Trojaner-Board
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Java:Agent-EM (Expl) und mehr hilfe!!! (https://www.trojaner-board.de/98462-java-agent-em-expl-mehr-hilfe.html)

Virus help 10.05.2011 05:57
oke ehm was für dateien würden denn jetzt gelöscht unwichtige oder?


All processes killed
========== OTL ==========
C:\ProgramData\FullRemove.exe moved successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
ADS C:\ProgramData\TEMP:93DE1838 deleted successfully.
ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.
ADS C:\ProgramData\TEMP:1D32EC29 deleted successfully.
ADS C:\ProgramData\TEMP:E3C56885 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 11963940 bytes
->Temporary Internet Files folder emptied: 4109124 bytes
->Flash cache emptied: 75 bytes

User: PBell
->Temp folder emptied: 249109949 bytes
->Temporary Internet Files folder emptied: 63122838 bytes
->Java cache emptied: 15931818 bytes
->FireFox cache emptied: 754856672 bytes
->Apple Safari cache emptied: 14227456 bytes
->Opera cache emptied: 8117236 bytes
->Flash cache emptied: 23812 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13289444 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.082,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05102011_065055

Files\Folders moved on Reboot...
C:\Users\PBell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 10.05.2011 11:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Virus help 10.05.2011 13:56
ok so habs fertig ehm was hat das jetzt gebracht weil sehe zum ersten mal so ein programm^^
Combofix Logfile:
Code:
ComboFix 11-05-09.02 - PBell 10.05.2011  14:35:07.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3063.2134 [GMT 2:00]
ausgeführt von:: c:\users\PBell\Desktop\cofi.exe
AV: G Data InternetSecurity 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: G Data Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110214.txt
c:\cflog\CrashLog_20110215.txt
c:\cflog\CrashLog_20110216.txt
C:\install.exe
c:\users\Gast\AppData\Roaming\.#
c:\users\Gast\AppData\Roaming\.#\MBX@ADC@3C2790.###
c:\users\Gast\AppData\Roaming\.#\MBX@ADC@3C27C0.###
c:\users\Gast\AppData\Roaming\.#\MBX@DE4@6E2790.###
c:\users\Gast\AppData\Roaming\.#\MBX@DE4@6E27C0.###
c:\users\PBell\AppData\Roaming\chrtmp
c:\users\PBell\AppData\Roaming\edxLabs
c:\users\PBell\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\15750516.txt
c:\users\PBell\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\15758113.txt
c:\users\PBell\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\15930868.txt
c:\users\PBell\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\16314459.txt
c:\users\PBell\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-10 bis 2011-05-10  ))))))))))))))))))))))))))))))
.
.
2011-05-10 12:42 . 2011-05-10 12:42        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2011-05-10 12:42 . 2011-05-10 12:42        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-10 07:06 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2470DB40-E627-4F74-BCD5-8F6353CBC8C9}\mpengine.dll
2011-05-10 04:50 . 2011-05-10 04:50        --------        d-----w-        C:\_OTL
2011-05-08 13:39 . 2011-05-08 13:39        1152832        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-08 13:39 . 2011-05-08 13:39        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-08 13:38 . 2011-05-08 13:38        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-08 01:17 . 2011-05-08 01:17        --------        d-----w-        c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-08 01:15 . 2011-05-08 01:15        --------        d-----w-        c:\program files\Common Files\Apple
2011-05-08 01:15 . 2011-05-08 01:15        --------        d-----w-        c:\program files\Bonjour
2011-05-08 01:15 . 2011-05-08 01:15        --------        d-----w-        c:\program files (x86)\Bonjour
2011-04-30 18:59 . 2011-04-30 18:59        --------        d-----w-        c:\users\PBell\AppData\Roaming\Malwarebytes
2011-04-30 18:58 . 2011-04-30 18:58        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-30 18:58 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-30 18:58 . 2011-04-30 18:58        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-30 18:58 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-26 23:38 . 2011-03-12 12:08        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-26 23:38 . 2011-02-25 06:19        2871808        ----a-w-        c:\windows\explorer.exe
2011-04-26 23:38 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\SysWow64\explorer.exe
2011-04-26 23:38 . 2011-03-12 11:23        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-04-24 10:07 . 2011-04-24 10:07        --------        d-----w-        c:\windows\SysWow64\RTCOM
2011-04-24 10:06 . 2010-11-29 16:47        2578576        ----a-w-        c:\windows\system32\WavesGUILib.dll
2011-04-24 10:06 . 2009-11-24 07:55        518896        ----a-w-        c:\windows\system32\SRSTSX64.dll
2011-04-24 10:06 . 2009-11-24 07:55        211184        ----a-w-        c:\windows\system32\SRSTSH64.dll
2011-04-24 10:06 . 2009-11-24 07:55        198896        ----a-w-        c:\windows\system32\SRSHP64.dll
