chaoskomet | 11.07.2011 16:32 | so nach paar neustarts - kann ich endlich combofix log schreiben: Code:
ComboFix 11-07-11.02 - Chaoskomet 11.07.2011 17:10:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3036.2123 [GMT 2:00]
ausgeführt von:: c:\users\Chaoskomet\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-11 bis 2011-07-11 ))))))))))))))))))))))))))))))
.
.
2011-07-11 15:20 . 2011-07-11 15:20 -------- d-----w- c:\users\Chaoskomet\AppData\Local\temp
2011-07-11 15:20 . 2011-07-11 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 14:25 . 2011-07-11 15:07 -------- d-----w- C:\32788R22FWJFW
2011-07-11 12:41 . 2011-07-11 12:41 -------- d-----w- C:\_OTL
2011-07-11 10:29 . 2011-07-11 10:29 -------- d-----w- c:\users\Chaoskomet\AppData\Local\ABBYY
2011-07-11 10:27 . 2011-07-11 10:28 -------- d-----w- c:\program files\ABBYY ScanTo Office 1.0
2011-07-11 10:10 . 2011-07-11 10:10 -------- d-----w- c:\windows\tessdata
2011-07-11 10:10 . 2011-07-11 10:10 -------- d-----w- c:\program files\Softi Software
2011-07-11 10:08 . 2011-07-11 10:08 -------- d-----w- c:\users\Chaoskomet\AppData\Roaming\Softi Software
2011-07-11 10:02 . 2011-07-11 10:10 -------- d-----w- c:\users\Chaoskomet\AppData\Roaming\GetRightToGo
2011-07-11 09:40 . 2011-07-11 09:40 -------- d-----w- c:\users\Chaoskomet\AppData\Roaming\Malwarebytes
2011-07-11 09:40 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-11 09:40 . 2011-07-11 09:40 -------- d-----w- c:\programdata\Malwarebytes
2011-07-11 09:40 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-11 09:40 . 2011-07-11 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-09 20:05 . 2011-07-09 20:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-08 21:22 . 2011-07-08 21:22 -------- d-----w- c:\program files\ESET
2011-07-05 12:10 . 2011-06-21 17:11 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-07-05 12:10 . 2011-06-21 17:11 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-07-05 12:10 . 2011-07-05 12:10 -------- d-----w- c:\program files\Nitro PDF
2011-07-05 12:10 . 2011-07-05 12:10 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-06-30 08:54 . 2011-06-30 08:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-06-29 16:46 . 2011-06-29 16:51 -------- d-----w- c:\users\Chaoskomet\AppData\Roaming\Audacity
2011-06-29 10:58 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 06:27 . 2011-06-29 06:27 -------- d-----w- c:\users\Chaoskomet\AppData\Local\HP
2011-06-28 09:57 . 2011-06-29 06:27 -------- d-----w- c:\users\Chaoskomet\AppData\Roaming\HP
2011-06-28 09:57 . 2011-06-28 09:57 -------- d-----w- c:\programdata\WEBREG
2011-06-28 09:52 . 2011-06-28 09:52 -------- d-----w- c:\programdata\HP Product Assistant
2011-06-27 07:50 . 2011-06-27 07:50 -------- d-----w- c:\program files\Common Files\HP
2011-06-27 07:50 . 2011-06-27 07:50 -------- d-----w- c:\program files\Hewlett-Packard
2011-06-27 07:50 . 2011-06-27 07:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-06-27 07:50 . 2011-06-27 07:50 -------- d-----w- c:\programdata\Hewlett-Packard
2011-06-27 07:50 . 2007-10-20 16:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2011-06-27 07:48 . 2007-10-20 16:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-06-27 07:48 . 2011-06-29 20:39 -------- d-----w- c:\program files\HP
2011-06-27 07:47 . 2011-06-28 09:53 -------- d-----w- c:\programdata\HP
2011-06-27 07:47 . 2008-01-25 12:23 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-06-27 07:47 . 2008-01-25 12:22 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2011-06-27 07:47 . 2008-01-25 12:22 303104 ----a-w- c:\windows\system32\hpovst15.dll
2011-06-27 07:47 . 2008-01-25 12:22 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2011-06-27 07:47 . 2008-01-25 12:22 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-06-21 15:01 . 2011-07-11 11:02 -------- d-----w- c:\program files\CPUCooL
2011-06-20 12:37 . 2011-06-20 12:37 -------- d-----w- c:\programdata\CyberLink
2011-06-20 12:37 . 2011-06-20 12:37 -------- d-----w- c:\users\Public\CyberLink
2011-06-18 14:18 . 2011-06-18 14:18 -------- d-----w- c:\windows\Sun
2011-06-18 14:18 . 2011-06-18 14:18 -------- d-----w- c:\program files\Common Files\Java
