| |
| |||||||
Log-Analyse und Auswertung: Virus blockiert Task-Manager und allesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
02.04.2012, 18:13
| #1 | |
| /// Malware-holic   |  Virus blockiert Task-Manager und alles danke für den upload Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 15:55
| #2 |
| | Virus blockiert Task-Manager und alles log.txt
__________________Code:
ATTFilter ComboFix 12-04-01.03 - *** 03.04.2012 16:18:50.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2038.1018 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-03 bis 2012-04-03 ))))))))))))))))))))))))))))))
.
.
2012-04-03 14:27 . 2012-04-03 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 13:02 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD4106C7-E07A-4CBB-BAA0-674CD196415D}\mpengine.dll
2012-04-02 20:40 . 2012-04-02 21:40 -------- d-----w- c:\program files (x86)\ArtMoney
2012-04-02 10:48 . 2012-04-02 10:48 -------- d-----w- c:\windows\Sun
2012-04-02 01:14 . 2012-04-02 12:14 -------- d-----w- c:\users\***\AppData\Local\bnchmrk
2012-04-01 21:34 . 2012-04-01 21:34 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2012-04-01 21:33 . 2012-04-01 21:33 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 21:28 . 2012-01-31 06:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-01 21:28 . 2012-01-31 06:56 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-01 21:28 . 2011-09-16 14:08 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-01 21:28 . 2012-04-01 21:28 -------- d-----w- c:\programdata\Avira
2012-04-01 21:28 . 2012-04-01 21:28 -------- d-----w- c:\program files (x86)\Avira
2012-04-01 21:27 . 2012-04-01 21:33 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-20 15:30 . 2012-04-02 00:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-03-20 15:29 . 2012-04-01 21:29 145960 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-20 15:29 . 2012-04-01 21:29 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-03-18 19:02 . 2012-03-18 19:02 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-03-18 19:02 . 2012-03-18 19:02 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-17 19:25 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 19:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 19:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 19:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 19:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 20:37 . 2012-03-06 20:37 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-03-06 20:37 . 2012-03-06 20:37 -------- d-----w- c:\programdata\Malwarebytes
2012-03-06 20:37 . 2012-03-06 20:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 20:37 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 17:13 . 2012-04-02 12:25 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 21:33 . 2011-05-15 21:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 17:15 . 2012-02-24 17:15 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-24 17:15 . 2012-02-24 17:15 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-24 17:15 . 2012-02-24 17:15 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-24 17:15 . 2012-02-24 17:15 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-23 08:18 . 2011-05-06 22:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 19:06 . 2011-08-05 14:59 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-09 18:45 . 2012-02-26 15:05 205824 ----a-w- c:\windows\system32\unrar64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-06_19.05.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-10 23:58 . 2011-06-10 23:58 51024 c:\windows\SysWOW64\vcomp100.dll
- 2011-04-22 11:15 . 2011-04-22 11:15 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 66048 c:\windows\SysWOW64\icardie.dll
- 2009-07-14 04:54 . 2012-03-06 18:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-01 21:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-06 18:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-01 21:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-01 21:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 18:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-06 22:49 . 2012-04-03 11:03 32964 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 11:35 37788 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-06 22:25 . 2012-04-03 11:35 14928 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3844539173-1936438449-2923979590-1000_UserData.bin
+ 2012-03-18 08:32 . 2012-03-18 08:32 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-03-17 19:25 . 2012-01-25 06:27 76288 c:\windows\system32\rdpwsx.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 76288 c:\windows\system32\rdpwsx.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 65024 c:\windows\system32\pngfilt.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 48640 c:\windows\system32\mshtmler.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 96256 c:\windows\system32\mshtmled.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 12288 c:\windows\system32\mshta.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 10752 c:\windows\system32\msfeedssync.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-01 20:15 . 2012-04-01 19:12 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-03-18 08:32 . 2012-03-18 08:32 30720 c:\windows\system32\licmgr10.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 85504 c:\windows\system32\jsproxy.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 49664 c:\windows\system32\imgutil.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 85504 c:\windows\system32\iesetup.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 39936 c:\windows\system32\iernonce.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 89088 c:\windows\system32\ie4uinit.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 82432 c:\windows\system32\icardie.dll