2011-04-24 10:06 . 2009-11-24 07:55        155888        ----a-w-        c:\windows\system32\SRSWOW64.dll
2011-04-24 10:06 . 2011-03-31 14:49        2392168        ----a-w-        c:\windows\system32\RtPgEx64.dll
2011-04-24 10:06 . 2010-11-03 16:31        1146984        ----a-w-        c:\windows\system32\RTSnMg64.cpl
2011-04-24 10:06 . 2011-04-06 13:33        2826984        ----a-w-        c:\windows\system32\drivers\RTKVHD64.sys
2011-04-24 10:06 . 2010-11-03 16:31        332392        ----a-w-        c:\windows\system32\RtlCPAPI64.dll
2011-04-24 10:02 . 2011-04-24 10:02        --------        d-----w-        c:\program files (x86)\Realtek
2011-04-24 09:29 . 2011-04-24 09:30        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation
2011-04-24 09:27 . 2011-04-24 09:27        --------        d-----w-        C:\NVIDIA
2011-04-23 11:47 . 2011-04-23 11:48        --------        d-----w-        c:\programdata\IObit
2011-04-23 11:47 . 2011-04-23 11:48        --------        d-----w-        c:\program files (x86)\IObit
2011-04-10 15:49 . 2011-04-10 15:49        --------        d-----w-        c:\program files (x86)\Vogster Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:26 . 2011-04-06 14:26        96544        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26        69408        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26        237856        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26        119584        ----a-w-        c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\SysWow64\dns-sd.exe
2011-03-24 13:24 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-03-24 13:24 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-03-04 06:19 . 2011-04-26 23:38        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 23:38        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-25 17:37 . 2009-01-01 07:10        1284712        ----a-w-        c:\windows\RtlExUpd.dll
2011-02-19 12:05 . 2011-03-09 12:36        1139200        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 12:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 12:36        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 12:36        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 12:36        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-02-10 02:29 . 2011-02-10 02:29        106224        ----a-w-        c:\windows\SysWow64\drivers\GRD.sys
2009-09-24 12:30 . 2010-01-23 22:35        1456640        ----a-w-        c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Software Suite SE"="c:\program files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" [2009-09-10 2356256]
"Steam"="c:\users\PBell\Desktop\Steam\steam.exe" [2011-02-18 1242448]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Photo Frame"="c:\program files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-09-24 1124424]
"G DATA AntiVirus Trayapplication"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2009-09-18 924232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 dump_wmimmc;dump_wmimmc;d:\programme\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 X6va003;X6va003;c:\users\PBell\AppData\Local\Temp\0033A8B.tmp [x]
R3 X6va005;X6va005;c:\users\PBell\AppData\Local\Temp\005E060.tmp [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-01-18 106224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-12-07 1128008]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2009-08-08 397896]
S2 AVKWCtl;G Data Filesystem Monitor;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2009-11-25 1731504]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2009-11-25 1664560]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 00:04]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 00:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102106p0325v155y4792020r
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102106p0325v155y4792020r
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\PBell\AppData\Roaming\Mozilla\Firefox\Profiles\30zk41z0.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Maidens Treasure 5_is1 - c:\program files (x86)\Pokie Magic Games\Maidens Treasure\unins000.exe
AddRemove-Pharaohs Gold 5_is1 - c:\program files (x86)\Pokie Magic Games\Pharaohs Gold\unins000.exe
AddRemove-Pirates Gold 5_is1 - c:\program files (x86)\Pokie Magic Games\Pirates Gold 5\unins000.exe
AddRemove-Pirates Plunder_is1 - c:\program files (x86)\Pokie Magic Games\Pirates Plunder\unins000.exe
AddRemove-Polar Pays 5_is1 - c:\program files (x86)\Pokie Magic Games\Polar Pays\unins000.exe
AddRemove-Steam App 550 - c:\program files (x86)\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\PBell\AppData\Local\Temp\0033A8B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\PBell\AppData\Local\Temp\005E060.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-10  14:53:38
ComboFix-quarantined-files.txt  2011-05-10 12:53
.
Vor Suchlauf: 14 Verzeichnis(se), 347.551.395.840 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 347.200.430.080 Bytes frei
.
- - End Of File - - 0193E110FD39BA82F40D07198CA84815
--- --- ---

