Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   "50€ Virus" sperrt Windows (https://www.trojaner-board.de/110016-50-virus-sperrt-windows.html)

DKC 15.02.2012 23:01
"50€ Virus" sperrt Windows
 
Hey Leute,
auf meinem Computer ist dieser Virus aufgetaucht, der Windows blockiert und zum weiteren Benutzen 50€ für ein Update verlangt, welches das "Problem" lösen soll.

OTL Log im Anhang

markusg 16.02.2012 10:23
hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [{4B0255F1-8F9A-11DF-B678-806E6F6E6963}] C:\Users\Felix\AppData\Roaming\Microsoft\torrent.exe ()
O4 - HKCU..\Run: [KeApplet] C:\Users\Felix\AppData\Roaming\Google Inc.\{4B11620E-F898-4322-9618-F505D3A8C321}\renovator.exe ()
 :Files
C:\Users\Felix\AppData\Roaming\Microsoft\torrent.exe
C:\Users\Felix\AppData\Roaming\Google Inc.\{4B11620E-F898-4322-9618-F505D3A8C321}
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

DKC 16.02.2012 14:16
hey danke für die hilfe
ich glaube das mit dem upload hat auch geklappt :)

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{4B0255F1-8F9A-11DF-B678-806E6F6E6963} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B0255F1-8F9A-11DF-B678-806E6F6E6963}\ not found.
C:\Users\Felix\AppData\Roaming\Microsoft\torrent.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KeApplet deleted successfully.
C:\Users\Felix\AppData\Roaming\Google Inc.\{4B11620E-F898-4322-9618-F505D3A8C321}\renovator.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Felix
->Flash cache emptied: 3044204 bytes

User: Gast

User: Public

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Felix
->Temp folder emptied: 18840349 bytes
->Temporary Internet Files folder emptied: 3291948893 bytes
->Java cache emptied: 17998503 bytes
->FireFox cache emptied: 50010266 bytes
->Google Chrome cache emptied: 35349959 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 294759 bytes
->Temporary Internet Files folder emptied: 643272 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19688953 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66818 bytes
RecycleBin emptied: 65233194 bytes

Total Files Cleaned = 3.338,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02162012_140303

Files\Folders moved on Reboot...
C:\Users\Felix\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U8RV63CR\ads[1].htm moved successfully.
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HG65YLQG\si[1].htm moved successfully.
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HG65YLQG\si[2].htm moved successfully.
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GVZZU91U\110016-50-virus-sperrt-windows[1].html moved successfully.
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F10WMW49\ads[3].htm moved successfully.

Registry entries deleted on Reboot...

markusg 16.02.2012 15:03
danke, fertig sind wir aber noch nicht.
surfe nur auf von mir genannten seiten.
bis wir fertig sind
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

DKC 16.02.2012 19:31
hey ich hab den pc mit dem virus nochmal im normalen modus gestartet und etwas gewartet aber der pc wird auch nach 1 stunde nicht mehr gesperrt.

Soll ich trotzdem noch combofix runterladen und ausführen(nur zur sicherheit) oder ist der virus jetzt weg??

markusg 16.02.2012 19:34
ja, du sollst bitte bis zum ende arbeiten, denn die sicherheitslücken sind ja zb noch immer offen.

