Trojaner-Board - GVU Trojaner , Windows Vista

Hier das Log :

Combofix Logfile:
Code:
ComboFix 13-01-11.02 - Admin 11.01.2013  22:11:13.2.3 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2286 [GMT 1:00]

ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))

.

.

2013-01-11 23:19 . 2013-01-11 23:19        --------        d-----w-        C:\_OTL

2013-01-11 21:20 . 2013-01-11 21:20        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2013-01-11 21:20 . 2013-01-11 21:20        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-01-11 21:20 . 2013-01-11 21:20        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2013-01-11 21:20 . 2013-01-11 21:20        --------        d-----w-        c:\users\Admin\AppData\Local\temp

2013-01-09 17:14 . 2012-11-20 04:22        204288        ----a-w-        c:\windows\SysWow64\ncrypt.dll

2013-01-09 17:14 . 2012-11-20 04:21        253952        ----a-w-        c:\windows\system32\ncrypt.dll

2013-01-09 17:13 . 2012-11-23 01:54        2770432        ----a-w-        c:\windows\system32\win32k.sys

2013-01-09 17:13 . 2012-11-02 10:47        1869824        ----a-w-        c:\windows\system32\msxml3.dll

2013-01-09 17:13 . 2012-11-02 10:47        1794560        ----a-w-        c:\windows\system32\msxml6.dll

2013-01-09 17:13 . 2012-11-02 10:19        1400832        ----a-w-        c:\windows\SysWow64\msxml6.dll

2013-01-09 17:13 . 2012-11-02 10:19        1248768        ----a-w-        c:\windows\SysWow64\msxml3.dll

2013-01-09 17:13 . 2012-11-22 04:22        456192        ----a-w-        c:\windows\system32\shlwapi.dll

2013-01-01 14:07 . 2013-01-01 14:07        --------        d-----w-        C:\found.003

2012-12-29 23:04 . 2012-12-29 23:04        9310        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\TEXTBOX.JS

2012-12-29 23:04 . 2012-12-29 23:04        8646        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\TILEBOX.JS

2012-12-29 23:04 . 2012-12-29 23:04        6429        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\UICORE.JS

2012-12-29 23:04 . 2012-12-29 23:04        63115        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\USERTILE.JS

2012-12-29 23:04 . 2012-12-29 23:04        5927        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\TEXT.JS

2012-12-29 23:04 . 2012-12-29 23:04        4599        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\UIRESOURCE.JS

2012-12-29 23:03 . 2012-12-29 23:03        8613        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\SAVEDUSER.JS

2012-12-29 23:03 . 2012-12-29 23:03        8288        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\IMAGE.JS

2012-12-29 23:03 . 2012-12-29 23:03        6910        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\NEWUSERCOMM.JS

2012-12-29 23:03 . 2012-12-29 23:03        6208        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\LINK.JS

2012-12-29 23:03 . 2012-12-29 23:03        18541        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\LOCALIZATION.JS

2012-12-29 23:03 . 2012-12-29 23:03        1651        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\QUERYSTRING.JS

2012-12-29 23:03 . 2012-12-29 23:03        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\BUTTON.JS

2012-12-29 23:03 . 2012-12-29 23:03        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\CHECKBOX.JS

2012-12-29 23:03 . 2012-12-29 23:03        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\EXTERNALWRAPPER.JS

2012-12-29 23:03 . 2012-12-29 23:03        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\COMBOBOX.JS

2012-12-29 23:03 . 2012-12-29 23:03        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(17)\DIVWRAPPER.JS

2012-12-28 09:40 . 2013-01-02 12:49        --------        d-----w-        c:\users\Admin\AppData\Roaming\Bioshock

2012-12-28 09:11 . 2012-12-28 09:11        --------        d-----w-        c:\program files (x86)\2K Games

2012-12-28 09:11 . 2012-12-28 09:11        --------        d-----w-        c:\users\Admin\AppData\Roaming\InstallShield

2012-12-28 08:59 . 2012-12-30 00:32        --------        d-----w-        c:\programdata\Media Center Programs

2012-12-28 08:55 . 2012-12-28 08:55        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll

2012-12-21 11:55 . 2012-12-16 13:31        48128        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-21 11:55 . 2012-12-16 13:12        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2012-12-21 11:55 . 2012-12-16 11:08        368128        ----a-w-        c:\windows\system32\atmfd.dll

2012-12-21 11:55 . 2012-12-16 10:50        293376        ----a-w-        c:\windows\SysWow64\atmfd.dll