cosinus 10.05.2011 14:14
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\users\PBell\AppData\Local\Temp\0033A8B.tmp
c:\users\PBell\AppData\Local\Temp\005E060.tmp

Driver::
X6va003
X6va005

Folder::
c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Virus help 10.05.2011 17:32
welchen notpad soll ich starten hö?

Virus help 10.05.2011 17:33
asooo texdukoment^^

Virus help 10.05.2011 17:37
ehmm was richtitet das da an bitte weil da steht in dein text :

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ was soll das betuetten?? also was richtet das aus dieser text denn ich kopieren soll und auf combofix ziehn soll?

cosinus 10.05.2011 18:52
Das Script ist nur für dich bzw. deinen Rechner!
Bitte führ es aus wie beschrieben!

Virus help 12.05.2011 07:53
hi also ich habe das so gemacht wie du gesagt hast dann hab ich logdatetei bekommen und neustart gemacht danach hin hatt sich GDATA gemeldet das auf mein pc mehrer serve rlaufen usw.... hab geguckt zuglück nur das was ich rbauche dacht schon du hast da wat gemacht aber egal:D hier is log datei grad eben frisch gemacht und was wurde da jetzt genau gelöscht kannst du mir des sagen?

Combofix Logfile:
Code:
ComboFix 11-05-11.02 - PBell 12.05.2011  8:33.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3063.1892 [GMT 2:00]
ausgeführt von:: c:\users\PBell\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\PBell\Desktop\CFScript.txt
AV: G Data InternetSecurity 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: G Data Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\PBell\AppData\Local\Temp\0033A8B.tmp"
"c:\users\PBell\AppData\Local\Temp\005E060.tmp"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxInstallLog.txt
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA003
-------\Legacy_X6VA005
-------\Service_X6va003
-------\Service_X6va005
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-12 bis 2011-05-12  ))))))))))))))))))))))))))))))
.
.
2011-05-12 06:42 . 2011-05-12 06:42        0        ---ha-w-        c:\users\PBell\AppData\Local\BITB05A.tmp
2011-05-11 11:22 . 2011-04-09 07:02        5562240        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-11 11:22 . 2011-04-09 06:02        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 11:22 . 2011-04-09 06:02        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 11:22 . 2011-03-25 03:29        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2011-05-11 11:22 . 2011-03-25 03:29        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2011-05-11 11:22 . 2011-03-25 03:29        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2011-05-11 11:22 . 2011-03-25 03:29        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2011-05-11 11:22 . 2011-03-25 03:29        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2011-05-11 11:22 . 2011-03-25 03:29        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2011-05-11 11:22 . 2011-03-25 03:28        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys
2011-05-10 07:06 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2470DB40-E627-4F74-BCD5-8F6353CBC8C9}\mpengine.dll
2011-05-10 04:50 . 2011-05-10 04:50        --------        d-----w-        C:\_OTL
2011-05-08 13:39 . 2011-05-08 13:39        1152832        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-08 13:39 . 2011-05-08 13:39        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-08 13:38 . 2011-05-08 13:38        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-08 01:15 . 2011-05-08 01:15        --------        d-----w-        c:\program files\Common Files\Apple
2011-05-08 01:15 . 2011-05-08 01:15        --------        d-----w-        c:\program files\Bonjour
2011-05-08 01:15 . 2011-05-08 01:15        --------        d-----w-        c:\program files (x86)\Bonjour
2011-04-30 18:59 . 2011-04-30 18:59        --------        d-----w-        c:\users\PBell\AppData\Roaming\Malwarebytes
2011-04-30 18:58 . 2011-04-30 18:58        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-30 18:58 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-30 18:58 . 2011-04-30 18:58        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-30 18:58 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-26 23:38 . 2011-03-12 12:08        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-26 23:38 . 2011-02-25 06:19        2871808        ----a-w-        c:\windows\explorer.exe
2011-04-26 23:38 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\SysWow64\explorer.exe
2011-04-26 23:38 . 2011-03-12 11:23        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-04-24 10:07 . 2011-04-24 10:07        --------        d-----w-        c:\windows\SysWow64\RTCOM
2011-04-24 10:06 . 2010-11-29 16:47        2578576        ----a-w-        c:\windows\system32\WavesGUILib.dll
2011-04-24 10:06 . 2009-11-24 07:55        518896        ----a-w-        c:\windows\system32\SRSTSX64.dll
2011-04-24 10:06 . 2009-11-24 07:55        211184        ----a-w-        c:\windows\system32\SRSTSH64.dll
2011-04-24 10:06 . 2009-11-24 07:55        198896        ----a-w-        c:\windows\system32\SRSHP64.dll
2011-04-24 10:06 . 2009-11-24 07:55        155888        ----a-w-        c:\windows\system32\SRSWOW64.dll
2011-04-24 10:06 . 2011-03-31 14:49        2392168        ----a-w-        c:\windows\system32\RtPgEx64.dll
2011-04-24 10:06 . 2010-11-03 16:31        1146984        ----a-w-        c:\windows\system32\RTSnMg64.cpl
2011-04-24 10:06 . 2011-04-06 13:33        2826984        ----a-w-        c:\windows\system32\drivers\RTKVHD64.sys
2011-04-24 10:06 . 2010-11-03 16:31        332392        ----a-w-        c:\windows\system32\RtlCPAPI64.dll
2011-04-24 10:02 . 2011-04-24 10:02        --------        d-----w-        c:\program files (x86)\Realtek
2011-04-24 09:29 . 2011-04-24 09:30        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation
2011-04-24 09:27 . 2011-04-24 09:27        --------        d-----w-        C:\NVIDIA
2011-04-23 11:47 . 2011-04-23 11:48        --------        d-----w-        c:\programdata\IObit
2011-04-23 11:47 . 2011-04-23 11:48        --------        d-----w-        c:\program files (x86)\IObit
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:26 . 2011-04-06 14:26        96544        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26        69408        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26        237856        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26        119584        ----a-w-        c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\SysWow64\dns-sd.exe
