| Jack Ritter | 08.05.2011 13:03 |
Hallo,
erstmal danke für die schnelle Antwort.
Habe alles befolgt, das kam dabei raus:
Combofix Logfile: Code:
ComboFix 11-05-07.02 - Jack 08.05.2011 13:48:04.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2870 [GMT 2:00]
ausgeführt von:: c:\users\Jack\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jack\AppData\Local\{ACAE0D12-DDA9-4C04-83CA-6A57B670CD1A}
c:\users\Jack\AppData\Local\{ACAE0D12-DDA9-4C04-83CA-6A57B670CD1A}\chrome.manifest
c:\users\Jack\AppData\Local\{ACAE0D12-DDA9-4C04-83CA-6A57B670CD1A}\chrome\content\_cfg.js
c:\users\Jack\AppData\Local\{ACAE0D12-DDA9-4C04-83CA-6A57B670CD1A}\chrome\content\overlay.xul
c:\users\Jack\AppData\Local\{ACAE0D12-DDA9-4C04-83CA-6A57B670CD1A}\install.rdf
c:\users\Jack\AppData\Roaming\Adobe\plugs
c:\users\Jack\AppData\Roaming\Adobe\shed
c:\users\Jack\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Jack\AppData\Roaming\Local
c:\users\Jack\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Jack\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Jack\AppData\Roaming\Local\Temp\DDM\Settings\1.avi.ddr
c:\users\Jack\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Jack\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Jack\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Adams.Aepfel.German.XviD_EMPiRE.avi.ddp
c:\users\Jack\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-08 bis 2011-05-08 ))))))))))))))))))))))))))))))
.
.
2011-05-08 09:31 . 2011-05-08 09:31 -------- d-----w- c:\users\Jack\AppData\Roaming\Malwarebytes
2011-05-08 09:31 . 2011-05-08 09:31 -------- d-----w- c:\programdata\Malwarebytes
2011-05-08 09:31 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-08 09:31 . 2011-05-08 09:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-08 09:31 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 23:44 . 2011-05-07 23:44 0 ----a-w- c:\users\Jack\AppData\Local\Wsejanunevifoha.bin
2011-05-06 09:00 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{669882C3-B498-4482-9C85-5D96D9DAA317}\mpengine.dll
2011-05-01 16:11 . 2011-05-07 23:10 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-01 16:11 . 2011-05-01 16:11 -------- d-----w- c:\users\Jack\AppData\Local\PunkBuster
2011-05-01 16:11 . 2011-05-01 16:11 -------- d-----r- c:\users\Jack\AppData\Roaming\SecuROM
2011-05-01 16:09 . 2011-05-07 23:10 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-01 16:09 . 2011-05-07 22:19 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-01 16:09 . 2011-05-01 16:51 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-01 16:09 . 2011-05-01 16:09 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-04-29 15:24 . 2011-04-29 15:24 -------- d-----w- c:\users\Jack\AppData\Local\Electronic Arts
2011-04-29 15:23 . 2011-04-29 15:23 -------- d-----w- c:\programdata\Electronic Arts
2011-04-29 15:23 . 2011-04-29 15:35 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-04-29 15:21 . 2011-04-14 16:40 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-29 15:21 . 2011-04-14 16:40 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-29 15:21 . 2011-04-14 16:40 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-29 15:21 . 2011-04-14 16:40 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-29 15:21 . 2011-04-14 16:40 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-29 15:21 . 2011-04-14 16:40 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-29 15:21 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-29 15:21 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 11:00 . 2011-04-29 11:00 -------- d-----w- c:\programdata\ATI
2011-04-29 11:00 . 2011-04-29 11:00 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-27 23:00 . 2011-04-27 23:25 -------- d-----w- c:\users\Jack\AppData\Local\ArmA 2
2011-04-22 13:29 . 2006-09-13 13:00 80896 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP7V.DLL
2011-04-22 13:29 . 2006-09-13 13:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD7V.DLL
2011-04-14 10:45 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 19:59 . 2011-04-13 19:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-13 19:59 . 2011-04-13 19:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-13 19:58 . 2011-04-13 19:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-08 13:36 . 2011-04-08 14:32 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-04-08 13:36 . 2011-04-18 21:52 -------- d-----w- c:\program files (x86)\StarCraft II
2011-04-08 13:36 . 2011-04-08 13:52 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 04:11 . 2011-04-06 04:11 9323520 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-06 02:29 . 2011-04-06 02:29 22623232 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-06 02:07 . 2011-04-06 02:07 17469952 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-06 02:03 . 2011-04-06 02:03 147456 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-06 02:03 . 2011-04-06 02:03 671744 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-06 02:02 . 2010-08-26 02:00 788480 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-06 01:59 . 2011-04-06 01:59 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-06 01:59 . 2011-04-06 01:59 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-06 01:58 . 2011-04-06 01:58 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-06 01:57 . 2011-04-06 01:57 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-06 01:57 . 2011-04-06 01:57 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-06 01:57 . 2011-04-06 01:57 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-06 01:57 . 2011-04-06 01:57 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-06 01:56 . 2011-04-06 01:56 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-06 01:56 . 2011-04-06 01:56 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-06 01:56 . 2011-04-06 01:56 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-06 01:53 . 2011-04-06 01:53 4307968 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-06 01:44 . 2010-08-26 01:43 5086208 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-06 01:42 . 2011-04-06 01:42 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-06 01:42 . 2011-04-06 01:42 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-06 01:42 . 2011-04-06 01:42 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-06 01:42 . 2011-04-06 01:42 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-06 01:41 . 2011-04-06 01:41 7467008 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-06 01:38 . 2011-04-06 01:38 6098432 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-06 01:35 . 2011-04-06 01:35 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-06 01:34 . 