2011-06-16 12:45 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 12:45 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 12:45 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 06:00 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 06:00 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 06:00 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 06:00 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 06:00 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 06:00 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 06:00 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 06:00 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 06:00 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 06:00 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 12:02 . 2011-05-30 12:02 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-05-29 11:29 . 2011-05-29 11:29 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-04 02:52 . 2011-03-13 13:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-25 12:42 . 2007-10-25 15:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dcea9ff9-5c31-40ac-9285-9c25ff04b93a}"= "c:\program files\produkttests\prxtbpro0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dcea9ff9-5c31-40ac-9285-9c25ff04b93a}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcea9ff9-5c31-40ac-9285-9c25ff04b93a}]
2011-01-17 14:54 175912 ----a-w- c:\program files\produkttests\prxtbpro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dcea9ff9-5c31-40ac-9285-9c25ff04b93a}"= "c:\program files\produkttests\prxtbpro0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dcea9ff9-5c31-40ac-9285-9c25ff04b93a}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DCEA9FF9-5C31-40AC-9285-9C25FF04B93A}"= "c:\program files\produkttests\prxtbpro0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{dcea9ff9-5c31-40ac-9285-9c25ff04b93a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-03-11 160592]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-04-05 353736]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2010-12-01 1709128]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-06-24 2423608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-12 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-13 1833504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]
"GfK-WatchDog"="c:\program files\GfKLSPService\GfK-WatchDog.exe" [2010-08-29 60928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-11 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-04-07 13224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2009-08-26 18432]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2009-08-26 26368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-17 535552]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [2009-11-04 23104]
R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [2009-11-04 763584]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ntiomin;ntiomin; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet-Monitor\GfK-Reporting.exe [2011-01-20 102400]
S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet-Monitor\GfK-Updater.exe [2011-01-20 180224]
S2 GfkLSPService;GfkLSPService;c:\program files\GfKLSPService\GfKLSPService.exe [2010-11-17 3506176]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-08-12 13312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2010-09-03 185640]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2008-11-21 238464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
yksvcs REG_MULTI_SZ yksvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/mb57
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\GfKLSPService.DLL
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Chaoskomet\AppData\Roaming\Mozilla\Firefox\Profiles\ajzdxrw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb57|hxxp://www.ichbin.nikonwelt.at/galerie/beitrag/4475|hxxp://www.spielesite.com/|https://login.yahoo.com/config/mail?.intl=de&.done=http%3A%2F%2Fde.mg40.mail.yahoo.com%2Fdc%2Flaunch%3F.rand%3D2ob06o83orpl6
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: GfK Internet-Monitor: gacela2@nurago.com - c:\program files\GfK Internet-Monitor
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Bigpoint Games DE Community Toolbar: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - %profile%\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-11 17:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-326891830-3036340036-2452681849-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{000670F7-05A4-819B-DE9B-404A08A846E7}*]
"hakpgcikfgigogid"=hex:6a,61,66,6a,6e,62,6f,6a,6c,6a,69,67,67,70,68,70,6b,66,
68,61,00,00
"iaipaaedbgcoijoiae"=hex:63,61,62,6a,6d,65,00,7f
"iaeaafcepedaadbccb"=hex:6a,61,66,6a,6e,62,6f,6a,6c,6a,69,67,67,70,68,70,6b,66,
68,61,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5176)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2011-07-11 17:22:54
ComboFix-quarantined-files.txt 2011-07-11 15:22
.
Vor Suchlauf: 2.805.579.776 Bytes frei
Nach Suchlauf: 2.568.339.456 Bytes frei
.
- - End Of File - - 84659B3E5C9A33B3B488AEDE5141F9F8 darf ich jetzt wieder AVG installieren? das windoof defender ding macht mich nicht unbedingt glücklich
kann man eigentlich ersehen, durch was ich die probleme habe, und sass der schon länger bei mir fest, oder habe ich den bei meinen freunden eingefangen? obwohl ich dort bloss im internet war. |