2011-03-24 13:24 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-03-24 13:24 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-03-04 06:19 . 2011-04-26 23:38        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 23:38        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-25 17:37 . 2009-01-01 07:10        1284712        ----a-w-        c:\windows\RtlExUpd.dll
2011-02-19 12:05 . 2011-03-09 12:36        1139200        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 12:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 12:36        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 12:36        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 12:36        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2009-09-24 12:30 . 2010-01-23 22:35        1456640        ----a-w-        c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-05-10_12.52.12  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-03 14:04 . 2011-05-12 06:22        43070              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-12 06:22        43456              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-18 23:40 . 2011-05-11 11:19        14050              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3396300932-3457207744-2361604580-1000_UserData.bin
- 2009-07-14 05:30 . 2011-05-08 01:15        86016              c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-05-12 06:17        86016              c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-11 11:22 . 2011-03-25 03:29        30720              c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys
+ 2011-05-11 11:22 . 2011-03-25 03:29        25600              c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys
+ 2011-05-11 11:22 . 2011-03-25 03:29        52736              c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys
+ 2011-05-11 11:22 . 2011-03-25 03:29        98816              c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys
+ 2009-01-01 07:17 . 2011-05-12 06:21        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-01 07:17 . 2011-05-10 05:50        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-10 05:50 . 2011-05-10 05:50        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-10 05:50 . 2011-05-12 06:21        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-10 05:50        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-12 06:21        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-15 23:56 . 2011-05-10 12:29        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-15 23:56 . 2011-05-12 06:21        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-05-12 06:22        91680              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-02-15 23:56 . 2011-05-10 12:29        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-15 23:56 . 2011-05-12 06:21        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-15 23:56 . 2011-05-12 06:21        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-15 23:56 . 2011-05-10 12:29        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-18 23:44 . 2011-05-12 06:21        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-18 23:44 . 2011-05-10 12:29        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-18 23:44 . 2011-05-10 12:29        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-18 23:44 . 2011-05-12 06:21        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-15 01:09 . 2011-04-15 01:09        49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-05-11 21:32 . 2011-05-11 21:32        49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        35088              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-04 01:48 . 2011-05-11 21:32        35088              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        18704              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-04 01:48 . 2011-05-11 21:32        18704              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        20240              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-09-04 01:48 . 2011-05-11 21:32        20240              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-04-15 01:09 . 2011-04-15 01:09        35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-05-11 21:32 . 2011-05-11 21:32        35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-10-30 12:01 . 2011-05-10 11:52        49152              c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2010-10-30 12:01 . 2011-05-11 15:34        49152              c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2010-10-30 12:02 . 2011-05-11 15:34        81920              c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-10-30 12:02 . 2011-05-10 11:52        81920              c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2011-05-11 11:22 . 2011-03-25 03:28        7936              c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys
- 2011-05-10 04:54 . 2011-05-10 04:54        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-12 06:42 . 2011-05-12 06:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-12 06:42 . 2011-05-12 06:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-10 04:54 . 2011-05-10 04:54        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2011-05-08 01:15        143360              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-05-12 06:17        143360              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-05-12 06:17        143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-05-08 01:15        143360              c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-11 11:22 . 2011-03-25 03:29        325120              c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys
+ 2011-05-11 11:22 . 2011-03-25 03:29        343040              c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
+ 2011-05-11 11:22 . 2011-03-25 03:29        343040              c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
