| |
| |||||||
Log-Analyse und Auswertung: Trojaner (Antimaleware Doctor) und eventuell auch mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.09.2010, 13:08
| #1 |
| |  Trojaner (Antimaleware Doctor) und eventuell auch mehr Hallo Leute, habe wohl einen bzw meherere Trojaner auf dem PC. Hatte einen Suchdurchlauf mit Malwarebytes Aniti Malware und SUPERAntiSpyware laufen lassen und alles gelöscht. Doch als ich vom Abgesicherten Modus wieder in den Normalen Modus gegangen bin war alles wieder da. Lasse jetzt Malwarebytes ein zweites Mal durchlaufen und habe einiges mit HijackThis entfernt, aber was muss ich machen um die Schädlinge permanent wegzukriegen? Vielen Dank im Vorraus HijackThis-, RSIT-, hjtscanlist logs im Anhang |
|
08.09.2010, 13:54
| #2 |
| /// Malware-holic   | Trojaner (Antimaleware Doctor) und eventuell auch mehr unter malwarebytes, logdateien, poste das erste scan log + das vom neuen scan.
__________________ |
|
08.09.2010, 14:12
| #3 |
| | Trojaner (Antimaleware Doctor) und eventuell auch mehr Der neue:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4302
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
08.09.2010 14:59:06
mbam-log-2010-09-08 (14-59-06).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 379292
Laufzeit: 1 Stunde(n), 0 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Basti\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Der alte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4302
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
07.09.2010 22:31:45
mbam-log-2010-09-07 (22-31-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 378001
Laufzeit: 56 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\Temp\0.03431850532331426.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.13627568308413596.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.1020188554202297.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.2261102639580611.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.5718292508924075.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\Test.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
|
|
08.09.2010, 14:43
| #4 |
| /// Malware-holic | Trojaner (Antimaleware Doctor) und eventuell auch mehr update mal malwarebytes, schalte dann alle aktieven programme, auch antivirus aus. trenne die internetverbindung und starte nen komplett scan, funde löschen, log posten. |
|
08.09.2010, 17:25
| #5 |
| | Trojaner (Antimaleware Doctor) und eventuell auch mehr Hat nochmal einiges gefunden, danke schonmal. Kann sich noch irgendwo was versteckt haben? Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4571
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
08.09.2010 18:23:53
mbam-log-2010-09-08 (18-23-53).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 385863
Laufzeit: 57 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netlog2 (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\svc2.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\racis.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\sbpad.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\lsmtynioy\ryaxurfuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\202fbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\3d0c25nfd.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\ahnob.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\aqy8v7y1.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\cyac.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\dcvkbgj.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\E0E4.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\FC50.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\FCFB.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\FE91.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\ubwdklcx.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\mediafix70700en02.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\Desktop\Hosting\EA\EasyAccount.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6f07f4d6-11b4fcca (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gpupdate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\BA27.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\BC93.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
|
|
14.09.2010, 18:23
| #6 |
| | Trojaner (Antimaleware Doctor) und eventuell auch mehr Habe noch einen drauf Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4571 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.09.2010 16:28:02 mbam-log-2010-09-13 (16-28-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|) Durchsuchte Objekte: 400411 Laufzeit: 2 Stunde(n), 43 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\drivers\qbbbppop.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Wie werde ich den los? Ist trotz mehrmaligem löschen immerwieder drauf |
|
14.09.2010, 18:35
| #7 |
| /// Malware-holic | Trojaner (Antimaleware Doctor) und eventuell auch mehr bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
14.09.2010, 19:17
| #8 |
| | Trojaner (Antimaleware Doctor) und eventuell auch mehr Combofix Logfile: Code:
ATTFilter ComboFix 10-09-14.01 - Basti 14.09.2010 19:55:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3327.2451 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Basti\AppData\Local\Windows Server
c:\users\Basti\AppData\Local\Windows Server\admin.txt
c:\users\Basti\AppData\Local\Windows Server\server.dat
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\enemies-names.txt
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\local.ini
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Basti\jeali.exe
c:\users\Basti\uspad.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\Data
c:\windows\system32\msllhsjn.dll
c:\windows\system32\nbai.amo
Infizierte Kopie von c:\windows\system32\drivers\tdx.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-14 bis 2010-09-14 ))))))))))))))))))))))))))))))
.