DKC 16.02.2012 21:50
soo hier wäre dann der combofix-log

Combofix Logfile:
Code:
ComboFix 12-02-16.02 - Felix 16.02.2012  20:59:27.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4063.2557 [GMT 1:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\Felix\AppData\Local\lame_enc.dll
c:\users\Felix\AppData\Local\no23xwrapper.dll
c:\users\Felix\AppData\Local\ogg.dll
c:\users\Felix\AppData\Local\vorbis.dll
c:\users\Felix\AppData\Local\vorbisenc.dll
c:\users\Felix\AppData\Local\vorbisfile.dll
c:\users\Felix\AppData\Roaming\Help\coredb\storage
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Felix\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-16 bis 2012-02-16  ))))))))))))))))))))))))))))))
.
.
2012-02-16 20:19 . 2012-02-16 20:19        9310        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-02-16 20:19 . 2012-02-16 20:19        8646        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-02-16 20:19 . 2012-02-16 20:19        8613        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-02-16 20:19 . 2012-02-16 20:19        6910        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-02-16 20:19 . 2012-02-16 20:19        6429        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-02-16 20:19 . 2012-02-16 20:19        63115        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-02-16 20:19 . 2012-02-16 20:19        5927        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-02-16 20:19 . 2012-02-16 20:19        4599        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-02-16 20:19 . 2012-02-16 20:19        1651        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-02-16 20:18 . 2012-02-16 20:18        8288        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-02-16 20:18 . 2012-02-16 20:18        6208        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-02-16 20:18 . 2012-02-16 20:18        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-02-16 20:18 . 2012-02-16 20:18        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-02-16 20:18 . 2012-02-16 20:18        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-02-16 20:18 . 2012-02-16 20:18        18541        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-02-16 20:18 . 2012-02-16 20:18        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-02-16 20:18 . 2012-02-16 20:18        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-02-16 20:16 . 2012-02-16 20:16        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-02-16 20:16 . 2012-02-16 20:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-16 13:03 . 2012-02-16 13:03        --------        d-----w-        c:\users\Felix\AppData\Roaming\Windows Search
2012-02-15 17:07 . 2012-02-15 17:07        --------        d-----w-        c:\users\Felix\AppData\Roaming\InstallShield
2012-02-14 20:05 . 2012-02-14 20:05        --------        d-----w-        C:\found.000
2012-02-13 19:11 . 2012-02-13 19:11        --------        d-----w-        c:\users\Felix\AppData\Roaming\Google Inc
2012-02-13 18:46 . 2012-02-13 18:46        --------        d-----w-        c:\windows\SysWow64\xlive
2012-02-13 18:46 . 2012-02-13 18:46        --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-02-12 09:30 . 2011-11-21 14:13        34624        ----a-w-        c:\windows\system32\TURegOpt.exe
2012-02-12 09:30 . 2011-11-21 14:10        25920        ----a-w-        c:\windows\system32\authuitu.dll
2012-02-12 09:30 . 2011-11-21 14:10        36160        ----a-w-        c:\windows\system32\uxtuneup.dll
2012-02-12 09:30 . 2011-11-21 14:10        30016        ----a-w-        c:\windows\SysWow64\uxtuneup.dll
2012-02-12 09:30 . 2011-11-21 14:10        21312        ----a-w-        c:\windows\SysWow64\authuitu.dll
2012-02-12 09:30 . 2012-02-12 09:35        --------        d-----w-        c:\program files (x86)\TuneUp Utilities 2010
2012-02-12 09:30 . 2012-02-12 09:30        --------        d-sh--w-        c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2012-02-10 13:45 . 2012-02-10 13:45        237        -c--a-w-        C:\user.js
2012-02-10 13:45 . 2012-02-10 13:45        --------        d-----w-        c:\users\Felix\AppData\Local\Babylon
2012-02-10 13:45 . 2012-02-10 13:45        --------        d-----w-        c:\users\Felix\AppData\Roaming\Babylon
2012-02-10 13:45 . 2012-02-10 13:45        --------        d-----w-        c:\programdata\Babylon
2012-01-29 12:56 . 2004-07-15 23:18        172032        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-01-29 12:56 . 2004-07-15 23:20        733184        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-01-29 12:56 . 2004-07-15 23:20        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-01-29 12:56 . 2004-07-15 23:19        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-01-29 12:56 . 2004-07-15 23:18        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-01-29 12:52 . 2012-01-29 12:52        180356        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-01-29 12:52 . 2012-01-29 12:52        303236        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 18:53 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-15 18:51 . 2010-11-06 18:15        103736        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-01-15 18:51 . 2010-11-06 18:15        669184        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2011-12-17 22:25 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-12-17 22:25 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-12-16 16:21 . 2012-01-16 21:32        31576        ----a-w-        c:\windows\system32\SmartDefragBootTime.exe
2011-11-19 14:58 . 2012-01-11 16:42        77312        ----a-w-        c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 16:42        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2011-11-18 22:18 . 2011-11-16 21:24        303616        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-11-18 22:18 . 2011-11-16 21:24        35328        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVD1.dll" [2010-07-24 2736736]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
"{a51a36e6-31e7-4838-9ff7-76298b527ec0}"= "c:\program files (x86)\softonic-Germany\tbsoft.dll" [2010-12-09 3911776]
"{6571950c-6eb2-4d8b-975e-5a25053ff845}"= "c:\program files (x86)\servershare\prxtbserv.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{a51a36e6-31e7-4838-9ff7-76298b527ec0}]
.
[HKEY_CLASSES_ROOT\clsid\{6571950c-6eb2-4d8b-975e-5a25053ff845}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51        3911776        ----a-w-        c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6571950c-6eb2-4d8b-975e-5a25053ff845}]
2011-05-09 08:49        176936        ----a-w-        c:\program files (x86)\servershare\prxtbserv.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-24 12:56        2736736        ----a-w-        c:\program files (x86)\DVDVideoSoftTB\tbDVD1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a51a36e6-31e7-4838-9ff7-76298b527ec0}]
2010-12-09 11:51        3911776        ----a-w-        c:\program files (x86)\softonic-Germany\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34        87472        ----a-w-        c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21        1299248        ----a-r-        c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVD1.dll" [2010-07-24 2736736]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]
"{a51a36e6-31e7-4838-9ff7-76298b527ec0}"= "c:\program files (x86)\softonic-Germany\tbsoft.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_CLASSES_ROOT\clsid\{a51a36e6-31e7-4838-9ff7-76298b527ec0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2011-10-13 479984]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-16 3077528]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-25 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Akamai NetSession Interface"="c:\users\Felix\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"Comrade.exe"="c:\program files (x86)\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2010-10-8 2845552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 135664]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656]
R2 NAUpdate;NAUpdate;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va003;X6va003;c:\users\Felix\AppData\Local\Temp\003A3E4.tmp [x]
R3 X6va005;X6va005;c:\users\Felix\AppData\Local\Temp\005C0AB.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-11-21 1403200]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 06:34]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 06:34]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4242659860-1691442586-518483776-1000Core.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 15:40]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4242659860-1691442586-518483776-1000UA.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 15:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}]
2011-11-09 01:54        167416        ----a-w-        c:\users\Felix\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.facebook.com/#!/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://startsear.ch/?aff=1&cf=3fc89401-12d5-11e1-8bdf-00269ec4e12e
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV-Videoinhalt mit IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Free YouTube Download - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 192.168.2.1
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\lu32ws4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=e6d1e0a0000000000000904ce5b3325f
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
FF - user.js: extensions.BabylonToolbar_i.id - e6d1e0a0000000000000904ce5b3325f
FF - user.js: extensions.BabylonToolbar_i.hardId - e6d1e0a0000000000000904ce5b3325f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:45
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - (no file)
Toolbar-10 - (no file)
Toolbar-!{6571950c-6eb2-4d8b-975e-5a25053ff845} - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-10 - (no file)
Toolbar-!{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
Toolbar-!{6571950c-6eb2-4d8b-975e-5a25053ff845} - (no file)
Toolbar-!{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{A51A36E6-31E7-4838-9FF7-76298B527EC0} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-gamealarm-DEFAULT - c:\games\Game Alarm\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Felix\AppData\Local\Temp\003A3E4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Felix\AppData\Local\Temp\005C0AB.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4242659860-1691442586-518483776-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0e,ee,80,6b,7c,b9,9e,59,c0,8e,28,77,0e,7e,05,72,f9,bd,fd,fe,70,07,76,
  a6,84,df,b4,33,2a,b5,c0,ac,0f,93,1c,81,50,cf,df,99,d4,c0,41,e0,74,1a,29,37,\
"??"=hex:6f,52,85,48,17,d6,cb,45,fb,dd,da,e3,f5,a9,80,11
.
[HKEY_USERS\S-1-5-21-4242659860-1691442586-518483776-1000\Software\SecuROM\License information*]
"datasecu"=hex:b1,69,08,a5,57,31,80,59,f6,9e,ad,64,42,3c,d3,17,a7,38,f4,e7,44,
  20,c6,87,a5,be,5b,fe,f5,fe,79,e5,87,bd,05,c4,ef,2d,9d,0b,4f,18,9e,8b,fe,88,\
"rkeysecu"=hex:0b,a1,99,b6,c2,29,40,46,c6,3c,e7,f1,25,46,9a,a5
.
[HKEY_USERS\S-1-5-21-4242659860-1691442586-518483776-1000_Classes\Wow6432Node\CLSID\{08ad7dbf-23dc-4ae3-8581-9f41f272a9da}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000016a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,b1,12,f9,90,dd,23,a1,91,4a,85,bb,8f,bf,d4,c6,3e,9c,66,a7,cd,7b,\
.
[HKEY_USERS\S-1-5-21-4242659860-1691442586-518483776-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):93,51,54,2f,35,1a,95,fd,f2,38,1a,cf,88,31,b9,cf,97,55,f6,24,6c,
  3d,15,49,20,1b,3c,4f,4c,60,ee,d0,48,1a,90,31,3e,5c,dd,54,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-16  21:38:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-16 20:38
.
Vor Suchlauf: 16 Verzeichnis(se), 180.540.952.576 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 183.065.452.544 Bytes frei
.
- - End Of File - - 73152A3269E90BF615D72D417884163C
--- --- ---

