| |
| |||||||
Log-Analyse und Auswertung: Programme gehen nicht mehr, kein Antivirenprogramm mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.10.2012, 17:32
| #5 | |
| |  Programme gehen nicht mehr, kein Antivirenprogramm mehr so, wohl bemerkt, antivirus-programm und internet funktioniert wieder. nur einige programme funktionieren nicht. beendet er immer nach dem starten. hier mal was für die auswertung??? Combofix Logfile: Code:
ATTFilter ComboFix 12-10-18.03 - **** 24.10.2012 18:07:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.231 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Andrea\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Andrea\Anwendungsdaten\HPSU_48BitScanUpdate.log
c:\dokumente und einstellungen\Andrea\WINDOWS
C:\Install.exe
c:\programme\Fast Browser Search
c:\programme\Fast Browser Search\IE\1.bat
c:\programme\Fast Browser Search\IE\about.html
c:\programme\Fast Browser Search\IE\affid.dat
c:\programme\Fast Browser Search\IE\basis.xml
c:\programme\Fast Browser Search\IE\basis_br.xml
c:\programme\Fast Browser Search\IE\basis_de.xml
c:\programme\Fast Browser Search\IE\basis_en.xml
c:\programme\Fast Browser Search\IE\basis_es.xml
c:\programme\Fast Browser Search\IE\basis_fr.xml
c:\programme\Fast Browser Search\IE\basis_it.xml
c:\programme\Fast Browser Search\IE\basis_nr.xml
c:\programme\Fast Browser Search\IE\basis_pt.xml
c:\programme\Fast Browser Search\IE\basis_ru.xml
c:\programme\Fast Browser Search\IE\basis_tr.xml
c:\programme\Fast Browser Search\IE\ClearRecycleBin.exe
c:\programme\Fast Browser Search\IE\error.html
c:\programme\Fast Browser Search\IE\FBSPlugin.dll
c:\programme\Fast Browser Search\IE\fbsProtection.xml
c:\programme\Fast Browser Search\IE\FbsSearchProvider.xml
c:\programme\Fast Browser Search\IE\FBStoolbar.dll
c:\programme\Fast Browser Search\IE\fbstoolbar.jar
c:\programme\Fast Browser Search\IE\fbstoolbar.manifest
c:\programme\Fast Browser Search\IE\icons.bmp
c:\programme\Fast Browser Search\IE\info.txt
c:\programme\Fast Browser Search\IE\local.xml
c:\programme\Fast Browser Search\IE\logobg.bmp
c:\programme\Fast Browser Search\IE\MTWBtoolbar.html
c:\programme\Fast Browser Search\IE\search.bmp
c:\programme\Fast Browser Search\IE\search_br.bmp
c:\programme\Fast Browser Search\IE\search_de.bmp
c:\programme\Fast Browser Search\IE\search_es.bmp
c:\programme\Fast Browser Search\IE\search_fr.bmp
c:\programme\Fast Browser Search\IE\search_it.bmp
c:\programme\Fast Browser Search\IE\search_pt.bmp
c:\programme\Fast Browser Search\IE\search_ru.bmp
c:\programme\Fast Browser Search\IE\SearchAssistant.dll
c:\programme\Fast Browser Search\IE\SearchGuardPlus.ico
c:\programme\Fast Browser Search\IE\SGPU.ico
c:\programme\Fast Browser Search\IE\sgpUpdater.exe
c:\programme\Fast Browser Search\IE\sgpUpdater.xml
c:\programme\Fast Browser Search\IE\SGPUpdaterS.exe
c:\programme\Fast Browser Search\IE\tbhelper.dll
c:\programme\Fast Browser Search\IE\tbs_include_script_003175.js
c:\programme\Fast Browser Search\IE\tbs_include_script_005064.js
c:\programme\Fast Browser Search\IE\tbs_include_script_012817.js
c:\programme\Fast Browser Search\IE\Toolbar Help.htm
c:\programme\Fast Browser Search\IE\ToolBarBHO.dll
c:\programme\Fast Browser Search\IE\uninstalSGP.exe
c:\programme\Fast Browser Search\IE\uninstalSGPU.exe
c:\programme\Fast Browser Search\IE\update.exe
c:\programme\Fast Browser Search\IE\version.txt
c:\programme\Search Guard Plus
c:\programme\Search Guard Plus\fbsProtection.xml
c:\programme\Search Guard Plus\fbsSearchProvider.xml
c:\programme\Search Guard Plus\SearchGuardPlus.ico
c:\programme\Search Guard Plus\Thumbs.db
c:\programme\Search Guard PlusU
c:\programme\Search Guard PlusU\SGPU.ico
c:\programme\Search Guard PlusU\sgpUpdater.exe
c:\programme\Search Guard PlusU\sgpUpdater.xml
c:\programme\Search Guard PlusU\sgpUpdaters.exe
c:\programme\Search Guard PlusU\Thumbs.db
c:\programme\SGPSA
c:\programme\SGPSA\SearchAssistant.dll
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\msstdfmt.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-24 bis 2012-10-24 ))))))))))))))))))))))))))))))
.
