| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mehrere div. Trojaner auf´m PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.04.2010, 15:29
| #1 |
| |  mehrere div. Trojaner auf´m PC Hallo, und zwar habe ich folgendes problem. Ich war im Internet, da hat AntiVir mit einmal angeschlagen und angezeigt, dass ein Trojaner gefunden wurde! Diesen habe ich erstmal in die Quarantäne verschoben, da kam auch schon die nächste Meldung! Wiederum habe ich den Trojaner in die Quarantäne verschoben. Daraufhin habe ich mein PC scannen lassen, dabei wurden insgesamt 8 Trojaner gefunden! Hier die Namen der Trojaner: TR/BHO.afti (2x MAL) TR/BHO.315392 TR/ATRAPS.Gen (2x MAL) TR/Crypt.XPACK.Gen TR/Dropper.Gen (2x MAL) Ich habe zwar ein bissen Ahnung vom PC, jedoch überhaupt gar keine, was dieses Thema angeht! Deshalb hoffe ich, dass mir hier einer helfen kann^^ Im Internet habe ich gelesen, dass man ComboFix anwenden soll. Das habe ich getan, die LOG-Datei füge ich mit ein! SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-421319290-3364149163-1093676711-500 c:\users\Dexter\AppData\Roaming\sdra64.exe . ((((((((((((((((((((((( Dateien erstellt von 2010-03-28 bis 2010-04-29 )))))))))))))))))))))))))))))) . 2010-04-28 19:25 . 2010-04-28 19:25 730624 ----a-w- c:\users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3\newupdate1142C.exe 2010-04-28 19:25 . 2010-04-28 19:25 -------- d-----w- c:\users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3 2010-04-28 19:25 . 2010-04-29 16:03 -------- d-sh--w- c:\users\Dexter\AppData\Roaming\lowsec 2010-04-25 14:32 . 2010-04-25 21:29 714106904 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ }\Manager_10_Update_4.exe 2010-04-22 19:35 . 2010-04-22 19:35 -------- d-----w- c:\program files\Veetle 2010-04-15 13:35 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 13:35 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 13:35 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 13:35 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 13:35 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 13:35 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 13:33 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-15 13:33 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-15 13:33 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-13 17:11 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll 2010-04-13 17:11 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-06 13:32 . 2010-04-13 19:04 -------- d-----w- c:\program files\Metin2 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-29 16:32 . 2006-11-02 15:33 664044 ----a-w- c:\windows\system32\perfh007.dat 2010-04-29 16:32 . 2006-11-02 15:33 142222 ----a-w- c:\windows\system32\perfc007.dat 2010-04-16 15:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-16 11:57 . 2007-10-11 22:32 -------- d-----w- c:\programdata\Microsoft Help 2010-04-12 17:24 . 2010-03-28 11:25 -------- d-----w- c:\users\Dexter\AppData\Roaming\OfferBox 2010-03-28 11:27 . 2010-03-28 11:27 -------- d-----w- c:\users\Dexter\AppData\Roaming\freeTVRadio 2010-03-28 11:26 . 2010-03-28 11:26 -------- d-----w- c:\program files\OfferBoxSearch 2010-03-28 11:26 . 2010-03-28 11:26 -------- d-----w- c:\program files\freeTVRadio 2010-03-28 07:58 . 2010-03-28 07:31 -------- d-----w- c:\program files\Common Files\PPLiveNetwork 2010-03-28 07:58 . 2010-03-28 07:31 -------- d-----w- c:\users\Dexter\AppData\Roaming\PPLive 2010-03-28 07:53 . 2010-03-28 07:31 -------- d-----w- c:\programdata\PPLive 2010-03-28 07:36 . 2010-03-28 07:31 -------- d-----w- c:\programdata\Jlcm 2010-03-28 07:31 . 2010-03-28 07:31 -------- d-----w- c:\program files\PPLive 2010-03-26 13:50 . 2010-03-05 20:37 443912 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-03-09 16:28 . 2010-03-31 15:54 833024 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:25 . 2010-03-31 15:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 14:01 . 2010-03-31 15:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-06 13:34 . 2010-03-06 13:34 -------- d-----w- c:\program files\Basement Softworks 2010-03-06 13:15 . 2010-03-06 13:15 118784 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-02-28 13:32 . 2007-11-19 17:48 84872 ----a-w- c:\users\Dexter\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\Dexter\AppData\Roaming\Mozilla\Firefox\Profiles\a2mwn945.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2010-02-24 08:16 . 2009-10-02 20:54 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-20 23:39 . 2010-03-14 19:32 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:37 . 2010-03-14 19:32 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 21:18 . 2010-03-14 19:32 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-20 18:11 . 2010-02-20 18:11 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-02-20 18:01 . 2009-12-12 11:34 439816 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.09\setup.exe 2010-02-12 10:48 . 2010-03-06 13:18 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-01 14:22 . 2010-02-01 14:22 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4236.tmp.exe 2002-12-11 22:14 . 2002-12-11 22:14 13312 ----a-w- c:\program files\msdmo.dll 2007-11-28 19:28 . 2007-12-26 11:57 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 19:28 . 2007-12-26 11:57 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 19:28 . 2007-12-26 11:57 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 19:28 . 2007-12-26 11:57 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 19:28 . 2007-12-26 11:57 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136] "HostManager"="c:\program files\Common Files\AOL\1195497218\ee\AOLSoftware.exe" [2006-09-26 50736] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497] "Skytel"="Skytel.exe" [2007-08-03 1826816] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\users\Dexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-14 721904] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728] S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2007-12-14 108768] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-04-16 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 12:17] 2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:49] 2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:49] . . ------- Zusätzlicher Suchlauf ------- . IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Dexter\AppData\Roaming\Mozilla\Firefox\Profiles\a2mwn945.