,88,d8,73,c4,42,
a7,e0,56,29,6b,bb,44,f3,02,80,6f,fb,e6,45,88,41,8f,8f,fd,6e,90,39,fc,97,23,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7f,89,bb,9f,2a,c2,c0,79,fa,7f,53,22,e0,30,57,e1,88,d8,73,c4,42,
a7,e0,56,29,6b,bb,44,f3,02,80,6f,d5,3a,84,76,dd,7e,6c,92,6e,90,39,fc,97,23,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\TeamViewer\Version5\TeamViewer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-24 11:02:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-24 10:02
.
Vor Suchlauf: 9 Verzeichnis(se), 247.529.668.608 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 247.413.100.544 Bytes frei
.
- - End Of File - - 10B2973954AF9EE54BF8FD484CBD372C
|