+ 2009-07-14 05:31 . 2011-05-12 06:17        399360              c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-04-27 01:18        399360              c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:01 . 2011-05-12 06:41        364972              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-05-10 07:41        364972              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-09-04 01:48 . 2011-05-11 21:32        888080              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        888080              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        922384              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-04 01:48 . 2011-05-11 21:32        922384              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-04 01:48 . 2011-05-11 21:32        217864              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        217864              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-04 01:48 . 2011-05-11 21:32        184080              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        184080              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-10-30 12:02 . 2011-05-11 15:34        937984              c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-10-30 12:02 . 2011-05-10 11:52        937984              c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-10-30 12:01 . 2011-05-10 11:52        137216              c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-10-30 12:01 . 2011-05-11 15:34        137216              c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-10-30 12:01 . 2011-05-11 15:34        102400              c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-10-30 12:01 . 2011-05-10 11:52        102400              c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-10-30 12:01 . 2011-05-10 11:52        148992              c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-10-30 12:01 . 2011-05-11 15:34        148992              c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2009-07-14 04:45 . 2011-05-12 06:22        7114111              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-04-27 01:20        7114111              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-29 10:27 . 2011-04-29 10:27        4158464              c:\windows\Installer\2335961.msp
+ 2011-04-29 10:30 . 2011-04-29 10:30        1197056              c:\windows\Installer\2335939.msp
+ 2009-09-04 01:48 . 2011-05-11 21:32        1172240              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-04 01:48 . 2011-04-15 01:11        1172240              c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-14 02:34 . 2011-05-12 06:17        10485760              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-04-27 01:18        10485760              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-03 09:11 . 2011-05-11 21:32        44548040              c:\windows\system32\MRT.exe
- 2011-02-19 01:50 . 2011-05-10 07:42        15642906              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3396300932-3457207744-2361604580-1000-8192.dat
+ 2011-02-19 01:50 . 2011-05-12 06:41        15642906              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3396300932-3457207744-2361604580-1000-8192.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Software Suite SE"="c:\program files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" [2009-09-10 2356256]
"Steam"="c:\users\PBell\Desktop\Steam\steam.exe" [2011-02-18 1242448]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Photo Frame"="c:\program files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-09-24 1124424]
"G DATA AntiVirus Trayapplication"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2009-09-18 924232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 dump_wmimmc;dump_wmimmc;d:\programme\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-01-18 106224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-12-07 1128008]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2009-08-08 397896]
S2 AVKWCtl;G Data Filesystem Monitor;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2009-11-25 1731504]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2009-11-25 1664560]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 00:04]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 00:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF7994.cfxxe" [X]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102106p0325v155y4792020r
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102106p0325v155y4792020r
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\PBell\AppData\Roaming\Mozilla\Firefox\Profiles\30zk41z0.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"
@="Browsing Enhancements"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17514"
"ComponentID"="ExtraPack"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"IsInstalled"=dword:00000001
"Version"="12,0,7601,17514"
"ComponentID"="Microsoft Windows Media Player"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"IsInstalled"=dword:00000001
"Version"="4,9,9,2"
"ComponentID"="MSN_Auth"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 7"
"Version"="6,1,7601,17514"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
@=".NET Framework"
"Locale"=""
"ComponentID"=".NETFramework"
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"
"ComponentID"="IE4_SHELLID"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
"Version"="6,1,7601,17514"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Web Platform Customizations"
"IsInstalled"=dword:00000001
"Version"="8,0,7100,0"
"ComponentID"="BASEIE40_W2K"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"
"Locale"="en"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17514"
"ComponentID"="Tridata"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17136"
"ComponentID"="Fontcore"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="10.0.22.87"
@="Adobe Flash Player"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"IsInstalled"=dword:00000001
"Version"="6,1,7601,17514"
"ComponentID"="HTMLHelp"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,0,00,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"Locale"=""
"Version"="4,0,30319,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-12  08:46:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-12 06:46
ComboFix2.txt  2011-05-10 12:53
.
Vor Suchlauf: 17 Verzeichnis(se), 344.284.987.392 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 343.862.931.456 Bytes frei
.
- - End Of File - - 719BEF74821C23DD50146C8CC0529696
--- --- ---

