| guennis1960 | 15.10.2012 15:53 |
Habe Combi-- ausgeführt. Es traten danach die gleichen Probleme wie beim ersten Mal auf, so dass ich erneut den Wiederherstellungsmodus durchführen musste.
Hier mal der gewünschte Bericht.
Combofix Logfile: Code:
ComboFix 12-10-14.03 - Guenter 15.10.2012 11:37:24.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.6135.4403 [GMT 2:00]
ausgeführt von:: c:\users\Guenter\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\regobj.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-15 bis 2012-10-15 ))))))))))))))))))))))))))))))
.
.
2012-10-15 12:01 . 2012-10-15 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 09:35 . 2012-10-15 09:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DF785FD-0272-43D8-826A-75C1ED30AFB9}\offreg.dll
2012-10-15 06:00 . 2012-10-15 06:00 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-15 06:00 . 2012-10-15 06:00 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 20:16 . 2012-10-12 20:16 -------- d-----w- c:\programdata\UAB
2012-10-12 20:15 . 2012-10-12 20:15 -------- d-----w- c:\users\Guenter\AppData\Local\PC_Drivers_Headquarters
2012-10-12 20:15 . 2012-10-12 20:15 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2012-10-12 20:14 . 2012-10-12 20:14 -------- d-----w- c:\program files (x86)\PC Drivers HeadQuarters
2012-10-12 20:13 . 2012-10-12 20:13 -------- d-----w- c:\programdata\Browser Manager
2012-10-12 20:13 . 2012-10-12 20:13 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-10-12 20:13 . 2012-10-12 20:13 -------- d-----w- c:\users\Guenter\AppData\Roaming\Babylon
2012-10-12 20:13 . 2012-10-12 20:13 -------- d-----w- c:\programdata\Babylon
2012-10-12 20:13 . 2012-10-12 20:13 -------- d-----w- c:\programdata\IBUpdaterService
2012-10-12 07:38 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DF785FD-0272-43D8-826A-75C1ED30AFB9}\mpengine.dll
2012-10-11 09:53 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 09:53 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 09:53 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 09:53 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 09:48 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 09:48 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 09:48 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 09:48 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-11 09:48 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 09:48 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 09:46 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 09:46 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 09:46 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 09:46 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 09:46 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 09:46 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 15:06 . 2012-10-10 15:06 -------- d-----w- c:\users\Guenter\AppData\Local\Apps
2012-10-10 14:44 . 2012-10-10 14:44 -------- d-----w- C:\_OTL
2012-10-10 10:13 . 2012-10-10 10:13 -------- d-----w- c:\users\Guenter\AppData\Roaming\Avira
2012-10-10 10:09 . 2012-10-10 10:13 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-10-10 10:08 . 2012-10-10 09:57 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-10 10:08 . 2012-10-10 09:57 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-10 10:08 . 2012-10-10 09:57 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-10 10:08 . 2012-10-10 10:08 -------- d-----w- c:\program files (x86)\Avira
2012-10-06 09:25 . 2012-10-06 09:25 -------- d-----w- c:\program files (x86)\ESET
2012-10-06 08:05 . 2012-10-06 08:05 -------- d-----w- c:\users\Guenter\AppData\Roaming\Malwarebytes
2012-10-06 08:05 . 2012-10-06 08:05 -------- d-----w- c:\programdata\Malwarebytes
2012-10-06 07:09 . 2012-10-06 07:39 -------- d-----w- c:\programdata\MFAData
2012-10-06 07:09 . 2012-10-06 07:09 -------- d--h--w- c:\programdata\Common Files
2012-10-06 07:09 . 2012-10-06 07:09 -------- d-----w- c:\users\Guenter\AppData\Local\MFAData
2012-10-06 07:09 . 2012-10-06 07:09 -------- d-----w- c:\users\Guenter\AppData\Local\Avg2013
2012-10-04 11:43 . 2012-10-04 11:43 -------- d-----w- c:\users\Guenter\Neuer Ordner
2012-10-04 10:27 . 2012-10-12 19:49 -------- d-----w- c:\users\Guenter\Viren Oktober2012
2012-09-30 15:32 . 2012-09-30 15:32 -------- d-----w- c:\windows\system32\appmgmt
2012-09-26 05:08 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-19 19:34 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-19 19:34 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-19 19:34 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 19:34 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 19:33 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 19:33 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 19:33 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 10:14 . 2010-09-05 05:12 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 07:58 . 2012-04-15 05:57 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 07:58 . 2011-05-15 04:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 05:49 . 2012-09-02 05:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 05:49 . 2012-05-21 08:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 05:49 . 2011-10-31 07:09 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-20 17:38 . 2012-10-11 09:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 18:15 . 2012-08-15 05:16 3148800 ----a-w- c:\windows\system32\win32k.sys
2008-03-24 20:50 . 2008-03-24 20:50 554008 ----a-w- c:\program files (x86)\Common Files\dao360.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-03-18 12:50 154728 ----a-w- c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-13 39408]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [BU]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-01 347008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-26 75048]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-10-10 386336]
.
c:\users\Guenter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\browse~1\23765~1.24\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23765~1.24\{16cdf~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-10-10 369952]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-10-10 554784]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-13 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-13 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-10-10 27800]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/11/08 10:39];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-12 22:08 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-19 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-10 84256]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-05 2203160]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-10-12 581344]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MDES;DVM Meta Data Export Service;c:\asus.sys\CONFIG\DVMExportService.exe [2009-02-18 315392]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 07:58]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-13 19:11]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-13 19:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.web.de/br/ie9_startpage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.de/ctl/kingcomie.cab
FF - ProfilePath - c:\users\Guenter\AppData\Roaming\Mozilla\Firefox\Profiles\1p2bzv6p.default\
FF - prefs.js: browser.search.selectedEngine - WEB.DE Suche
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/tb/mff_startpage_homepage
FF - prefs.js: keyword.URL - hxxp://go.web.de/tb2/mff_keyurl_search/?su=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-08-18 14:32; {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}; c:\users\Guenter\AppData\Roaming\Mozilla\Firefox\Profiles\1p2bzv6p.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - ExtSQL: 2012-10-10 09:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Guenter\AppData\Roaming\Mozilla\Firefox\Profiles\1p2bzv6p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6a674a17000000000000001f1f6f8e9d&q=
FF - user.js: extensions.BabylonToolbar.id - 6a674a17000000000000001f1f6f8e9d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15625
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.0
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.0
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.022:13
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{17166733-40EA-4432-A85C-AE672FF0E236}"=hex:51,66,7a,6c,4c,1d,38,12,5d,64,05,
13,d8,0e,5c,01,d7,4a,ed,27,2a,ae,a6,22
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5c,3f,af,e5,ce,a6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,b6,40,20,92,74,b2,4f,82,58,28,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,b6,40,20,92,74,b2,4f,82,58,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-15 14:17:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-15 12:17
ComboFix2.txt 2012-10-10 20:07
.
Vor Suchlauf: 19 Verzeichnis(se), 880.479.653.888 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 880.211.668.992 Bytes frei
.
- - End Of File - - 24C2E393889CE7C5907CC858CD8C96F8
--- --- --- |
