ich weiss das man combofix nie auf eigene initiative ausführen sollte, aber ich hatte sozusagen panik weil der pc bis heute 19:00uhr fertig sein musste wegen den benutzerkonten. und weils letztes mal danach auch wieder alles ok war hab ichs halt probiert... naja jedenfalls geht jetzt alles wieder, keine probleme mehr, trau mich nur nich den pc neuzustarten :kaffee:
hier das logfile Code:
ComboFix 11-04-09.01 - Mirau 10.04.2011 9:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1470 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Mirau\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\osamdata.bin
c:\data\riskcache.bin
c:\dokumente und einstellungen\Mirau\WINDOWS
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-10 bis 2011-04-10 ))))))))))))))))))))))))))))))
.
.
2011-04-02 10:18 . 2010-11-03 16:15 359016 ----a-w- c:\windows\vncutil.exe
2011-04-02 10:17 . 2011-01-04 17:25 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-04-02 10:17 . 2010-11-03 16:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-04-02 10:17 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-04-02 10:17 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-04-01 12:43 . 2011-04-01 12:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Codemasters
2011-04-01 12:41 . 2011-04-01 12:41 -------- d-----w- c:\programme\BRS
2011-04-01 12:41 . 2010-07-28 17:10 1380352 ----a-w- c:\windows\system32\rapture3d_oal.dll
2011-04-01 12:41 . 2010-03-01 18:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2011-03-28 15:36 . 2011-03-29 15:47 -------- d-----w- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Online Solutions
2011-03-27 18:18 . 2011-03-27 18:18 -------- d-----w- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Auslogics
2011-03-27 18:18 . 2011-03-27 18:18 -------- d-----w- c:\programme\Auslogics
2011-03-27 10:09 . 2009-09-18 18:14 1093632 ----a-w- C:\osam_srv.dll
2011-03-27 10:09 . 2009-09-18 18:13 1392640 ----a-w- C:\osam_gui.dll
2011-03-27 10:09 . 2009-09-18 18:13 372736 ----a-w- C:\osam.exe
2011-03-27 10:09 . 2009-09-09 15:38 2437632 ----a-w- C:\ToolkitPro1211vc80U.dll
2011-03-27 10:09 . 2007-10-29 22:24 1093120 ----a-w- C:\mfc80u.dll
2011-03-27 10:09 . 2007-10-29 22:24 548864 ----a-w- C:\msvcp80.dll
2011-03-27 10:09 . 2007-10-29 22:24 626688 ----a-w- C:\msvcr80.dll
2011-03-20 23:20 . 2011-03-20 23:20 -------- d-----w- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Xilisoft
2011-03-20 23:20 . 2011-03-20 23:20 -------- d-----w- c:\programme\Xilisoft
2011-03-20 23:20 . 2011-03-20 23:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Xilisoft
2011-03-15 17:37 . 2011-03-15 17:37 -------- d-----w- c:\programme\Free M4a to MP3 Converter
2011-03-15 16:19 . 2010-11-18 13:38 77824 ----a-w- c:\windows\system32\AlfaBIGSaitek32.dll
2011-03-15 16:19 . 2010-11-05 16:03 274432 ----a-w- c:\windows\system32\ALFASVRSaitek32.dll
2011-03-14 18:12 . 2011-03-18 18:13 -------- d-----w- c:\programme\German Truck Simulator
2011-03-13 18:45 . 2011-04-09 07:32 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-03-13 18:44 . 2011-04-09 07:32 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-03-13 18:44 . 2011-04-08 22:13 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-03-13 18:43 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-13 18:43 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-13 18:43 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-13 18:43 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 12:44 . 2009-08-18 10:30 564632 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-01 12:44 . 2009-08-18 10:24 18328 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-24 16:21 . 2008-12-16 08:41 6340200 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-02-17 12:02 . 2008-12-16 08:41 20029032 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-09 13:56 . 2008-12-16 08:41 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-12-15 16:34 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-12-15 16:34 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-02 04:22 . 2010-06-02 04:22 89944 ----a-w- c:\programme\DSETUP.dll
2010-06-02 04:22 . 2010-06-02 04:22 537432 ----a-w- c:\programme\DXSETUP.exe
2010-06-02 04:22 . 2010-06-02 04:22 1801048 ----a-w- c:\programme\dsetup32.dll
2010-02-02 17:44 . 2010-02-02 17:44 54206 ----a-w- c:\programme\Cockpit-Install_byIcestar05.exe
2010-01-30 17:36 . 2010-01-30 17:36 563872 ----a-w- c:\programme\GoogleEarthSetup.exe
2009-12-23 12:42 . 2009-12-23 12:42 25570478 ----a-w- c:\programme\Santa_Demo_Setup.exe
2009-12-19 11:58 . 2009-12-19 11:57 74326512 ----a-w- c:\programme\kis9.0.0.736deDACH.exe
2009-10-21 19:04 . 2009-10-21 19:04 482624 ----a-w- c:\programme\smartdraw_11E_EAXVG_setup.exe