2010-09-10 15:36 . 2010-09-10 15:36 -------- d-----w- c:\program files\ASIO4ALL v2
2010-09-10 15:30 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-09-10 15:29 . 2010-09-10 15:30 -------- d-----w- c:\program files\Vstplugins
2010-09-10 15:29 . 2010-09-10 15:29 -------- d-----w- c:\program files\Outsim
2010-09-10 15:26 . 2010-09-10 15:30 -------- d-----w- c:\program files\Image-Line
2010-09-08 11:38 . 2010-09-08 12:03 -------- d-----w- c:\program files\trend micro
2010-09-08 11:38 . 2010-09-08 11:38 -------- dc----w- C:\rsit
2010-09-08 11:27 . 2010-09-08 11:27 113 ----a-w- c:\users\Basti\a.bat
2010-09-08 11:25 . 2010-09-07 06:43 114688 ----a-w- c:\users\Basti\impad.exe
2010-09-08 11:25 . 2010-09-10 14:00 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-07 18:16 . 2010-09-08 16:23 -------- d-----w- c:\users\Basti\AppData\Local\lsmtynioy
2010-09-04 13:20 . 2010-09-04 13:20 -------- d--h--w- c:\program files\InstallJammer Registry
2010-09-03 21:07 . 2010-09-03 21:07 -------- dc----w- c:\programdata\SweetIM
2010-09-03 13:23 . 2010-09-03 13:23 -------- d-----w- c:\users\Basti\AppData\Local\119614856374854900
2010-09-03 13:23 . 2010-09-03 13:23 -------- d-----w- c:\users\Basti\AppData\Local\119611643739317492
2010-09-02 22:17 . 2010-09-10 16:34 -------- d-----w- c:\users\Basti\AppData\Roaming\.minecraft
2010-08-30 19:45 . 2010-08-30 19:49 -------- d-----w- c:\program files\osu!
2010-08-30 19:44 . 2010-08-30 19:44 -------- d-----w- c:\users\Basti\AppData\Roaming\Downloaded Installations
2010-08-30 18:03 . 2010-08-30 18:03 -------- dc----w- c:\programdata\IsolatedStorage
2010-08-21 19:04 . 2010-08-21 19:04 -------- d-----w- c:\users\Basti\AppData\Roaming\Creative
2010-08-20 13:08 . 2010-08-20 13:08 -------- d-----w- c:\users\Basti\AppData\Local\TechSmith
2010-08-18 21:25 . 2010-08-18 21:25 -------- d-----w- c:\users\Basti\AppData\Local\119614890735445236
2010-08-18 21:25 . 2010-08-18 21:25 -------- d-----w- c:\users\Basti\AppData\Local\119611678099907828
2010-08-18 13:30 . 2010-08-18 13:30 -------- d-----w- c:\users\Basti\AppData\Local\119614890734396660
2010-08-18 13:30 . 2010-08-18 13:30 -------- d-----w- c:\users\Basti\AppData\Local\119611678098859252
2010-08-17 20:12 . 2010-08-17 20:12 -------- d-----w- c:\users\Basti\AppData\Roaming\Xilisoft
2010-08-17 19:10 . 2010-08-17 19:10 -------- d-----w- c:\users\Basti\AppData\Roaming\Datel
2010-08-17 19:09 . 2010-08-17 19:09 -------- d-----w- c:\program files\Datel
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\users\Basti\AppData\Roaming\GameTuts
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\users\Basti\AppData\Local\GameTuts
2010-08-17 14:46 . 2010-08-17 14:47 -------- dc----w- c:\programdata\XHEO INC
2010-08-17 14:45 . 2010-08-17 14:45 -------- d-----w- c:\users\Basti\AppData\Local\IsolatedStorage
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 18:10 . 2010-02-07 16:16 -------- d-----w- c:\users\Basti\AppData\Roaming\Skype
2010-09-14 18:08 . 2010-06-11 16:24 -------- d-----w- c:\users\Basti\AppData\Roaming\Dropbox
2010-09-14 18:08 . 2010-02-18 21:00 -------- d-----w- c:\users\Basti\AppData\Roaming\Xfire
2010-09-14 18:08 . 2010-02-07 16:18 -------- d-----w- c:\users\Basti\AppData\Roaming\skypePM
2010-09-14 18:08 . 2010-08-12 13:32 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-14 18:08 . 2010-06-28 16:49 -------- d-----w- c:\program files\Steam
2010-09-14 18:07 . 2010-02-16 17:03 -------- dc----w- c:\programdata\NVIDIA
2010-09-14 18:01 . 2009-07-14 08:47 696132 ----a-w- c:\windows\system32\perfh007.dat
2010-09-14 18:01 . 2009-07-14 08:47 147428 ----a-w- c:\windows\system32\perfc007.dat
2010-09-14 17:34 . 2010-02-21 16:55 -------- d-----w- c:\program files\JDownloader
2010-09-13 19:50 . 2010-09-10 16:34 65024 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-13 19:50 . 2010-09-10 16:34 62464 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-13 19:50 . 2010-09-10 16:34 61952 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-09-13 19:50 . 2010-09-10 16:34 59392 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-09-13 19:50 . 2010-09-10 16:34 273920 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-13 19:50 . 2010-09-10 16:34 195072 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-13 19:50 . 2010-09-10 16:34 193024 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-09-13 19:50 . 2010-09-10 16:34 108032 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-09-13 19:28 . 2010-03-12 13:59 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-13 19:28 . 2010-03-12 13:59 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 14:28 . 2010-02-07 14:22 -------- d-----w- c:\users\Basti\AppData\Roaming\ICQ
