Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-11-09.01 - HP 10.11.2010 10:49:39.1.2 - x86
ausgeführt von:: c:\users\HP\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\HP\AppData\Roaming\.#
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A72960.###
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A72990.###
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A729C0.###
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_usnjsvc
((((((((((((((((((((((( Dateien erstellt von 2010-10-10 bis 2010-11-10 ))))))))))))))))))))))))))))))
.
2010-11-10 07:02 . 2010-11-10 07:02 -------- d-----w- C:\_OTL
2010-11-09 08:04 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A0C16EC-B731-4D4F-A4E1-7B4D0B66BBF9}\mpengine.dll
2010-11-08 13:08 . 2010-11-08 13:08 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2010-11-08 13:08 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 13:08 . 2010-11-08 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 13:08 . 2010-11-08 13:08 -------- d-----w- c:\programdata\Malwarebytes
2010-11-08 13:08 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 20:25 . 2010-11-07 20:25 -------- d-----w- c:\programdata\Samsung
2010-11-07 20:23 . 2010-11-07 20:23 -------- d-----w- c:\program files\MarkAny
2010-11-07 20:20 . 2010-11-07 20:20 -------- d-----w- c:\users\HP\AppData\Local\Downloaded Installations
2010-11-07 10:51 . 2010-11-07 10:51 -------- d-----w- c:\users\HP\AppData\Roaming\PC Suite
2010-11-07 10:51 . 2010-11-07 10:51 -------- d-----w- c:\programdata\PC Suite
2010-11-05 09:25 . 2010-11-05 09:25 -------- d-----w- c:\users\HP\AppData\Roaming\Avira
2010-10-27 11:26 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 11:26 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 11:26 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 10:52 . 2010-10-28 10:56 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-22 10:52 . 2010-10-22 10:52 -------- d-----w- c:\programdata\McAfee Security Scan
2010-10-19 10:16 . 2010-10-19 10:16 -------- d-----w- c:\program files\iPod
2010-10-19 10:10 . 2010-10-19 10:10 -------- d-----w- c:\program files\Bonjour
2010-10-17 22:33 . 2010-10-17 22:33 -------- d-----w- c:\users\HP\AppData\Roaming\Gogii
2010-10-17 21:32 . 2010-10-17 21:33 -------- d-----w- c:\users\HP\AppData\Roaming\Enlightenus2SE_BFG
2010-10-17 12:40 . 2010-10-17 12:40 -------- d-----w- c:\users\HP\AppData\Roaming\Vogat Interactive
2010-10-17 12:22 . 2010-10-17 12:23 -------- d-----w- c:\program files\Drawn - Flucht aus der Dunkelheit
2010-10-17 11:50 . 2010-10-17 11:51 -------- d-----w- c:\program files\Robins Quest - Aufstieg einer Legende
2010-10-17 10:49 . 2010-10-17 10:49 -------- d-----w- c:\program files\Elixier der Unsterblichkeit
2010-10-17 10:08 . 2010-10-17 10:09 -------- d-----w- c:\program files\Enlightenus II - Der ewige Turm
2010-10-12 23:08 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-12 23:07 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-12 22:43 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 22:43 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-12 22:43 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 22:43 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 06:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-04-19 21:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-27 11:26 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 11:26 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 11:26 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 11:26 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 12:42 128000 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}"="c:\program files\BRAVIS\Galaxee 4free\bravis.exe" [2009-12-18 7696704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-17 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c998ca40d6bbff;Google Update Service (gupdate1c998ca40d6bbff);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
2010-11-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-27 08:43]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 10:57]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 10:57]
2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{D5D03B1D-F6F6-4927-ABA2-A822FA9CD2A6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\gn2gx2tl.default\
FF - prefs.js: browser.startup.homepage - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:62,90,6d,62,73,1e,44,2f,5b,c4,ea,1f,25,1a,61,80,7f,59,17,46,33,0c,c2,
d1,80,70,67,b8,85,23,cc,f4,49,8e,d3,8a,75,21,58,bf,7c,93,22,7a,98,9a,e9,a2,\
"??"=hex:4c,29,47,78,35,42,bc,1b,86,e3,61,d6,a0,f3,53,d9
[HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\License information*]
"datasecu"=hex:ee,ec,63,04,56,e2,46,56,25,87,0c,dc,78,85,72,6b,5b,5f,79,c7,b8,
6e,c1,66,78,4e,89,d7,93,27,0f,40,99,b7,4e,f7,15,5a,de,ea,cd,cb,a8,d7,ca,8e,\
"rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5560)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-10 11:13:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-10 10:12
Vor Suchlauf: 19 Verzeichnis(se), 103.797.641.216 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 103.970.107.392 Bytes frei
- - End Of File - - EA7741343CF20539E0E51E98EE130598
10.11.2010, 11:19
Hybrid-Darstellung