- 2009-07-14 05:30 . 2012-01-11 17:22 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-01 21:28 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-05-06 21:48 . 2012-03-06 18:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-06 21:48 . 2012-04-01 21:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-01 21:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 18:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-06 22:26 . 2012-03-06 18:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-06 22:26 . 2012-03-17 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-03-24 21:01 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-02-21 15:26 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-05-06 22:26 . 2012-03-06 18:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-06 22:26 . 2012-03-17 19:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-06 22:26 . 2012-03-17 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-06 22:26 . 2012-03-06 18:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-07 11:35 . 2012-03-18 19:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-07 11:35 . 2012-03-06 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-07 11:35 . 2012-03-18 08:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-07 11:35 . 2012-03-06 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-17 21:57 . 2012-03-17 21:57 77610 c:\windows\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}\_853F67D554F05449430E7E.exe
- 2012-02-12 18:21 . 2012-02-12 18:21 77610 c:\windows\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}\_853F67D554F05449430E7E.exe
+ 2012-03-17 21:58 . 2012-03-17 21:58 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\47015f4c0869dab17ab8b99f09be411f\WiaProxy32.ni.exe
- 2012-02-21 23:01 . 2012-02-21 23:01 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\47015f4c0869dab17ab8b99f09be411f\WiaProxy32.ni.exe
- 2012-02-12 18:22 . 2012-02-12 18:22 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\d3d3b8e7e151900796506c40214b7896\Interop.WIA.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\d3d3b8e7e151900796506c40214b7896\Interop.WIA.ni.dll
+ 2011-05-23 21:16 . 2012-04-02 00:17 7442 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-05-23 21:16 . 2012-02-27 22:12 7442 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-17 19:25 . 2012-01-25 06:20 9216 c:\windows\system32\rdrmemptylst.exe
+ 2012-03-17 19:16 . 2012-03-17 19:16 9560 c:\windows\system32\NetworkList\Icons\{8CEBDD1B-C4E7-4E97-8C10-966EE7C8A036}_48.bin
+ 2012-03-17 19:16 . 2012-03-17 19:16 4280 c:\windows\system32\NetworkList\Icons\{8CEBDD1B-C4E7-4E97-8C10-966EE7C8A036}_32.bin
+ 2012-03-17 19:16 . 2012-03-17 19:16 2456 c:\windows\system32\NetworkList\Icons\{8CEBDD1B-C4E7-4E97-8C10-966EE7C8A036}_24.bin
+ 2012-04-03 11:00 . 2012-04-03 11:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-06 18:36 . 2012-03-06 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-06 18:36 . 2012-03-06 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-03 11:00 . 2012-04-03 11:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 08:32 . 2012-03-18 08:32 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 231936 c:\windows\SysWOW64\url.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 123392 c:\windows\SysWOW64\occache.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-04-01 21:27 . 2012-04-01 21:27 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-04-01 21:33 . 2012-04-01 21:33 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-01 21:33 . 2012-04-01 21:33 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-01 21:27 . 2012-04-01 21:33 253600 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2011-05-07 00:07 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-02-16 14:13 . 2011-12-16 07:58 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-03-17 19:25 . 2012-02-10 05:41 218624 c:\windows\SysWOW64\d3d10_1core.dll
- 2011-05-07 00:06 . 2010-11-02 04:35 218624 c:\windows\SysWOW64\d3d10_1core.dll
+ 2012-03-17 19:25 . 2012-02-10 05:41 161792 c:\windows\SysWOW64\d3d10_1.dll
- 2011-05-07 00:06 . 2011-01-17 05:38 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2012-03-17 19:25 . 2012-02-10 05:41 739840 c:\windows\SysWOW64\d2d1.dll
- 2011-05-07 00:08 . 2011-02-19 05:32 739840 c:\windows\SysWOW64\d2d1.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 138056 c:\windows\SysWOW64\atl100.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 160256 c:\windows\system32\wextract.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 249344 c:\windows\system32\webcheck.dll
+ 2011-12-18 15:40 . 2012-03-27 17:53 231390 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-03-18 08:32 . 2012-03-18 08:32 603648 c:\windows\system32\vbscript.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 237056 c:\windows\system32\url.dll
+ 2012-03-17 19:25 . 2012-01-25 06:27 149504 c:\windows\system32\rdpcorekmts.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 149504 c:\windows\system32\rdpcorekmts.dll
