Logfile Hilfe

Momomo · 06.01.2009, 09:01

Hallo
Ich würde gerne ein Logfile von Combofix posten aber leider ist das zu lang und ich habe keine Ahnung wie ich weitermachen muß um alles zu posten. mfg

Momomo · 06.01.2009, 09:58

Hallo
Könnte mir jemand das Combofix Logfile auswerten? Vielen Dank und Grüße

Code:

ATTFilter

ComboFix 09-01-02.01 - Tamara 2009-01-04 22:33:33.1 - NTFSx86
ausgeführt von:: c:\dokumente und einstellungen\Tamara\Desktop\ComboFix.exe

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programme\Mozilla Firefox\components\nsaddestination.dll
c:\windows\cdmxtras
c:\windows\system32\cache329
c:\windows\system32\cont_addestination-remove.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VFILT


(((((((((((((((((((((((   Dateien erstellt von 2008-12-04 bis 2009-01-04  ))))))))))))))))))))))))))))))
.

2009-01-01 21:20 . 2009-01-01 21:20 <DIR> d-------- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-01-01 18:21 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 18:21 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 18:06 . 2009-01-04 07:59 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2009-01-01 16:59 . 2009-01-01 17:00 1,891 --a------ c:\windows\imsins.BAK
2009-01-01 10:44 . 2009-01-02 17:25 <DIR> d-------- c:\programme\Alwil Software
2008-12-31 19:46 . 2008-12-31 19:46 <DIR> d-------- C:\Restoration
2008-12-31 15:58 . 2008-12-31 15:58 <DIR> d-------- c:\programme\Digital Image Recovery
2008-12-31 15:37 . 2008-12-31 15:38 <DIR> d-------- C:\TEMP
2008-12-31 14:55 . 2008-12-31 14:55 <DIR> d-------- c:\programme\Software Shelf
2008-12-31 13:08 . 2008-12-31 13:08 <DIR> d-------- c:\programme\Convar
2008-12-31 13:08 . 2002-04-12 13:19 28,672 --a------ c:\windows\system32\DartWeb.oca
2008-12-30 09:54 . 2008-12-30 09:54 890,681 --a------ c:\programme\registrycleaner.zip
2008-12-29 22:08 . 2008-12-29 22:08 <DIR> d-------- c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Foxit
2008-12-29 20:08 . 2008-12-29 20:08 <DIR> d-------- c:\programme\Java
2008-12-29 10:51 . 2008-12-29 10:51 <DIR> d-------- c:\programme\CCleaner
2008-12-29 10:37 . 2009-01-03 22:09 <DIR> d-------- c:\programme\Download
2008-12-27 22:11 . 2008-12-27 22:11 <DIR> d-------- C:\!KillBox
2008-12-27 20:04 . 2008-12-27 20:04 <DIR> d-------- c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Malwarebytes
2008-12-27 20:04 . 2008-12-27 20:04 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-12-12 19:25 . 2008-12-12 19:25 <DIR> d-------- c:\programme\Trend Micro
2008-12-11 22:23 . 2008-12-12 06:59 <DIR> d-------- c:\programme\Spybot - Search & Destroy
2008-12-11 21:10 . 2008-12-11 21:10 <DIR> d-------- C:\My Downloads
2008-12-10 21:34 . 2008-12-25 22:24 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-10 21:22 . 2009-01-04 21:00 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-10 21:22 . 2008-12-10 21:22 <DIR> d-------- c:\programme\AVG
2008-12-10 21:22 . 2008-12-11 22:28 <DIR> d-------- c:\dokumente und einstellungen\Tamara\Anwendungsdaten\AVGTOOLBAR
2008-12-10 21:22 . 2008-12-30 21:28 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg8
2008-12-10 21:22 . 2008-12-10 21:22 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-10 21:22 . 2008-12-10 21:22 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-08 12:17 . 2008-12-08 12:17 68,395 --a------ c:\windows\system32\mbczfaejnlggw.dll-uninst.exe
2008-12-08 11:52 . 2008-12-08 11:52 47,594 --a------ c:\windows\system32\rxzgemovaaiqsjy.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 19:57 --------- d-----w c:\programme\Biet-O-Matic
2009-01-02 06:30 --------- d-----w c:\programme\Google
2009-01-01 20:16 --------- d-----w c:\programme\teXXas
2009-01-01 20:16 --------- d-----w c:\programme\Desktop Sidebar
2009-01-01 20:10 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-01-01 17:10 --------- d-----w c:\programme\Lavasoft