2010-09-12 20:47 . 2010-02-07 14:45 -------- d-----w- c:\users\Basti\AppData\Roaming\vlc
2010-09-11 11:16 . 2010-02-18 21:00 -------- dc----w- c:\programdata\Xfire
2010-09-10 20:17 . 2010-05-13 19:39 -------- d-----w- c:\program files\MeGUI
2010-09-10 11:31 . 2010-03-07 15:51 -------- d-----w- c:\users\Basti\AppData\Roaming\UseNeXT
2010-09-09 22:36 . 2010-02-15 22:00 -------- dc----w- c:\programdata\Sony
2010-09-09 22:35 . 2010-02-15 22:15 -------- d-----w- c:\users\Basti\AppData\Roaming\Sony
2010-09-07 20:35 . 2010-07-10 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 12:08 . 2010-04-25 13:33 -------- dc----w- c:\programdata\Microsoft Help
2010-09-06 22:36 . 2010-02-21 02:20 128400 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-04 23:23 . 2010-09-04 23:22 2788816 ----a-w- c:\users\Basti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-09-04 13:20 . 2010-09-04 13:20 1490343 ----a-w- c:\windows\Cursors\uninstall.exe
2010-09-03 21:17 . 2010-05-01 19:03 -------- d-----w- c:\program files\Sony
2010-09-03 15:59 . 2010-09-03 15:59 144696 -c--a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-03 15:59 . 2010-05-08 21:47 -------- dc----w- c:\programdata\DivX
2010-08-31 18:49 . 2010-02-07 00:25 86296 ----a-w- c:\users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-31 18:45 . 2010-02-13 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-29 18:41 . 2010-07-21 18:35 -------- d-----w- c:\program files\MW2CU
2010-08-29 12:58 . 2010-02-07 14:21 -------- d-----w- c:\program files\ICQ7.0
2010-08-28 19:56 . 2010-08-28 19:56 126976 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuozl.exe
2010-08-28 11:55 . 2010-02-07 14:48 -------- d-----w- c:\users\Basti\AppData\Roaming\dvdcss
2010-08-17 20:10 . 2010-04-06 20:20 -------- d-----w- c:\program files\Xilisoft
2010-08-12 21:59 . 2010-08-12 21:59 47364 -c--a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-12 21:59 . 2010-08-12 20:29 -------- dc----w- c:\programdata\Blizzard Entertainment
2010-08-12 20:48 . 2010-08-12 20:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-12 15:42 . 2010-02-16 17:02 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-12 15:42 . 2010-02-16 17:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:20 . 2010-08-11 18:19 -------- d-----w- c:\users\Basti\AppData\Roaming\ManyCam
2010-08-11 18:19 . 2010-08-11 18:19 -------- d-----w- c:\program files\ManyCam
2010-08-11 18:10 . 2010-08-11 18:10 -------- d-----w- c:\program files\Fake Webcam
2010-08-11 18:10 . 2010-08-11 18:10 -------- d-----w- c:\program files\Common Files\fwc
2010-08-11 17:58 . 2010-08-11 17:58 10134 ----a-r- c:\users\Basti\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-08-11 17:58 . 2010-08-11 17:58 -------- d-----w- c:\program files\AMD
2010-08-08 12:42 . 2010-04-02 22:40 -------- d-----w- c:\program files\Palringo
2010-08-04 22:58 . 2010-08-04 22:51 -------- d-----w- c:\users\Basti\AppData\Roaming\Call Graph
2010-08-04 22:53 . 2010-08-04 22:53 -------- d-----w- c:\users\Basti\AppData\Roaming\Sedna Wireless
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\program files\Call Graph
2010-08-01 22:16 . 2010-02-16 22:41 -------- d-----w- c:\program files\WeGame
2010-07-31 15:01 . 2010-07-31 15:04 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-07-30 20:22 . 2010-02-11 14:30 -------- d-----w- c:\users\Basti\AppData\Roaming\Media Player Classic
2010-07-30 17:41 . 2010-07-30 17:29 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-30 17:30 . 2010-07-30 17:30 -------- d-----w- c:\program files\CCleaner
2010-07-30 17:29 . 2010-07-30 17:29 -------- d-----w- c:\users\Basti\AppData\Roaming\TuneUp Software
2010-07-30 17:29 . 2010-07-30 17:29 -------- dc----w- c:\programdata\TuneUp Software
2010-07-30 17:28 . 2010-07-30 17:28 -------- dcsh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-29 00:01 . 2010-07-29 00:01 -------- d-----w- c:\program files\Orekaria
2010-07-27 18:00 . 2010-07-26 00:03 148 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-07-26 20:28 . 2010-07-26 20:27 -------- d-----w- c:\program files\Cinema4D
2010-07-26 00:03 . 2010-07-26 00:03 16 -c-h--w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\nkz3kk1.dll