- 2009-07-14 02:36 . 2012-03-02 03:57 726816 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-01 22:36 726816 c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-04-01 22:36 772930 c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-03-02 03:57 772930 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-04-01 22:36 150442 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-02 03:57 150442 c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-03-02 03:57 178680 c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-04-01 22:36 178680 c:\windows\system32\perfc007.dat
+ 2012-03-18 08:32 . 2012-03-18 08:32 149504 c:\windows\system32\occache.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 197120 c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 222208 c:\windows\system32\msls31.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 697344 c:\windows\system32\msfeeds.dll
+ 2012-04-01 21:27 . 2012-04-01 21:27 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_Plugin.exe
+ 2012-04-01 21:33 . 2012-04-01 21:33 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe
+ 2012-04-01 21:33 . 2012-04-01 21:33 462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 818688 c:\windows\system32\jscript.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 103936 c:\windows\system32\inseng.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 165888 c:\windows\system32\iexpress.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 173056 c:\windows\system32\ieUnatt.exe
+ 2012-03-18 08:32 . 2012-03-18 08:32 248320 c:\windows\system32\ieui.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 111616 c:\windows\system32\iesysprep.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 145920 c:\windows\system32\iepeers.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 403248 c:\windows\system32\iedkcs32.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 163840 c:\windows\system32\ieakui.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 267776 c:\windows\system32\ieaksie.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 160256 c:\windows\system32\ieakeng.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 135168 c:\windows\system32\IEAdvpack.dll
+ 2009-07-14 04:45 . 2012-03-18 19:06 467672 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-20 20:28 467672 c:\windows\system32\FNTCACHE.DAT
+ 2012-03-18 08:32 . 2012-03-18 08:32 282112 c:\windows\system32\dxtrans.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 452608 c:\windows\system32\dxtmsft.dll
- 2009-07-14 05:30 . 2012-01-11 17:22 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-01 21:28 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-01 21:28 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-23 15:54 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-03-17 19:25 . 2012-02-10 06:17 320512 c:\windows\system32\d3d10_1core.dll
- 2011-05-07 00:06 . 2010-11-02 05:12 320512 c:\windows\system32\d3d10_1core.dll
+ 2012-03-17 19:25 . 2012-02-10 06:17 197120 c:\windows\system32\d3d10_1.dll
- 2011-05-07 00:06 . 2011-01-17 06:17 197120 c:\windows\system32\d3d10_1.dll
- 2011-05-07 00:08 . 2011-02-19 06:36 902656 c:\windows\system32\d2d1.dll
+ 2012-03-17 19:25 . 2012-02-10 06:17 902656 c:\windows\system32\d2d1.dll
+ 2009-07-14 05:12 . 2012-03-17 19:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-03-06 18:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-18 08:32 . 2012-03-18 08:32 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2012-04-03 01:19 362658 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-03 01:44 362658 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-19 21:08 . 2011-02-19 21:08 163840 c:\windows\Installer\83fa5.msi
+ 2012-03-17 21:58 . 2012-03-17 21:58 240640 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.SystemL#\de98e5e78240db3c786aa7d56ae99a55\PaintDotNet.SystemLayer.Native.x64.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 417280 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.Resourc#\8e49145421a2aeeec9f0ea6604587804\PaintDotNet.Resources.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 781312 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.Data\903473758fad1173914ab5b169e551a9\PaintDotNet.Data.ni.dll
- 2012-02-12 18:21 . 2012-02-12 18:21 262144 c:\windows\assembly\NativeImages_v2.0.50727_64\Interop.WIA\d512683a0f57fb8d8f2cb41d08fa29d8\Interop.WIA.ni.dll
+ 2012-03-17 21:57 . 2012-03-17 21:57 262144 c:\windows\assembly\NativeImages_v2.0.50727_64\Interop.WIA\d512683a0f57fb8d8f2cb41d08fa29d8\Interop.WIA.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 714240 c:\windows\assembly\NativeImages_v2.0.50727_64\ICSharpCode.SharpZi#\64cc99170ca762d6fc05e8b72c2c2518\ICSharpCode.SharpZipLib.ni.dll
- 2012-02-21 23:21 . 2012-02-21 23:21 714240 c:\windows\assembly\NativeImages_v2.0.50727_64\ICSharpCode.SharpZi#\64cc99170ca762d6fc05e8b72c2c2518\ICSharpCode.SharpZipLib.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 902144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\87c29b666c00485dacc52429ac75267c\PaintDotNet.SystemLayer.ni.dll
- 2012-02-21 23:01 . 2012-02-21 23:01 902144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\87c29b666c00485dacc52429ac75267c\PaintDotNet.SystemLayer.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\5efed1c3638d8371244b746ff0312642\PaintDotNet.SystemLayer.Native.x86.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 863232 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\94ff7ba78859c0d7443c692ce7de2a7d\PaintDotNet.Base.ni.dll