.
9999-09-04 05:53 . 9999-09-04 05:53 -------- d-----w- c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Panda Security
9999-09-03 19:27 . 9999-09-03 19:27 -------- d-----w- c:\programme\NKProds
9999-09-03 19:01 . 9999-09-03 19:01 -------- d-----w- c:\programme\Panda Security
9999-09-03 18:01 . 2009-12-19 13:13 -------- d-----w- c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Common Toolkit Suite
9999-09-03 17:58 . 2009-12-19 13:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite
9999-09-03 17:49 . 9999-09-03 17:49 -------- d-----w- c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Fighters
9999-09-03 17:49 . 9999-09-03 17:49 -------- d-----w- c:\dokumente und einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\PackageAware
9999-09-03 17:43 . 9999-09-03 17:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Grisoft
6312-10-18 08:21 . 6312-10-18 08:21 -------- d-----w- c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Malwarebytes
6312-10-18 08:21 . 6312-10-18 08:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
6312-10-18 08:00 . 6312-10-18 08:00 -------- d-----w- c:\programme\Trend Micro
6312-10-17 08:39 . 6312-10-17 08:40 -------- d-----w- C:\02ae4b41392651cfcf4940
6312-10-12 09:10 . 6312-10-12 09:10 -------- d-----w- c:\windows\system32\wbem\repository.old
6312-10-12 07:40 . 6312-10-12 09:06 -------- d-----w- C:\Backup
6312-10-12 07:30 . 6312-10-12 07:30 -------- d-----w- c:\programme\Gemeinsame Dateien\InfoWatch
6312-10-12 07:30 . 2012-10-24 08:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
6312-10-12 07:30 . 2012-10-18 19:36 -------- d-----w- c:\programme\Kaspersky Lab
6312-10-12 07:17 . 6312-10-12 09:07 -------- d-s---w- c:\dokumente und einstellungen\Administrator
6312-10-10 07:56 . 6312-10-10 07:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
6312-10-10 07:56 . 6312-10-12 09:08 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
6312-10-10 07:56 . 6312-10-10 07:56 -------- d-----w- c:\dokumente und einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\MFAData
5311-10-10 17:35 . 2004-08-04 12:00 81408 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
5311-10-10 17:34 . 2004-08-04 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
5311-10-10 17:33 . 2004-08-04 12:00 25856 -c--a-w- c:\windows\system32\dllcache\et4000.sys
5311-10-10 17:32 . 2003-03-24 14:52 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
5311-10-10 17:32 . 2003-03-24 14:52 217088 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
5311-10-10 14:45 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
5311-10-10 14:42 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\spxcoins.dll
5311-10-10 14:42 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
5311-10-10 14:42 . 2004-08-04 12:00 13824 -c--a-w- c:\windows\system32\irclass.dll
5311-10-10 14:42 . 2004-08-04 12:00 13824 -c--a-w- c:\windows\system32\dllcache\irclass.dll
5311-10-10 14:41 . 2004-08-04 12:00 14043 -c--a-r- c:\windows\SET82.tmp
5311-10-10 14:41 . 2004-08-04 12:00 1086058 -c--a-r- c:\windows\SET76.tmp
5311-10-10 14:41 . 2004-08-04 12:00 1014663 -c--a-r- c:\windows\SET73.tmp
2012-10-24 09:07 . 2012-10-24 09:07 -------- d-----w- c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Avira
2012-10-24 09:05 . 2012-10-01 15:14 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-24 09:05 . 2012-09-13 08:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-24 09:04 . 2012-10-24 09:04 -------- d-----w- c:\programme\Avira
2012-10-24 09:04 . 2012-10-24 09:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-10-24 08:59 . 2012-10-24 09:02 102500872 ----a-w- c:\programme\avira_free_antivirus_de.exe
2012-10-24 08:22 . 2012-10-24 08:22 -------- d-----w- c:\windows\system32\wbem\Repository\FS
2012-10-24 08:22 . 2012-10-24 08:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-18 20:59 . 2012-10-24 08:23 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-09-25 07:16 . 2012-08-22 21:34 763232 ----a-w- C:\GoogleUpdateSetup.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 10:11 . 2012-03-30 08:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-24 10:11 . 2011-06-14 11:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 07:58 . 2012-08-06 13:50 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-28 15:05 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2004-08-04 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2004-08-04 00:50 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2003-01-13 09:59 . 2009-01-09 16:07 278528 -c----w- c:\programme\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 . 2009-01-09 16:07 98304 -c----w- c:\programme\internet explorer\plugins\UPjpeg.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07 843712 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2003-04-23 03:06 417871 ----a-w- c:\programme\Microsoft ActiveSync\WCESCOMM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-09-17 11:55 663552 ----a-w- c:\programme\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-19 12:03 45056 ------w- c:\programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TBMBS\\Prog\\dbeng8.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Programme\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Adobe\\Adobe\\Adobe InDesign CS3\\InDesign.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:public
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [06.08.2012 15:50 36552]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [24.10.2012 11:05 84256]
S2 gupdate1c9eda13e8c7880;Google Update Service (gupdate1c9eda13e8c7880);c:\programme\Google\Update\GoogleUpdate.exe [15.06.2009 12:08 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.03.2012 10:31 250808]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [15.06.2009 12:08 133104]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081a9372-13af-11e1-8584-004f4e605eb6}]
\Shell\AutoRun\command - F:\NokiaPCIA_Autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feb8e130-98ec-11df-83f6-004f4e605eb6}]
\Shell\AutoRun\command - F:\Launcher.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:11]
.