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "hxxp://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "hxxp://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "hxxp://sb.google.com/safebrowsing/report?"); . - - - - Entfernte verwaiste Registrierungseinträge - - - - URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-04-29 19:20 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.032" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ani" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.arw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bay" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bmp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cr2" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.crw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cs1" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cur" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcr" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dib" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djv" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djvu" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dng" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.emf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.eps" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.erf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fff" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fpx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.gif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.hdr" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icl" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icn" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ico" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iff" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ilbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.int" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.inta" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iw4" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2c" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2k" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jfif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jp2" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpc" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpe" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpeg" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpk" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.lbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mef" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mos" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mrw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.nef" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.orf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcd" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pct" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pef" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pgm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pic" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pict" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pix" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.png" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ppm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psd" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspimage" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ras" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgb" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgba" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rle" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rsb" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sgi" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sr2" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.srf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tga" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.thm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tiff" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttc" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10o" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10p" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10pf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbmp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wmf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xmp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xpm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:0b,0f,a7,09,76,24,b4,27,97,2a,ee,d5,31,72,1f,24,66,c9,5b,0c,1a,f0,fe, 88,71,4a,91,3b,7b,79,24,52,72,79,1d,51,37,2d,77,be,1a,90,24,76,fa,ca,34,76,\ "??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\SecuROM\License information*] "datasecu"=hex:56,a9,93,47,27,9a,6c,68,07,e8,47,8a,03,d0,c9,87,0d,40,07,23,b2, fb,46,bc,be,83,8a,64,b6,43,4f,ad,d1,6f,8c,06,22,72,f9,ea,9e,5e,e5,82,09,60,\ "rkeysecu"=hex:a8,9b,1b,43,c5,81,f3,5d,d3,81,b6,09,2d,99,3b,56 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2010-04-29 19:22:43 ComboFix-quarantined-files.txt 2010-04-29 17:22 Vor Suchlauf: 22 Verzeichnis(se), 42.438.647.808 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 43.631.890.432 Bytes frei - - End Of File - - 4C885AE3A18A7E9BF5716A130F038952 Ich hoffe, ich habe alles nötige/brauchbare mit eingefügt! Falls etwas fehlen sollte, bitte ich um Benachrichtigung, fehlende Information füge ich dann umgehend hinzu!!! Danke im Voraus, micha_patzi |
| Themen zu mehrere div. Trojaner auf´m PC |
| antivir, avg, avgnt, avira, combofix, components, dateien, explorer, firefox, google, gupdate, icq, internet, lan, log-datei, malware, microsoft, mozilla, namen, programdata, proxy, realplayer, recycle.bin, richtlinie, rojaner gefunden, scan, security, service pack 1, software, sptd.sys, start menu, suchlauf, svchost, system, trojaner, trojaner gefunden, usb, vista, windows-defender, wireless lan |
Baum-Darstellung