2009-10-14 10:49 . 2009-10-14 10:49 1369088 ----a-w- c:\programme\CStats 1.0.msi
2009-05-26 14:40 . 2009-05-26 14:40 20617000 ----a-w- c:\programme\SkypeSetupFull.exe
2008-12-26 12:04 . 2008-12-25 17:51 8213504 ----a-w- c:\programme\wz120gev.msi
2008-12-18 19:28 . 2008-12-18 19:28 774144 ----a-w- c:\programme\RngInterstitial.dll
2008-12-16 17:13 . 2008-12-16 17:13 68756776 ----a-w- c:\programme\iTunesSetup.exe
2008-05-28 01:39 . 2009-10-27 17:19 395045070 ----a-w- c:\programme\f-1mania38.exe
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="d:\programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-12 306088]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Pando Media Booster"="c:\programme\Pando Networks\Media Booster\PMB.exe" [2010-10-25 2969496]
"igndlm.exe"="c:\programme\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"avp"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"TrayServer"="c:\programme\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe" [2008-08-07 90112]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Mirau\Startmen\Programme\Autostart\
OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-7-22 784912]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 08:10 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:CDEFGHIJK *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Codemasters\\Der Herr der Ringe Online\\lotroclient.exe"=
"c:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"c:\\Programme\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"c:\\Programme\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\game.dat"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\patchget.dat"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Windows Media Player\\wmplayer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Programme\\BitTorrent\\BitTorrent.exe"=
"c:\\Programme\\Codemasters\\F1 2010\\F1_2010_game.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"57297:TCP"= 57297:TCP:Pando Media Booster
"57297:UDP"= 57297:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09.06.2010 17:43 11352]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 18:09 1253376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.09.2009 13:42 32856]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys --> c:\windows\system32\DRIVERS\sbpcint4.sys [?]
S2 gupdate1c9de1043fda0a;Google Update Service (gupdate1c9de1043fda0a);c:\programme\Google\Update\GoogleUpdate.exe [26.05.2009 16:41 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02.04.2011 12:17 1691480]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 12:10 3276800]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.10.2009 19:39 19472]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 14:00 14336]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [31.07.2009 12:03 98488]
S4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-26 14:41]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-26 14:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Mirau\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
FF - ProfilePath - c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-German Truck Simulator Demo - c:\programme\German Truck Simulator Demo\Uninstall.exe
AddRemove-ProTrain 10 Aachen - Köln 1.0 - c:\programme\Microsoft Games\Train Simulator\SETUP\setup.exe
AddRemove-ProTrain 17 München-Salzburg 1.0 - c:\programme\Microsoft Games\Train Simulator\SETUP.1\setup.exe
AddRemove-ProTrain 18 Hamburg-Berlin 1.0 - c:\programme\Microsoft Games\Train Simulator\SETUP.3\setup.exe
AddRemove-ProTrain 19 Berlin-Rostock 1.0 - c:\programme\Microsoft Games\Train Simulator\SETUP.2\setup.exe
AddRemove-Train Simulator 1.0 - c:\programme\Microsoft Games\Train Simulator\UNINSTAL.EXE
AddRemove-Bus Driver Streckeneditor 0.9.0.0 Alpha - c:\programme\Uninstal_Streckeneditor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-10 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,1b,6c,be,98,d2,9f,3e,de,e2,70,f5,74,32,24,9a,b2,78,66,36,3d,cc,dd,
48,f8,c3,94,70,95,f3,73,ae,64,45,19,5b,73,ce,f2,5f,0c,95,28,bf,01,61,50,da,\
"??"=hex:b1,82,6f,f8,1f,55,dd,3a,f2,4c,ec,72,5b,20,80,c7
.
[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:bc,76,ca,94,c1,7b,ca,dd,43,5a,5f,eb,7d,a0,f4,74,47,98,63,e9,cf,
c1,6b,e2,1e,8d,97,15,9a,99,cb,c7,f6,86,a6,8e,77,4d,71,c8,2b,3f,0b,95,f3,f6,\
"rkeysecu"=hex:3f,30,e1,aa,6b,c7,0b,a9,40,14,fc,87,cc,40,51,46
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2011-04-10 09:50:05
ComboFix-quarantined-files.txt 2011-04-10 07:49
ComboFix2.txt 2011-03-02 20:08
.
Vor Suchlauf: 18 Verzeichnis(se), 29.537.234.944 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 29.871.546.368 Bytes frei
.
- - End Of File - - 7060327DC0317D976B461A190978A940
|