2010-07-26 00:03 . 2010-07-26 00:03 120 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03 -------- dc----w- c:\programdata\SafeNet Sentinel
2010-07-26 00:03 . 2010-07-26 00:03 -------- d-----w- c:\program files\Vicon
2010-07-25 21:08 . 2010-07-25 21:08 -------- dc----w- c:\programdata\regid.1986-12.com.adobe
2010-07-25 20:45 . 2010-07-25 20:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 20:44 . 2010-07-25 20:45 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-25 19:31 . 2010-02-06 23:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 19:14 . 2010-07-23 00:58 -------- d-----w- c:\program files\Illustrate
2010-07-25 18:53 . 2010-07-25 18:53 -------- d-----w- c:\program files\VS Revo Group
2010-07-25 16:06 . 2010-02-13 15:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-23 00:59 . 2010-07-23 00:59 3291 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-23 00:59 . 2010-03-19 22:17 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-22 00:17 . 2010-07-22 00:17 -------- d-----w- c:\program files\Noel Danjou
2010-07-21 16:53 . 2010-04-25 13:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-20 12:57 . 2010-07-19 18:39 -------- d-----w- c:\program files\MediaInfo
2010-07-19 18:40 . 2010-07-19 18:40 -------- d-----w- c:\users\Basti\AppData\Roaming\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39 -------- d-----w- c:\program files\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39 331304 ----a-w- c:\users\Basti\AppData\Roaming\OpenCandy\OpenCandy_2CBAF7D0FFB3454FBE5E3999AE55DD86\DLMgr_3_1.6.44.exe
2010-07-19 18:39 . 2010-07-19 18:39 -------- d-----w- c:\users\Basti\AppData\Roaming\OpenCandy
2010-07-18 19:53 . 2010-07-06 11:39 -------- d-----w- c:\program files\PS3 Media Server
2010-07-17 22:54 . 2010-07-17 22:52 -------- d-----w- c:\program files\Google
2010-07-17 22:50 . 2010-07-17 22:50 -------- d-----w- c:\program files\Common Files\Skype
2010-07-12 17:10 . 2010-07-10 23:43 63488 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-12 17:10 . 2010-07-10 23:43 117760 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-10 23:43 . 2010-07-10 23:43 52224 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-06 11:26 . 2010-07-30 17:30 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\steam\steam.exe" [2010-08-28 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-02 2424560]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2010-02-13 2521464]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-06-24 1680680]
"Google Update"="c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nuozl.exe [2010-8-28 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-13 17:05 2521464 -c--a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-05-14 13:33 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2010-02-18 10:24 1573448 -c--a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2010-02-18 10:47 3203144 -c--a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-06-21 18:41 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-02 11:53 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
R0 jpqje;jpqje;c:\windows\System32\drivers\wvjhfc.sys [x]
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-06 79360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3411964]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-07 1343400]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-12 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-21 173352]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - qbbbppop
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000Core.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000UA.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
HKCU-Run-saeji - c:\users\Basti\saeji.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-Adobe_ID0ENQBO - c:\progra~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSConfigStartUp-nonep - c:\users\Basti\AppData\Local\Temp\tmp9c3961f8\killexe.exe
MSConfigStartUp-Pinnacle Game Profiler - c:\program files\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\WebcamMax.exe
MSConfigStartUp-{0D6EF551-81D5-428B-6701-9BBA448D5B36} - c:\users\Basti\AppData\Roaming\Owcuw\yfony.exe
AddRemove-FLV Pro Player - c:\program files\FLV Pro Player\uninstall.exe
AddRemove-LOCO - c:\program files\Alaplaya\LOCO\uninst.exe
AddRemove-MeGUI - c:\program files\MeGUI\megui-uninstall.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\qbbbppop]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1584810832-2463764626-296550485-1000\Software\SecuROM\License information*]