2011-04-06 01:34 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-06 01:34 . 2011-04-06 01:34 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-06 01:34 . 2011-04-06 01:34 3421184 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-06 01:29 . 2011-04-06 01:29 5408256 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-06 01:28 . 2010-12-28 15:26 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-06 01:26 . 2011-04-06 01:26 3631616 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-06 01:22 . 2011-04-06 01:22 361984 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-06 01:22 . 2011-04-06 01:22 258048 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-06 01:22 . 2011-04-06 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-06 01:22 . 2011-04-06 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-06 01:22 . 2011-04-06 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-06 01:21 . 2011-04-06 01:21 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-06 01:21 . 2011-04-06 01:21 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-06 01:21 . 2011-04-06 01:21 304128 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-06 01:20 . 2010-08-26 01:20 40448 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-06 01:20 . 2011-04-06 01:20 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-06 01:20 . 2011-04-06 01:20 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-06 01:20 . 2011-04-06 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-06 01:20 . 2011-04-06 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-06 01:13 . 2011-04-06 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-06 01:13 . 2011-04-06 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-06 01:13 . 2011-04-06 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-06 01:13 . 2011-04-06 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-05 20:09 . 2011-04-05 20:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-05 20:09 . 2011-04-05 20:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-05 20:09 . 2011-04-05 20:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-07 22:22 . 2011-03-07 22:22 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-04 06:17 . 2011-04-27 12:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 12:04 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 12:05 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 12:05 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 12:05 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 12:05 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 12:05 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-12-30 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-06 1038088]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2006-10-31 14136]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xwadb839.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-589576914-3325314402-3601276704-1000\Software\SecuROM\License information*]
"datasecu"=hex:7b,99,80,50,57,3d,ac,31,7b,51,36,47,85,02,f8,2a,70,f6,06,dc,1a,
4f,29,94,0c,8a,1f,c0,83,d3,aa,21,da,0e,11,0a,a6,1e,68,44,bf,16,a1,e9,9b,52,\
"rkeysecu"=hex:4e,96,d9,ad,8b,53,82,50,02,0d,3a,ba,51,b7,b6,17
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player"
"Version"="12,0,7600,16667"
"IsInstalled"=dword:00000000
"ComponentID"="WMPACCESS"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"
"DontAsk"=dword:00000002
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"Version"="8,0,7600,17136"
"IsInstalled"=dword:00000001
"ComponentID"="IEACCESS"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig"
"Dontask"=dword:00000002
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"IsInstalled"=dword:00000001
"Version"="8,0,7100,0"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052"
"StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files (x86)\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player 12.0"
"IsInstalled"=dword:00000001
"Version"="12,0,7600,16667"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51}]
@=".NET Framework"
"Version"="2,0,50727,1"
"ComponentID"=".NETFramework"
"Locale"=""
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,9"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="MobilePk"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"IsInstalled"=dword:00000001
"Dontask"=dword:00000002
"Locale"="*"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE"
"Version"="6,1,7600,16385"
@="Microsoft Windows"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="HelpCont"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,6,0,8833"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="GenSetup"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"
@="Browsing Enhancements"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="ExtraPack"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"IsInstalled"=dword:00000001
"Version"="12,0,7600,16667"
"ComponentID"="Microsoft Windows Media Player"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"IsInstalled"=dword:00000001
"Version"="4,9,9,2"
"ComponentID"="MSN_Auth"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 7"
"Version"="6,1,7600,16684"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
@=".NET Framework"
"Locale"=""
"ComponentID"=".NETFramework"
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"
"ComponentID"="IE4_SHELLID"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
"Version"="6,1,7600,16644"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Web Platform Customizations"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,17136"
"ComponentID"="BASEIE40_W2K"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"
"Locale"="en"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="Tridata"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,17136"
"ComponentID"="Fontcore"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"IsInstalled"=dword:00000001
"Version"="6,1,7600,16385"
"ComponentID"="HTMLHelp"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,0,00,0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"Locale"=""
"Version"="4,0,30319,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-08 13:56:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-08 11:56
.
Vor Suchlauf: 14 Verzeichnis(se), 408.167.546.880 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 407.997.378.560 Bytes frei
.
- - End Of File - - E4AAFE3EA590413380012E9413A7F79F
--- --- ---
Dazu habe ich eine Ergänzung: Mitlerweile hat Antivir auch den Trojaner Kazy.mekml.1 gefunden. Aber ich schätze mal, das ist war nach den Symptomen nach dann klar. |