2012-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-15 10:08]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-15 10:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.sms.at/
uInternet Settings,ProxyOverride = *.local;<local>
TCP: Interfaces\{4CEBA914-978A-4C7C-8868-E43EAAF9D207}: NameServer = 195.3.96.67,195.3.96.68
FF - ProfilePath - c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\1tbo5m7m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={6E6A8C31-64A8-8DB3-6AA7-F9542362AD1B}&q=
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ApnUpdater - c:\programme\Ask.com\Updater\Updater.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-FBSearch - c:\programme\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-SGPUpdater - c:\programme\Search Guard PlusU\sgpUpdaters.exe
AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
AddRemove-Adobe_da1a9c81163383864c29fbb5093496b - c:\programme\Gemeinsame Dateien\Adobe\Installers\da1a9c81163383864c29fbb5093496b\Setup.exe
AddRemove-Google Chrome - c:\programme\Google\Chrome\Application\22.0.1229.79\Installer\setup.exe
AddRemove-Microsoft .NET Framework 3.5 SP1 - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
AddRemove-{634F79E1-2A41-4C40-9E8D-89EC740AC9D6} - c:\programme\InstallShield Installation Information\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-24 18:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="Versions-Update für Internet Explorer"
"ComponentID"="IEUDINIT"
"DontAsk"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe"
"Version"="8,0,6001,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"DontAsk"=dword:00000002
"Version"="11,0,5721,5145"
"IsInstalled"=dword:00000000
"Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"
@="Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -UserIconConfig"
"Version"="8,0,6001,18702"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"IsInstalled"=dword:00000001
"Locale"="*"
"LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052"
"StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Browseranpassungen"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"Version"="6,0,2900,2180"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\WINDOWS\\system32\\msjava.dll"
"Version"="5,0,3810,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vektorgrafik-Rendering (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
@=""
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="DE"
"StubPath"=""
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="DEU"
"StubPath"=""
"IsInstalled"=dword:00000001
@="Microsoft Windows Media Player 6.4"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="DE"
"ComponentID"="DirectAnimation"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="DE"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,7"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML-Datenbindung für Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="8,0,6001,18702"
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Erweitertes Authoring"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,5512"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="DE"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="DE"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="DE"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,8,6001,23141"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="DE"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Programme\\Messenger\\msmsgs.exe"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="8,0,6001,18702"
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="DEU"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp11.inf,PerUserStub"
"IsInstalled"=dword:00000001
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
"Locale"=""
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Webordner"
"ComponentID"="WebFolders"
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=""
"Version"="10,0,0,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2900,5512"
@="Adressbuch 6"
"IsInstalled"=dword:00000001
"Locale"="DE"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,2180"
@="Windows Desktop-Update"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="de"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="8,0,6001,18702"
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"DontAsk"=dword:00000002
"StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install"
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C3C986D6-06B1-43BF-90DD-BE30756C00DE}]
@="RevokedRootsUpdate"
"IsInstalled"=dword:00000001
"Version"="1,0,2195,0"
"Locale"="*"
"ComponentID"="Windows Revoked Roots Update"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Taskplaner"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"IsInstalled"=hex:01,00,00,00
@="Adobe Flash Player"
"ComponentID"="Flash"
"Version"="10.0.45.2"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
.
Zeit der Fertigstellung: 2012-10-24 18:25:14
ComboFix-quarantined-files.txt 2012-10-24 16:24
.
Vor Suchlauf: 603.041.792 Bytes frei
Nach Suchlauf: 4.716.343.296 Bytes frei
.
- - End Of File - - 5D437A40B5B2AF0437D4EDC3DCE9DCE6
Zitat:
|
| Themen zu Programme gehen nicht mehr, kein Antivirenprogramm mehr |
| adobe flash player, antivir geht nicht mehr, antiviren-programm, avira, bho, bonjour, browser, dateien, escan, explorer, flash player, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, lizenz, messenger, micro, microsoft, plug-in, programme, programme nicht ausführbar, software, system, temp, windows, windows xp |
Baum-Darstellung