2009-01-01 17:10 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-12-31 19:13 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\ZoomBrowser EX
2008-12-31 18:58 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\CameraWindowDC
2008-12-31 12:08 --------- d--h--w c:\programme\InstallShield Installation Information
2008-12-29 18:25 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\BayWatcher Pro
2008-12-29 18:25 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\BayHunter
2008-12-23 20:33 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Desktop Sidebar
2008-12-21 20:48 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2008-12-10 19:40 --------- d-----w c:\programme\QuickTime
2008-12-05 06:34 --------- d-----w c:\programme\Lauge 2
2008-04-10 13:22 46,505 ----a-w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\mdbu.bin
2006-10-30 13:02 102,682,793 ----a-w c:\programme\upi12_tbyb__g_.exe
2006-10-17 05:56 2,331,222 ----a-w c:\programme\jpsetup487.exe
2006-10-13 19:04 1,039,872 ----a-w c:\programme\iview398g.exe
2006-10-06 20:28 2,139,192 ----a-w c:\programme\GoogleDesktopSetup.exe
2006-10-03 22:27 20,240,872 ----a-w c:\programme\Babylon6_setup_pons_all.exe
2006-09-28 16:13 14 ----a-w c:\dokumente und einstellungen\Tamara\getfile.dat
2006-05-25 21:56 0 ---ha-w c:\dokumente und einstellungen\Nadja\Anwendungsdaten\hpothb07.dat
2006-05-25 21:55 0 ---ha-w c:\dokumente und einstellungen\Nadja\hpothb07.dat
2008-06-19 09:16 118,784 ----a-w c:\programme\mozilla firefox\plugins\MyCamera.dll
2008-01-08 02:15 56 --sh--r c:\windows\system32\41687FFEFD.sys
2007-07-09 05:19 88 --sh--r c:\windows\system32\ECE5CC03CA.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1&1 EasyLogin"="c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe" [2008-02-27 1540096]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Keyboard driver "="c:\programme\Keyboard Driver\Keyboard Driver\ikeymain.exe" [2002-11-29 65536]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"SetDefPrt"="c:\programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-10 1261336]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-09-29 185632]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\Tamara\Startmen\Programme\Autostart\
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2007-09-22 679936]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Status Monitor.lnk - c:\programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-11-14 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programme
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\programme\1&1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\programme\1&1\1&1 EasyLogin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe]
1&1 EasyLogin HIDE [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BayReminder"=c:\programme\BayWatcher Pro\bayreminder.exe /a
"1&1 EasyLogin"="c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\programme\Java\jre1.5.0_06\bin\jusched.exe
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Babylon Client"=c:\programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4199:UDP"= 4199:UDP:Windows Media Format SDK (firefox.exe)
"4198:UDP"= 4198:UDP:Windows Media Format SDK (firefox.exe)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-10 97928]
R1 NETDSL;AVM PPP over Ethernet;c:\windows\system32\drivers\netdsl.sys [2007-09-22 11264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2006-06-13 78848]
R3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\drivers\NETFWDSL.SYS [2007-09-22 367104]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-10 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\StartViewer.exe
.
Inhalt des "geplante Tasks" Ordners

2008-12-01 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2006\SystemOptimizer.exe []

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2006-01-24 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

Code:

ATTFilter

.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.euro.dell.com
IE:  
IE: &eBay Search - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Preispiratensuche nach markiertem Text - c:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
IE: eBay - Mein eBay - c:\programme\teXXas\SearchEbaymein.htm
IE: eBay - Powersuche - c:\programme\teXXas\SearchEbaypower.htm
IE: eBay - Startseite - c:\programme\teXXas\SearchEbay.htm
IE: eBay Suche starten - c:\programme\teXXas\SearchEbay.htm
IE: Google Suche - c:\programme\teXXas\SearchGoogle.htm
IE: Google Suche starten - c:\programme\teXXas\SearchGoogle.htm
IE: {{711E941A-59B6-45E0-8F3B-3DA9738242D2} - c:\programme\etope\global\vbs\sendtowatch.vbs
TCP: {A8665283-4BFF-4116-971C-E4506ABC2CAF} = 192.168.122.252,192.168.122.253
FF - ProfilePath - c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Mozilla\Firefox\Profiles\p9rphwzc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/
FF - prefs.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
FF - component: c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Mozilla\Firefox\Profiles\p9rphwzc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Mozilla\Firefox\Profiles\p9rphwzc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\programme\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programme\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\programme\Mozilla Firefox\components\nsaddestination.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPMGWRAP.DLL

ATTENTION: FIREFOX POLICES IS IN FORCE 
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 22:42:01
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2636129014-4085276816-2265647812-1005\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2636129014-4085276816-2265647812-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,05,00,00,00,00,00,00,00,b0,e2,2b,d8,\
  64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a,10,00,00,1a,00,00,00,01,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,\
  00,00,c0,00,00,00,00,00,00,46,81,00,00,00,11,00,00,00,1c,08,3b,35,1a,20,c6,\
  01,7a,71,8b,32,9b,88,c7,01,d4,d4,4c,3f,ad,86,c7,01,00,00,00,00,00,00,00,00,\
  01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0d,02,14,00,1f,50,e0,4f,d0,\
  20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,31,00,00,00,00,00,92,36,e8,71,\
  10,00,44,4f,4b,55,4d,45,7e,31,00,00,4e,00,03,00,04,00,ef,be,0d,31,db,65,9b,\
  36,cf,32,14,00,00,00,44,00,6f,00,6b,00,75,00,6d,00,65,00,6e,00,74,00,65,00,\
  20,00,75,00,6e,00,64,00,20,00,45,00,69,00,6e,00,73,00,74,00,65,00,6c,00,6c,\
  00,75,00,6e,00,67,00,65,00,6e,00,00,00,18,00,3a,00,31,00,00,00,00,00,9a,36,\
  0f,b5,10,00,54,61,6d,61,72,61,00,00,24,00,03,00,04,00,ef,be,37,34,12,65,9b,\
  36,cf,32,14,00,00,00,54,00,61,00,6d,00,61,00,72,00,61,00,00,00,16,00,62,00,\
  31,00,00,00,00,00,98,36,c0,a1,13,00,41,4e,57,45,4e,44,7e,31,00,00,4a,00,03,\
  00,04,00,ef,be,37,34,13,65,9b,36,cf,32,14,00,34,00,41,00,6e,00,77,00,65,00,\
  6e,00,64,00,75,00,6e,00,67,00,73,00,64,00,61,00,74,00,65,00,6e,00,00,00,40,\
  73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,36,35,00,18,00,42,00,31,00,\
  00,00,00,00,18,35,65,58,14,00,4d,49,43,52,4f,53,7e,31,00,00,2a,00,03,00,04,\
  00,ef,be,37,34,13,65,96,36,52,40,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
  73,00,6f,00,66,00,74,00,00,00,18,00,52,00,31,00,00,00,00,00,0d,31,cb,66,10,\
  00,49,4e,54,45,52,4e,7e,31,00,00,3a,00,03,00,04,00,ef,be,37,34,13,65,94,36,\
  62,34,14,00,00,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,\
  00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,00,00,18,00,48,00,31,00,00,00,\
  00,00,92,36,cc,38,11,00,51,55,49,43,4b,4c,7e,31,00,00,30,00,03,00,04,00,ef,\
  be,37,34,13,65,94,36,62,34,14,00,00,00,51,00,75,00,69,00,63,00,6b,00,20,00,\
  4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,18,00,00,00,60,00,00,00,03,00,00,\
  a0,58,00,00,00,00,00,00,00,64,32,36,78,6c,31,32,6a,00,00,00,00,00,00,00,00,\
  3c,a1,50,d7,e3,5e,18,4b,bb,b4,80,8a,ab,26,51,83,58,4a,94,7d,af,f0,db,11,8d,\
  7f,00,13,72,0c,03,94,3c,a1,50,d7,e3,5e,18,4b,bb,b4,80,8a,ab,26,51,83,58,4a,\
  94,7d,af,f0,db,11,8d,7f,00,13,72,0c,03,94,10,00,00,00,05,00,00,a0,1a,00,00,\
  00,2f,01,00,00,00,00,00,00,00,00,00,00,60,07,00,00,00,00,00,00,1e,00,00,00,\
  00,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,aa,\
  4f,28,68,48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,68,02,00,00,60,0d,00,00,00,00,\
  00,00,1e,00,00,00,00,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,01,00,00,\
  00,02,00,00,00,8b,8a,0d,54,3f,1c,32,4e,81,32,53,0f,6a,50,20,90,1d,00,00,00,\
  60,05,00,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,\
  00,00,00,01,00,00,00,03,00,00,00,2f,0e,09,97,62,30,59,44,85,5b,01,4f,0d,3c,\
  db,b1,00,00,00,00,60,05,00,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,\
  00,1e,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,b2,93,4c,c4,7d,bc,1a,4a,\
  93,0b,bb,09,3d,99,57,e9,00,00,00,00,60,05,00,00,00,00,00,00,16,00,00,00,00,\
  00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,01,00,00,00
"Upgrade"=dword:00000001