"datasecu"=hex:73,24,85,13,71,26,4a,6b,8f,ec,e8,27,94,6e,b0,64,91,38,cd,f2,67,
5d,c6,e1,d7,a5,3f,0f,26,34,1a,18,33,36,ab,3d,e0,38,14,f9,3c,ae,5f,3c,d9,90,\
"rkeysecu"=hex:00,37,ca,59,02,77,7a,3b,cd,04,49,ad,15,94,a4,bf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(2920)
c:\users\Basti\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-14 20:16:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-14 18:16
Vor Suchlauf: 5.151.526.912 Bytes frei
Nach Suchlauf: 5.332.586.496 Bytes frei
- - End Of File - - 10E6CFCF8D19C141507FE55101FD9028
|
|
14.09.2010, 19:42
| #9 |
| /// Malware-holic | Trojaner (Antimaleware Doctor) und eventuell auch mehr start programme zubehör editor,kopiere rein Killall:: Rootkit:: c:\windows\System32\drivers\wvjhfc.sys c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nuozl.exe c:\windows\system32\drivers\qbbbppop.sys Driver:: wvjhfc qbbbppop folder:: c:\users\Basti\AppData\Local\lsmtynioy dds:: uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5577 Datei speichern unter, ort dort wo sich combofix.exe befindet. typ alle dateien, name cfscript.txt ziehe cfscript auf combofix, programm startet, log posten. |
|
14.09.2010, 20:50
| #10 |
| | Trojaner (Antimaleware Doctor) und eventuell auch mehrCode:
ATTFilter ComboFix 10-09-14.01 - Basti 14.09.2010 21:20:42.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3327.2176 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Basti\Downloads\cfscript.txt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Basti\AppData\Local\lsmtynioy
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_QBBBPPOP
-------\Service_qbbbppop
-------\Service_jpqje
((((((((((((((((((((((( Dateien erstellt von 2010-08-14 bis 2010-09-14 ))))))))))))))))))))))))))))))
.
2010-09-14 19:30 . 2010-09-14 19:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-14 19:30 . 2010-09-14 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-14 18:41 . 2010-09-14 18:41 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-09-14 18:06 . 2010-09-14 19:44 -------- d-----w- c:\users\Basti\AppData\Local\temp
2010-09-10 16:34 . 2010-09-13 19:50 65024 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-10 16:34 . 2010-09-13 19:50 62464 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-10 16:34 . 2010-09-13 19:50 61952 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-09-10 16:34 . 2010-09-13 19:50 59392 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-09-10 16:34 . 2010-09-13 19:50 273920 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-10 16:34 . 2010-09-13 19:50 195072 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-10 16:34 . 2010-09-13 19:50 193024 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-09-10 16:34 . 2010-09-13 19:50 108032 ----a-w- c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-09-10 15:36 . 2010-09-10 15:36 -------- d-----w- c:\program files\ASIO4ALL v2
2010-09-10 15:30 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-09-10 15:29 . 2010-09-10 15:30 -------- d-----w- c:\program files\Vstplugins
2010-09-10 15:29 . 2010-09-10 15:29 -------- d-----w- c:\program files\Outsim
2010-09-10 15:26 . 2010-09-10 15:30 -------- d-----w- c:\program files\Image-Line
2010-09-08 11:38 . 2010-09-08 12:03 -------- d-----w- c:\program files\trend micro
2010-09-08 11:38 . 2010-09-08 11:38 -------- dc----w- C:\rsit
2010-09-08 11:27 . 2010-09-08 11:27 113 ----a-w- c:\users\Basti\a.bat
2010-09-08 11:25 . 2010-09-07 06:43 114688 ----a-w- c:\users\Basti\impad.exe
2010-09-08 11:25 . 2010-09-10 14:00 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-07 18:16 . 2010-09-14 19:30 778752 ----a-w- c:\windows\system32\drivers\qbbbppop.sys
2010-09-04 23:22 . 2010-09-04 23:23 2788816 ----a-w- c:\users\Basti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-09-04 13:20 . 2010-09-04 13:20 -------- d--h--w- c:\program files\InstallJammer Registry
2010-09-03 21:07 . 2010-09-03 21:07 -------- dc----w- c:\programdata\SweetIM
2010-09-03 15:59 . 2010-09-03 15:59 144696 -c--a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-03 13:23 . 2010-09-03 13:23 -------- d-----w- c:\users\Basti\AppData\Local\119614856374854900
2010-09-03 13:23 . 2010-09-03 13:23 -------- d-----w- c:\users\Basti\AppData\Local\119611643739317492
2010-09-02 22:17 . 2010-09-10 16:34 -------- d-----w- c:\users\Basti\AppData\Roaming\.minecraft
2010-08-30 19:45 . 2010-08-30 19:49 -------- d-----w- c:\program files\osu!
