Dateien löschen oder nicht?!

cosinus · 30.04.2010, 13:17

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

File::
c:\windows\system32\A5F2.tmp
c:\users\Anja\AppData\Roaming\ypgmjw.dat

Driver::
MEMSWEEP2

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

annianni · 01.05.2010, 20:20

Hier der Log:

ComboFix 10-04-29.01 - Anja 01.05.2010 20:58:30.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2908.2104 [GMT 2:00]
ausgeführt von:: c:\users\Anja\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Anja\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
"c:\users\Anja\AppData\Roaming\ypgmjw.dat"
"c:\windows\system32\A5F2.tmp"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Anja\AppData\Roaming\ypgmjw.dat

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-01 bis 2010-05-01 ))))))))))))))))))))))))))))))
.

2010-05-01 19:13 . 2010-05-01 19:13 -------- d-----w- c:\users\Anja\AppData\Local\temp
2010-05-01 19:13 . 2010-05-01 19:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-01 19:13 . 2010-05-01 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-30 08:43 . 2010-04-30 09:08 -------- d-----w- C:\cofi
2010-04-29 18:44 . 2010-04-29 18:44 6153648 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-28 22:36 . 2010-04-28 23:15 -------- d-----w- c:\users\Anja\AppData\Local\Microsoft Games
2010-04-27 07:38 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-04-26 16:34 . 2010-04-26 16:35 -------- d-----w- c:\windows\system32\ca-ES
2010-04-26 16:34 . 2010-04-26 16:35 -------- d-----w- c:\windows\system32\eu-ES
2010-04-26 16:34 . 2010-04-26 16:35 -------- d-----w- c:\windows\system32\vi-VN
2010-04-26 16:22 . 2010-04-26 16:22 -------- d-----w- c:\windows\system32\EventProviders
2010-04-21 17:49 . 2010-04-21 17:49 -------- d-----w- c:\users\Anja\AppData\Roaming\Avira
2010-04-21 17:47 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-21 17:47 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-21 17:47 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-21 17:47 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-21 17:47 . 2010-04-21 17:47 -------- d-----w- c:\programdata\Avira
2010-04-21 17:47 . 2010-04-21 17:47 -------- d-----w- c:\program files\Avira
2010-04-20 08:52 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 08:52 . 2010-04-29 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 08:52 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 08:45 . 2010-04-20 08:45 -------- d-----w- c:\program files\Trend Micro
2010-04-19 22:24 . 2010-04-20 00:22 -------- d-----w- C:\Kaspersky Rescue Disk 10.0
2010-04-19 17:03 . 2010-04-19 17:03 -------- d-----w- c:\users\Anja\AppData\Roaming\Malwarebytes
2010-04-19 17:02 . 2010-04-19 17:02 -------- d-----w- c:\programdata\Malwarebytes
2010-04-18 08:47 . 2010-04-18 08:47 -------- d-----w- c:\programdata\WindowsSearch
2010-04-17 23:59 . 2010-04-17 23:59 -------- d-----w- c:\program files\Common Files\Panda Security
2010-04-17 18:20 . 2010-04-20 18:11 -------- d-----w- c:\program files\Sophos
2010-04-17 17:20 . 2010-04-17 17:20 -------- d-----w- c:\programdata\Alwil Software
2010-04-14 17:45 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 17:45 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 17:45 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 17:45 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 17:45 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 17:45 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 17:45 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 17:45 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 17:45 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 17:45 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 17:44 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-11 12:31 . 2010-04-11 12:31 0 ----a-w- c:\windows\nsreg.dat
2010-04-10 14:07 . 2010-04-10 14:07 -------- d-----w- c:\program files\iPod
2010-04-10 14:07 . 2010-04-18 10:05 -------- d-----w- c:\program files\iTunes
2010-04-10 14:07 . 2010-04-10 14:07 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-10 14:04 . 2010-04-18 10:05 -------- d-----w- c:\program files\QuickTime
2010-04-10 14:01 . 2010-04-10 14:01 -------- d-----w- c:\program files\Bonjour
2010-04-10 13:58 . 2010-04-10 13:58 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-05 07:13 . 2010-04-05 07:10 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-05 07:13 . 2010-04-05 07:10 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-05 07:13 . 2009-11-13 21:36 530704 ----a-w- c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-05 07:13 . 2010-04-05 07:13 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-05 07:13 . 2010-04-05 07:13 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-05 07:13 . 2009-11-13 21:36 530704 ----a-w- c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-04-05 07:13 . 2010-04-05 07:13 57677 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-05 07:13 . 2010-04-05 07:13 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-05 07:10 . 2010-04-05 07:13 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 19:02 . 2008-01-21 07:15 621952 ----a-w- c:\windows\system32\perfh007.dat
2010-05-01 19:02 . 2008-01-21 07:15 123852 ----a-w- c:\windows\system32\perfc007.dat
2010-05-01 10:56 . 2009-09-07 16:33 -------- d-----w- c:\users\Anja\AppData\Roaming\Skype
2010-05-01 09:23 . 2009-09-07 16:34 -------- d-----w- c:\users\Anja\AppData\Roaming\skypePM
2010-04-28 23:34 . 2008-01-21 02:23 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys
2010-04-26 16:37 . 2008-08-06 09:05 -------- d-----w- c:\program files\Google
2010-04-26 16:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-26 16:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-26 16:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-26 16:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-26 16:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-26 16:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-26 16:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-26 16:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-19 09:45 . 2009-10-04 09:37 -------- d-----w- c:\users\Anja\AppData\Roaming\DivX
2010-04-18 10:05 . 2009-10-23 20:56 -------- d-----w- c:\users\Anja\AppData\Roaming\Winamp
2010-04-18 10:05 . 2009-10-23 20:56 -------- d-----w- c:\program files\Winamp
2010-04-18 10:05 . 2008-08-06 09:06 -------- d-----w- c:\program files\Toshiba TEMPRO
2010-04-18 10:05 . 2008-08-06 08:57 -------- d-----w- c:\programdata\Microsoft Help
2010-04-18 10:05 . 2009-08-31 12:08 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2010-04-12 08:04 . 2009-11-30 02:21 1 ----a-w- c:\users\Anja\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-10 14:07 . 2009-09-21 08:16 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 14:07 . 2010-01-30 18:28 -------- d-----w- c:\programdata\Apple Computer
2010-04-05 07:13 . 2009-09-28 18:39 -------- d-----w- c:\program files\DivX
2010-03-24 10:55 . 2010-03-24 10:55 -------- d-----w- c:\programdata\Xerox
2010-03-22 23:45 . 2009-09-07 15:24 119144 ----a-w- c:\users\Anja\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-22 23:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-03-22 23:17 . 2010-03-22 23:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-24 09:16 . 2009-10-06 20:33 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 14:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 14:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 14:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 14:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 07:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 07:18 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 07:18 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 10:48 . 2010-03-09 02:00 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-02 22:11 . 2010-02-02 22:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-02 22:11 . 2010-02-02 22:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-25 17:54 . 2010-01-25 17:54 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
.

