-
Mülltonne
(
https://www.trojaner-board.de/muelltonne/)
Ständig neu bildende Dateien: .z.zz.zzz...z und so weiter
# Code:
ComboFix 13-03-25.01 - KLE 25.03.2013 19:47:31.2.8 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3319.2026 [GMT 1:00]
ausgeführt von:: c:\users\KLE\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KLE\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-25 bis 2013-03-25 ))))))))))))))))))))))))))))))
.
.
2013-03-25 19:13 . 2013-03-25 19:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-25 19:13 . 2013-03-25 19:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-25 19:13 . 2013-03-25 19:13 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-25 19:13 . 2013-03-25 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-25 12:10 . 2013-03-25 12:10 -------- d-----w- c:\users\KLE\AppData\Roaming\Auslogics
2013-03-18 18:08 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 13:34 . 2013-03-16 13:37 -------- d-----w- c:\users\KLE\AppData\Roaming\IMSIDesign
2013-03-11 13:12 . 2013-03-11 13:13 -------- d-----w- c:\programdata\FLEXnet
2013-03-10 08:33 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\54501072.sys
2013-03-10 08:33 . 2009-10-09 22:31 311312 ----a-w- c:\windows\system32\drivers\5450107.sys
2013-03-10 08:33 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\54501071.sys
2013-03-05 13:05 . 2013-03-05 13:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-04 12:10 . 2011-09-09 14:53 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 11:24 . 2012-09-13 07:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 11:24 . 2012-09-13 07:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 13:05 . 2012-09-12 12:05 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-05 13:05 . 2012-09-12 12:05 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-05 08:31 . 2012-09-19 15:30 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-05 08:30 . 2012-09-21 08:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-12 04:48 . 2013-03-14 09:43 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 09:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 03:20 . 2013-02-20 23:20 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:20 . 2013-02-20 23:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-10 03:20 . 2013-02-20 23:20 7964680 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:20 . 2013-02-20 23:20 6267240 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20 . 2013-02-20 23:20 2726176 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:20 . 2013-02-20 23:20 20534560 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-10 03:20 . 2013-02-20 23:20 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:20 . 2013-02-20 23:20 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:20 . 2013-02-20 23:20 15038296 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-10 03:20 . 2013-02-20 23:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-10 03:20 . 2012-10-11 09:35 2528840 ----a-w- c:\windows\system32\nvapi.dll
2013-02-10 03:20 . 2009-07-13 22:09 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-10 00:35 . 2012-10-11 09:37 4115232 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:35 . 2012-10-11 09:37 3010336 ----a-w- c:\windows\system32\nvsvc.dll
2013-02-10 00:35 . 2012-10-11 09:37 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 00:35 . 2012-10-11 09:37 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-02-10 00:35 . 2012-10-11 09:37 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-02-10 00:35 . 2012-10-11 09:37 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-09 17:43 . 2013-02-09 17:43 555808 ----a-w- c:\windows\system32\nvStreaming.exe
2013-01-15 07:55 . 2012-09-21 08:19 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-01-15 07:54 . 2012-09-19 15:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-05 05:00 . 2013-02-13 09:10 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 09:10 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 09:10 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 09:10 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 09:10 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 09:10 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-29 10:26 . 2012-10-11 09:35 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26 . 2012-02-09 20:43 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2013-03-08 12:53 . 2013-03-08 12:53 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserMask"="c:\antibrowserspy\AntiBrowserSpyBrowserMaske.exe" [2012-08-14 101328]
"CursorFX"="c:\cursorfx\CursorFX.exe" [2012-05-10 432784]
"w-lanTV"="c:\program files\TERRATEC\CONNECT N3\CONNECT N3.exe" [2011-06-10 121856]
"updateMgr"="c:\adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-14 356376]
"BCSSync"="c:\microsoft office\Office14\BCSSync.exe" [2010-03-13 91520]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1093272]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 1668248]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Version Cue CS2"="c:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^KLE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk]
path=c:\users\KLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
backup=c:\windows\pss\An OneNote senden.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 01:08 483328 ----a-w- c:\adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-06 15:53 856064 ----a-w- c:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\clonecd\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2003-11-27 22:56 733184 ----a-w- c:\corel\Corel Graphics 12\Languages\DE\Programs\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-03-24 12:13 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\windows\System32\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2012 Browser Monitor]
2012-03-12 16:03 55808 ----a-w- c:\program files\Steganos Privacy Suite 2012\SteganosBrowserMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2012 File Redirection Starter]
2012-03-12 15:56 17920 ----a-w- c:\program files\Steganos Privacy Suite 2012\fredirstarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2012 HotKeys]
2012-03-12 16:03 84480 ----a-w- c:\program files\Steganos Privacy Suite 2012\SteganosHotKeyService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w-lanTV]
2011-06-10 06:42 121856 ----a-w- c:\program files\TERRATEC\CONNECT N3\CONNECT N3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 setup_9.0.0.722_10.03.2013_06-03drv;setup_9.0.0.722_10.03.2013_06-03drv;c:\windows\system32\DRIVERS\5450107.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\everest home edition\kerneld.wnt [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 54501072;54501072 Boot Guard Driver;c:\windows\system32\DRIVERS\54501072.sys [x]
S0 61558462;61558462 Boot Guard Driver;c:\windows\system32\DRIVERS\61558462.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 54501071;54501071;c:\windows\system32\DRIVERS\54501071.sys [x]
S1 61558461;61558461;c:\windows\system32\DRIVERS\61558461.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 setup_9.0.0.722_18.02.2013_06-04drv;setup_9.0.0.722_18.02.2013_06-04drv;c:\windows\system32\DRIVERS\6155846.sys [x]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [x]
S1 STGMFEngine32;Steganos RAM Disk Engine [Driver];c:\windows\system32\drivers\STGMFEngine32.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 BotkindSyncService;Botkind Service;c:\allway sync\Bin\SyncService.exe service [x]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler32.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 11:24]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-26 08:33]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-26 08:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
IE: An OneNote s&enden - c:\micros~1\Office15\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\KLE\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\KLE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - c:\micros~1\Office15\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\KLE\AppData\Roaming\Mozilla\Firefox\Profiles\ap89mkzo.default\
FF - prefs.js: browser.startup.homepage - www.t-online.de|www.welt.de|www.spiegel.de|www.google.de
FF - ExtSQL: !HIDDEN! 2013-01-09 12:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\everest home edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4019293579-4098048166-1692885247-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (S-1-5-21-4019293579-4098048166-1692885247-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-4019293579-4098048166-1692885247-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (S-1-5-21-4019293579-4098048166-1692885247-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-4019293579-4098048166-1692885247-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (S-1-5-21-4019293579-4098048166-1692885247-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-4019293579-4098048166-1692885247-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-4019293579-4098048166-1692885247-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\allway sync\Bin\SyncService.exe
c:\windows\system32\CISVC.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-25 20:30:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-25 19:30
ComboFix2.txt 2013-02-07 12:00
.
Vor Suchlauf: 114 Verzeichnis(se), 767.177.760.768 Bytes frei
Nach Suchlauf: 117 Verzeichnis(se), 767.162.511.360 Bytes frei
.
- - End Of File - - 24928586289890D8D1831280D0B9F20A
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:22 Uhr. | |
Copyright ©2000-2025, Trojaner-Board
Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.