- 2012-02-21 23:01 . 2012-02-21 23:01 863232 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\94ff7ba78859c0d7443c692ce7de2a7d\PaintDotNet.Base.ni.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-01 21:27 . 2012-04-01 21:27 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-03-17 19:25 . 2012-02-10 05:41 1074176 c:\windows\SysWOW64\DWrite.dll
- 2011-05-07 00:08 . 2011-02-19 05:32 1074176 c:\windows\SysWOW64\DWrite.dll
+ 2012-03-17 19:25 . 2012-02-10 05:41 1170944 c:\windows\SysWOW64\d3d10warp.dll
- 2011-05-07 00:08 . 2010-11-02 04:35 1170944 c:\windows\SysWOW64\d3d10warp.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 1390080 c:\windows\system32\wininet.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 1345536 c:\windows\system32\urlmon.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 2308096 c:\windows\system32\jscript9.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 2144256 c:\windows\system32\iertutil.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 3695416 c:\windows\system32\ieapfltr.dat
+ 2012-03-17 19:25 . 2012-02-10 06:18 1541120 c:\windows\system32\DWrite.dll
- 2011-05-07 00:08 . 2010-11-02 05:12 1837568 c:\windows\system32\d3d10warp.dll
+ 2012-03-17 19:25 . 2012-02-10 06:17 1837568 c:\windows\system32\d3d10warp.dll
- 2009-07-14 04:45 . 2012-02-20 20:34 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-18 19:11 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-06 22:46 . 2012-04-03 01:19 7130484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3844539173-1936438449-2923979590-1000-8192.dat
+ 2011-08-25 06:45 . 2012-04-03 01:19 5055192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3844539173-1936438449-2923979590-1000-12288.dat
+ 2011-06-28 19:27 . 2011-06-28 19:27 4028928 c:\windows\Installer\148405.msp
+ 2012-02-21 23:22 . 2012-02-21 23:22 1171968 c:\windows\assembly\temp\1RQUKXVVIH\PaintDotNet.Base.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 4402688 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet\fa6677a70c1c1e49d579e5be107e7089\PaintDotNet.ni.exe
+ 2012-03-17 21:58 . 2012-03-17 21:58 1327616 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.SystemL#\15021e8a11c2a91647ec203a8fbdaea2\PaintDotNet.SystemLayer.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 1070080 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.Effects\e75cbdf68cc62df49c83ac6c17a89cfc\PaintDotNet.Effects.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 2722816 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.Core\788d3f8c64d8561f5bb937aeb22939da\PaintDotNet.Core.ni.dll
- 2012-02-21 23:22 . 2012-02-21 23:22 1171968 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.Base\8511550b47e85cf4eca040d0fb3d029d\PaintDotNet.Base.ni.dll
+ 2012-03-17 21:58 . 2012-03-17 21:58 1171968 c:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.Base\8511550b47e85cf4eca040d0fb3d029d\PaintDotNet.Base.ni.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-04-03 13:12 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-06 18:52 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-03-18 08:32 . 2012-03-18 08:32 17790464 c:\windows\system32\mshtml.dll
+ 2011-05-06 22:41 . 2012-03-18 08:34 56297240 c:\windows\system32\MRT.exe
+ 2012-04-01 21:27 . 2012-04-01 21:27 11588768 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll
+ 2012-03-18 08:32 . 2012-03-18 08:32 10887168 c:\windows\system32\ieframe.dll
+ 2012-03-17 21:57 . 2012-03-17 21:57 21165568 c:\windows\Installer\9611f3.msi
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-01 129976]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [2011-07-13 2211984]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328]
R4 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256]
R4 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 Apache2.2;Apache2.2;c:\eathena\Tools\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\programme\TuneUp Utilities\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\programme\TuneUp Utilities\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\programme\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3844539173-1936438449-2923979590-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5473477D-7193-E381-E3FE-DF57624E07BF}*]
"hambfjiofmmgfijc"=hex:6b,61,61,6f,66,62,65,68,6a,6b,64,65,69,6a,69,6a,6c,66,
6f,65,6c,6b,00,77
.
[HKEY_USERS\S-1-5-21-3844539173-1936438449-2923979590-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEC72107-E9F4-DF09-4439-0FE10297BD1D}*]
@Allowed: (Read) (RestrictedCode)
"oalonbpbbkbaenagampnmpmchmfenh"=hex:64,61,6d,69,68,67,62,65,00,fc
"oapmnecligcineemcceaofnfapfaeo"=hex:69,61,62,69,6d,65,62,61,69,6b,63,6d,61,67,
70,6d,67,6d,00,00
"najmhbneccmfabkenkbefdbckiec"=hex:69,61,62,69,6d,65,62,61,69,6b,63,6d,61,67,
70,6d,67,6d,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-03 16:31:45
ComboFix-quarantined-files.txt 2012-04-03 14:31
ComboFix2.txt 2012-03-06 19:10
.
Vor Suchlauf: 23 Verzeichnis(se), 21.144.391.680 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 20.939.796.480 Bytes frei
.
- - End Of File - - AF9B929100C52B28C59AD236811F4820
|
|
| Themen zu Virus blockiert Task-Manager und alles |
| acrobat update, antivir, avgnt, avira, bildschirm, blockiert, computer, desktop, error, firefox, flash player, helper, hotspot, langs, logfile, mozilla, nodrives, nvstor.sys, object, paysafecard, plug-in, realtek, rechtlich, registry, required, rundll, scan, searchscopes, software, starten, svchost.exe, system, taskmanager, usb 2.0, virus, windows |
Hybrid-Darstellung