cosinus 12.05.2011 09:56
Zitat:
sich GDATA gemeldet das auf mein pc mehrer serve rlaufen
1.) notiert man solche Meldungen und postet die wortgenau
2.) kannst und solltest du später auf GDATA IS verzichten, das Teil ist ein kontraproduktive Systembremse!

Virus help 12.05.2011 10:09
alles klar danke für deine info und noch eins was wurde dann da jetzt gemacht wo ich denn notepad auf combo fix drauf gemacht habe .. was wurde da genaues gelöscht und is jetzt eigl alels wieder ok?

cosinus 12.05.2011 11:21
Am besten GDATA zuerst deinstallieren, nimm einen reinen Virenscanner wie Microsoft Security Essentials und aktiviere die Windows-Firewall.

Virus help 12.05.2011 13:20
ehm hatte gdada schonn beim kaufen vom pc mit drauf und mit ein premium key also der is so wie gekauft mti denn ganzen funktionen usw... meisn du soll ich echt? is ja keine testversion is voll version^^ und zur meinte anderen frage die hast du noch immer nicht ebantwort diesen notepad wo ich das darein kopiert habe und dann auf combofix drauf gezogen habe was wurde da eigentlich gelöscht genau?

cosinus 12.05.2011 13:36
Zitat:
meisn du soll ich echt? is ja keine testversion is voll version^^
Was tut das zur Sache?
Suites fand ich noch nie sinnvoll. Aber wenn du auf Systembremsen stehst, behalt dein GDATA IS, du musst damit ja zurechtkommen, nicht ich :pfeiff:

Virus help 12.05.2011 13:55
ok:D und noch was( was wurde da jetzt gelöscht?? wo ich notepad geamcht habe und denn das auf combofix gezogen habe?) meine zweite frage ist soll ich mir dann lieber avast holen weild as auch ziemlich gut sein soll hab ich gehört oder avira?


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:54 Uhr.
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132