2012-12-15 11:59 . 2012-12-15 11:59        --------        d-----w-        c:\users\Admin\AppData\Local\4A Games

2012-12-15 11:41 . 2012-12-15 11:41        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation

2012-12-15 11:39 . 2012-12-15 11:39        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 23:40 . 2012-04-28 16:06        697864        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-09 23:40 . 2011-07-15 08:58        74248        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-09 17:43 . 2006-11-02 12:35        67599240        ----a-w-        c:\windows\system32\mrt.exe

2012-11-14 07:06 . 2012-12-12 20:48        17811968        ----a-w-        c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-12 20:48        10925568        ----a-w-        c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-12 20:48        2312704        ----a-w-        c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-12 20:48        1346048        ----a-w-        c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-12 20:48        1392128        ----a-w-        c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-12 20:48        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-12 20:48        237056        ----a-w-        c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-12 20:48        85504        ----a-w-        c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-12 20:48        816640        ----a-w-        c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-12 20:48        599040        ----a-w-        c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-12 20:48        173056        ----a-w-        c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-12 20:48        2144768        ----a-w-        c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-12 20:48        729088        ----a-w-        c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-12 20:48        96768        ----a-w-        c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-12 20:48        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-12 20:48        248320        ----a-w-        c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-12 20:48        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-12 20:48        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-12 20:48        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-12 20:48        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-12 20:48        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-12 20:48        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2012-11-13 01:45 . 2012-12-12 16:46        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-11-13 01:29 . 2012-12-12 16:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-11-08 10:29 . 2012-11-08 10:29        1402312        ----a-w-        c:\windows\SysWow64\msxml4.dll

2012-11-02 10:45 . 2012-12-12 16:46        477696        ----a-w-        c:\windows\system32\dpnet.dll

2012-11-02 10:45 . 2012-12-12 16:46        68096        ----a-w-        c:\windows\system32\dpnathlp.dll

2012-11-02 10:18 . 2012-12-12 16:46        376320        ----a-w-        c:\windows\SysWow64\dpnet.dll

2012-11-02 08:59 . 2012-12-12 16:46        26112        ----a-w-        c:\windows\system32\dpnsvr.exe

2012-11-02 08:26 . 2012-12-12 16:46        23040        ----a-w-        c:\windows\SysWow64\dpnsvr.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]

2011-05-31 12:29        88976        ----a-w-        c:\progra~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]

2011-06-01 20:44        1236376        ----a-w-        c:\progra~2\WI371A~1\Datamngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll" [2011-05-31 88976]

.

[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-03 1354736]

"OutlookOnDesktop"="c:\program files (x86)\Outlook on the Desktop\OutlookDesktop.exe" [2012-06-28 265728]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Shell"="Explorer.exe,c:\progra~3\dsgsdgdsgdsgw.bat"

"Userinit"="c:\windows\system32\userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\datamngr.dll c:\progra~2\WI371A~1\Datamngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 66585774

*NewlyCreated* - 92667885

*Deregistered* - 66585774

*Deregistered* - 92667885

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

ezSharedSvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:40]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 18:45]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 18:45]

.

2011-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        162552        ----a-w-        c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=hp&babsrc=lnkry_nt

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cy2b21kg.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=hp&babsrc=lnkry

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]

"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-643971038-549652700-609112441-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:8d,d0,0b,53,69,d2,26,40,a8,62,cb,d1,92,33,7e,c6,82,9d,a8,7d,c2,8a,24,

   f9,d7,6b,e1,d3,9c,ee,e5,9f,c1,81,1b,b3,76,a1,c5,7c,bf,02,97,b9,ad,bc,fa,8e,\

"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b

.

[HKEY_USERS\S-1-5-21-643971038-549652700-609112441-1000\Software\SecuROM\License information*]

"datasecu"=hex:8a,88,a3,49,b3,a9,9d,63,46,e4,70,a0,9c,2b,c9,b7,25,8a,ff,9b,91,

   be,30,95,a5,07,37,ee,86,d4,c8,00,78,0d,24,50,1b,6a,aa,20,15,db,17,3d,2a,d4,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Zeit der Fertigstellung: 2013-01-11  22:22:22

ComboFix-quarantined-files.txt  2013-01-11 21:22

ComboFix2.txt  2013-01-11 21:01

.

Vor Suchlauf: 26 Verzeichnis(se), 572.536.233.984 Bytes frei

Nach Suchlauf: 27 Verzeichnis(se), 572.485.124.096 Bytes frei

.

- - End Of File - - 4072411193B8F17FCC524CA0EAE1CB0D
--- --- ---