2010-08-30 19:44 . 2010-08-30 19:44 -------- d-----w- c:\users\Basti\AppData\Roaming\Downloaded Installations
2010-08-30 18:03 . 2010-08-30 18:03 -------- dc----w- c:\programdata\IsolatedStorage
2010-08-28 19:56 . 2010-08-28 19:56 126976 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuozl.exe
2010-08-21 19:04 . 2010-08-21 19:04 -------- d-----w- c:\users\Basti\AppData\Roaming\Creative
2010-08-20 13:08 . 2010-08-20 13:08 -------- d-----w- c:\users\Basti\AppData\Local\TechSmith
2010-08-18 21:25 . 2010-08-18 21:25 -------- d-----w- c:\users\Basti\AppData\Local\119614890735445236
2010-08-18 21:25 . 2010-08-18 21:25 -------- d-----w- c:\users\Basti\AppData\Local\119611678099907828
2010-08-18 13:30 . 2010-08-18 13:30 -------- d-----w- c:\users\Basti\AppData\Local\119614890734396660
2010-08-18 13:30 . 2010-08-18 13:30 -------- d-----w- c:\users\Basti\AppData\Local\119611678098859252
2010-08-17 20:12 . 2010-08-17 20:12 -------- d-----w- c:\users\Basti\AppData\Roaming\Xilisoft
2010-08-17 19:10 . 2010-08-17 19:10 -------- d-----w- c:\users\Basti\AppData\Roaming\Datel
2010-08-17 19:09 . 2010-08-17 19:09 -------- d-----w- c:\program files\Datel
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\users\Basti\AppData\Roaming\GameTuts
2010-08-17 16:01 . 2010-08-17 16:01 -------- d-----w- c:\users\Basti\AppData\Local\GameTuts
2010-08-17 14:46 . 2010-08-17 14:47 -------- dc----w- c:\programdata\XHEO INC
2010-08-17 14:45 . 2010-08-17 14:45 -------- d-----w- c:\users\Basti\AppData\Local\IsolatedStorage
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 19:45 . 2010-02-07 16:16 -------- d-----w- c:\users\Basti\AppData\Roaming\Skype
2010-09-14 19:44 . 2010-06-11 16:24 -------- d-----w- c:\users\Basti\AppData\Roaming\Dropbox
2010-09-14 19:44 . 2010-06-28 16:49 -------- d-----w- c:\program files\Steam
2010-09-14 19:36 . 2009-07-14 08:47 696132 ----a-w- c:\windows\system32\perfh007.dat
2010-09-14 19:36 . 2009-07-14 08:47 147428 ----a-w- c:\windows\system32\perfc007.dat
2010-09-14 19:32 . 2010-08-12 13:32 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-14 19:32 . 2010-02-16 17:03 -------- dc----w- c:\programdata\NVIDIA
2010-09-14 19:19 . 2010-07-10 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-14 18:41 . 2010-02-12 12:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-14 18:39 . 2010-02-12 12:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-14 18:08 . 2010-02-18 21:00 -------- d-----w- c:\users\Basti\AppData\Roaming\Xfire
2010-09-14 18:08 . 2010-02-07 16:18 -------- d-----w- c:\users\Basti\AppData\Roaming\skypePM
2010-09-14 17:34 . 2010-02-21 16:55 -------- d-----w- c:\program files\JDownloader
2010-09-13 19:28 . 2010-03-12 13:59 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-13 19:28 . 2010-03-12 13:59 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 14:28 . 2010-02-07 14:22 -------- d-----w- c:\users\Basti\AppData\Roaming\ICQ
2010-09-12 20:47 . 2010-02-07 14:45 -------- d-----w- c:\users\Basti\AppData\Roaming\vlc
2010-09-11 11:16 . 2010-02-18 21:00 -------- dc----w- c:\programdata\Xfire
2010-09-10 20:17 . 2010-05-13 19:39 -------- d-----w- c:\program files\MeGUI
2010-09-10 11:31 . 2010-03-07 15:51 -------- d-----w- c:\users\Basti\AppData\Roaming\UseNeXT
2010-09-09 22:36 . 2010-02-15 22:00 -------- dc----w- c:\programdata\Sony
2010-09-09 22:35 . 2010-02-15 22:15 -------- d-----w- c:\users\Basti\AppData\Roaming\Sony
2010-09-07 12:08 . 2010-04-25 13:33 -------- dc----w- c:\programdata\Microsoft Help
2010-09-06 22:36 . 2010-02-21 02:20 128400 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-04 13:20 . 2010-09-04 13:20 1490343 ----a-w- c:\windows\Cursors\uninstall.exe
2010-09-03 21:17 . 2010-05-01 19:03 -------- d-----w- c:\program files\Sony
2010-09-03 15:59 . 2010-05-08 21:47 -------- dc----w- c:\programdata\DivX
2010-08-31 18:49 . 2010-02-07 00:25 86296 ----a-w- c:\users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-31 18:45 . 2010-02-13 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-29 18:41 . 2010-07-21 18:35 -------- d-----w- c:\program files\MW2CU
2010-08-29 12:58 . 2010-02-07 14:21 -------- d-----w- c:\program files\ICQ7.0
2010-08-28 11:55 . 2010-02-07 14:48 -------- d-----w- c:\users\Basti\AppData\Roaming\dvdcss