[HKEY_USERS\S-1-5-21-2636129014-4085276816-2265647812-1005\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\Applications\PAINTS~1.EXE\shell]
@DACL=(02 0000)
@="Open"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\PROSet\SupportTabKey]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\WMI]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Magnet\Handlers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@DACL=(02 0000)
@="Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=hex:01,00,00,00
"KeyFileName"="c:\\WINDOWS\\system32\\msjava.dll"
"Version"="5,0,3810,0"
"Locale"="DE"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}]
@DACL=(02 0000)
@="BearShare"
"Version"="5,2,5,6"
"ComponentID"="BearShare"
"IsInstalled"=dword:00000001
"Locale"="DE"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Application Namespaces]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java]
@DACL=(02 0000)
@="Microsoft XML Parser for Java"
"SystemComponent"=dword:00000001
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
@DACL=(02 0000)
"Installer"="JOLTID P2P Installer"
"SystemComponent"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{4C39376E-FA9D-4349-BACC-D305C1750EF3}]
@DACL=(02 0000)
"SystemComponent"=dword:00000000
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
@DACL=(02 0000)
"SystemComponent"=dword:00000000
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Runtime Environment 1.5.0"
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Runtime Environment 1.5.0"
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Runtime Environment 1.5.0"
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@DACL=(02 0000)
"SystemComponent"=dword:00000000
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Global Namespace]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Direct3D\MostRecentApplication]
@DACL=(02 0000)
"Name"="InfoTool.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectDraw\MostRecentApplication]
@DACL=(02 0000)
"ID"=dword:41107ece
"Name"="Explorer.EXE"

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\Certificates]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CRLs]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CTLs]
@DACL=(02 0000)

Logfile Hilfe

Mülltonne: Logfile Hilfe

Logfile Hilfe

Logfile Hilfe

Ähnliche Themen: Logfile Hilfe

06.01.2009, 09:01	#1
Momomo	Logfile Hilfe Hallo Ich würde gerne ein Logfile von Combofix posten aber leider ist das zu lang und ich habe keine Ahnung wie ich weitermachen muß um alles zu posten. mfg Geändert von Momomo (06.01.2009 um 09:10 Uhr)