markusg 17.02.2012 11:24
hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

DKC 17.02.2012 19:27
hey hier ist das logfile:


Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Felix :: HP-PC [Administrator]

17.02.2012 18:14:30
mbam-log-2012-02-17 (18-14-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440014
Laufzeit: 1 Stunde(n), 3 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> 2016 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio.TB) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (SearchCompletion Search) Gut: (Google) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Felix\Documents\Limbo\LIMBO.v1.0r4.multi9.cracked-THETA by 360Downloads =)\NFOviewer.exe (Malware.Packer.Krunchy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Löschen bei Neustart.
C:\Program Files (x86)\LIMBO\TDU.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Felix\Downloads\Programs\AppsMsnDe.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 17.02.2012 19:49
C:\Users\Felix\Documents\Limbo\LIMBO.v1.0r4.multi9.cracked-THETA by 360Downloads =)\NFOviewer.exe (Malware.Packer.Krunchy) -> Erfolgreich gelöscht und
in Quarantäne gestellt.
gecrackte software unterstützen wir hier nicht, da gibts nur hilfe beim formatieren neu aufsetzen und absichern des pcs

DKC 18.02.2012 12:15
sind wir jetzt fertig? :D

markusg 18.02.2012 12:19
wenn das system formatiert und neu aufgesetzt wurde, ja.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131