2010-08-17 20:10 . 2010-04-06 20:20 -------- d-----w- c:\program files\Xilisoft
2010-08-12 21:59 . 2010-08-12 21:59 47364 -c--a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-12 21:59 . 2010-08-12 20:29 -------- dc----w- c:\programdata\Blizzard Entertainment
2010-08-12 20:48 . 2010-08-12 20:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-12 15:42 . 2010-02-16 17:02 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-12 15:42 . 2010-02-16 17:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:20 . 2010-08-11 18:19 -------- d-----w- c:\users\Basti\AppData\Roaming\ManyCam
2010-08-11 18:19 . 2010-08-11 18:19 -------- d-----w- c:\program files\ManyCam
2010-08-11 18:10 . 2010-08-11 18:10 -------- d-----w- c:\program files\Fake Webcam
2010-08-11 18:10 . 2010-08-11 18:10 -------- d-----w- c:\program files\Common Files\fwc
2010-08-11 17:58 . 2010-08-11 17:58 10134 ----a-r- c:\users\Basti\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-08-11 17:58 . 2010-08-11 17:58 -------- d-----w- c:\program files\AMD
2010-08-08 12:42 . 2010-04-02 22:40 -------- d-----w- c:\program files\Palringo
2010-08-04 22:58 . 2010-08-04 22:51 -------- d-----w- c:\users\Basti\AppData\Roaming\Call Graph
2010-08-04 22:53 . 2010-08-04 22:53 -------- d-----w- c:\users\Basti\AppData\Roaming\Sedna Wireless
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\program files\Call Graph
2010-08-01 22:16 . 2010-02-16 22:41 -------- d-----w- c:\program files\WeGame
2010-07-31 15:01 . 2010-07-31 15:04 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-07-30 20:22 . 2010-02-11 14:30 -------- d-----w- c:\users\Basti\AppData\Roaming\Media Player Classic
2010-07-30 17:41 . 2010-07-30 17:29 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-30 17:30 . 2010-07-30 17:30 -------- d-----w- c:\program files\CCleaner
2010-07-30 17:29 . 2010-07-30 17:29 -------- d-----w- c:\users\Basti\AppData\Roaming\TuneUp Software
2010-07-30 17:29 . 2010-07-30 17:29 -------- dc----w- c:\programdata\TuneUp Software
2010-07-30 17:28 . 2010-07-30 17:28 -------- dcsh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-29 00:01 . 2010-07-29 00:01 -------- d-----w- c:\program files\Orekaria
2010-07-27 18:00 . 2010-07-26 00:03 148 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-07-26 20:28 . 2010-07-26 20:27 -------- d-----w- c:\program files\Cinema4D
2010-07-26 00:03 . 2010-07-26 00:03 16 -c-h--w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\nkz3kk1.dll
2010-07-26 00:03 . 2010-07-26 00:03 120 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03 1024 -c--a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03 -------- dc----w- c:\programdata\SafeNet Sentinel
2010-07-26 00:03 . 2010-07-26 00:03 -------- d-----w- c:\program files\Vicon
2010-07-25 21:08 . 2010-07-25 21:08 -------- dc----w- c:\programdata\regid.1986-12.com.adobe
2010-07-25 20:45 . 2010-07-25 20:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 20:44 . 2010-07-25 20:45 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-25 19:31 . 2010-02-06 23:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 19:14 . 2010-07-23 00:58 -------- d-----w- c:\program files\Illustrate
2010-07-25 18:53 . 2010-07-25 18:53 -------- d-----w- c:\program files\VS Revo Group
2010-07-25 16:06 . 2010-02-13 15:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-23 00:59 . 2010-07-23 00:59 3291 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-23 00:59 . 2010-03-19 22:17 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-22 00:17 . 2010-07-22 00:17 -------- d-----w- c:\program files\Noel Danjou
2010-07-21 16:53 . 2010-04-25 13:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-20 12:57 . 2010-07-19 18:39 -------- d-----w- c:\program files\MediaInfo
2010-07-19 18:40 . 2010-07-19 18:40 -------- d-----w- c:\users\Basti\AppData\Roaming\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39 -------- d-----w- c:\program files\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39 331304 ----a-w- c:\users\Basti\AppData\Roaming\OpenCandy\OpenCandy_2CBAF7D0FFB3454FBE5E3999AE55DD86\DLMgr_3_1.6.44.exe
2010-07-19 18:39 . 2010-07-19 18:39 -------- d-----w- c:\users\Basti\AppData\Roaming\OpenCandy