((((((((((((((((((((((((((((( SnapShot@2010-04-30_09.05.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-05-01 18:57 60294 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-01 18:57 87368 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-07 15:50 . 2010-05-01 18:57 12024 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-40895833-2439499739-606158090-1000_UserData.bin
+ 2009-09-07 14:29 . 2010-05-01 18:54 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-07 14:29 . 2010-04-30 08:47 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-18 15:09 . 2010-05-01 09:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-04-18 15:09 . 2010-04-28 21:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-09-07 14:29 . 2010-05-01 18:54 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-07 14:29 . 2010-04-30 08:47 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-30 08:47 . 2010-04-30 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-01 18:54 . 2010-05-01 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-30 08:47 . 2010-04-30 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-01 18:54 . 2010-05-01 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-07 14:28 . 2010-04-30 10:16 370152 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-05-01 19:02 590082 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-30 08:54 590082 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-30 08:54 102094 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-05-01 19:02 102094 c:\windows\System32\perfc009.dat
+ 2009-09-22 17:36 . 2010-05-01 09:21 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-22 17:36 . 2010-04-29 17:53 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-07 14:29 . 2010-04-30 08:47 655360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-07 14:29 . 2010-05-01 18:54 655360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-07 15:30 . 2010-04-30 08:45 1203440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-07 15:30 . 2010-05-01 18:53 1203440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-02 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-9-17 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,21,b7,88,5f,e5,ca,01

R2 gupdate1cad48f45982090;Google Update Service (gupdate1cad48f45982090);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]

.
Inhalt des "geplante Tasks" Ordners

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 07:11]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 07:11]

2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{3B85BAF5-D7DD-4C26-B30C-F5A8F390CC6B}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyServer = proxyuhh.uni-hamburg.de:3128
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-01 21:13
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????8q???P?W?x?W???W???W??

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85434AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x89f0fd24
\Driver\ACPI -> acpi.sys @ 0x8069dd68
\Driver\atapi -> ataport.SYS @ 0x828e3a2c
\Driver\iaStor -> iaStor.sys @ 0x8284478c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-01 21:17:12
ComboFix-quarantined-files.txt 2010-05-01 19:17
ComboFix2.txt 2010-04-30 09:08

Vor Suchlauf: 15 Verzeichnis(se), 70.917.427.200 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 70.882.037.760 Bytes frei

- - End Of File - - 2DCFBC84E738020F100B08ECD3A2F3DF

Dateien löschen oder nicht?!

Plagegeister aller Art und deren Bekämpfung: Dateien löschen oder nicht?!

Dateien löschen oder nicht?!

Dateien löschen oder nicht?!

Ähnliche Themen: Dateien löschen oder nicht?!