2010-07-18 19:53 . 2010-07-06 11:39 -------- d-----w- c:\program files\PS3 Media Server
2010-07-17 22:54 . 2010-07-17 22:52 -------- d-----w- c:\program files\Google
2010-07-17 22:50 . 2010-07-17 22:50 -------- d-----w- c:\program files\Common Files\Skype
2010-07-12 17:10 . 2010-07-10 23:43 63488 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-12 17:10 . 2010-07-10 23:43 117760 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-10 23:43 . 2010-07-10 23:43 52224 ----a-w- c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-06 11:26 . 2010-07-30 17:30 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-06 11:20 . 2010-07-30 17:41 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-07-06 11:20 . 2010-07-30 17:41 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-26 23:38 . 2010-03-12 13:59 138056 ----a-w- c:\users\Basti\AppData\Roaming\PnkBstrK.sys
2010-06-26 23:38 . 2010-03-12 13:59 138056 ----a-w- c:\users\Basti\AppData\Roaming\PnkBstrK.sys
2010-06-26 23:37 . 2010-03-12 13:58 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-06-26 13:57 . 2010-04-17 13:47 119296 ----a-w- c:\windows\system32\zlib.dll
2010-06-18 10:22 . 2010-06-18 10:22 72504 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-18 10:22 . 2010-06-18 10:22 71992 -c--a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\steam\steam.exe" [2010-08-28 1242448]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2010-02-13 2521464]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-06-24 1680680]
"Google Update"="c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nuozl.exe [2010-8-28 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-13 17:05 2521464 -c--a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-05-14 13:33 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2010-02-18 10:24 1573448 -c--a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2010-02-18 10:47 3203144 -c--a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-06-21 18:41 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-02 11:53 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-06 79360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3411964]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000Core.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000UA.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://home.sweetim.com
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1584810832-2463764626-296550485-1000\Software\SecuROM\License information*]
"datasecu"=hex:73,24,85,13,71,26,4a,6b,8f,ec,e8,27,94,6e,b0,64,91,38,cd,f2,67,
5d,c6,e1,d7,a5,3f,0f,26,34,1a,18,33,36,ab,3d,e0,38,14,f9,3c,ae,5f,3c,d9,90,\
"rkeysecu"=hex:00,37,ca,59,02,77,7a,3b,cd,04,49,ad,15,94,a4,bf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(2472)
c:\program files\Xfire\xfire_toucan_43094.dll
c:\users\Basti\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-14 21:49:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-14 19:49
ComboFix2.txt 2010-09-14 18:16
Vor Suchlauf: 4.875.395.072 Bytes frei
Nach Suchlauf: 4.648.689.664 Bytes frei
- - End Of File - - C5396FB5A373F55C0B225655904780FD
|
|
15.09.2010, 09:54
| #11 |
| /// Malware-holic | Trojaner (Antimaleware Doctor) und eventuell auch mehr öffne mein computer, c: qoobox dort rechtsklick auf quarantain und zu quarantain.zip oder rar hinzufügen. das archiv an uns hochladen. dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html |
|
17.09.2010, 17:29
| #12 |
| /// Malware-holic | Trojaner (Antimaleware Doctor) und eventuell auch mehr ok wie läuft er jetzt? |
|
17.09.2010, 18:27
| #13 |
| | Trojaner (Antimaleware Doctor) und eventuell auch mehr Normal, wie immer |
|
17.09.2010, 18:30
| #14 |
| /// Malware-holic | Trojaner (Antimaleware Doctor) und eventuell auch mehr also gab es keine antimalware dr. meldungen und sonstigen probleme? dann können wir nämlich zum schluss kommen |
|
| Themen zu Trojaner (Antimaleware Doctor) und eventuell auch mehr |
| abgesicherte, abgesicherten, abgesicherten modus, antimaleware, antimaleware doctor, doctor, entfern, entfernt, gen, hijack, hijackthis, laufe, laufen, leute, malwarebytes, modus, normale, normalen, permanent, schädlinge, superantispyware, troja, trojaner, wegzukriegen, zweites |
Linear-Darstellung
