Hi ich will überprüfen ob mein laptop noch sauber ist, den manchmal öffnet Firefox Seiten die er nicht öffnen sollte z.b. wenn ich in google audi a3 o.ä. eingebe dann kommt jedes mal eine Seite wo ich nen a3 kaufen kann z.b. ebay oder ähnliche seiten obwohl die eigentliche Adresse eine ganz andere ist..nun ja
Ausserdem kamen mir noch folgende Dateien beim Start up verdächtig vor:
-
inted.exe
-
cleansweep.exe
-
suxo.exe
deswegen hab ich die Prozesse erstmal deaktiviert..
und sry aber hab zwei Malware-Berichte drin...
Hier der erste:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4279
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
05.07.2010 22:34:31
malwarebyte log1.txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 126421
Laufzeit: 4 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 10
Infizierte Speicherprozesse:
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe (Backdoor.Agent) -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\llctkjsegkuxs (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alsrvn (Backdoor.Agent) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Program Files\$NtUninstallWTF1012$ (Adware.EZLife) -> No action taken.
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
Infizierte Dateien:
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe (Backdoor.Agent) -> No action taken.
C:\Windows\System32\gdpgwhwd.dll (Adware.EZlife) -> No action taken.
C:\Windows\System32\llctkjsegkuxs.exe (Adware.Adrotator) -> No action taken.
C:\Windows\System32\bplmgvuf.exe (Adware.Lifze) -> No action taken.
C:\Windows\System32\mtrajcgs.dll (Adware.Lifze) -> No action taken.
C:\Windows\System32\xvssuikgfvaz.dll (Adware.Adrotator) -> No action taken.
C:\Program Files\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> No action taken.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.
C:\Users\####\AppData\Roaming\addon.dat (Malware.Trace) -> No action taken.
C:\Windows\System32\fci.exe.exe (Worm.Zhelatin) -> No action taken.
Der zweite (ohaa jz kommts):
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4332
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
20.07.2010 22:48:20
mbam-log-2010-07-20 (22-48-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 287883
Laufzeit: 57 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 51
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0fd800de-8f9a-0a20-d284-efe759e688b3} (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\####\AppData\Roaming\Olulmu\suxo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Adegvu\uxyd.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Adug\atagu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Atva\lesy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Atvac\okti.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Axzou\osedp.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ceow\efrie.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Cile\ereka.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Edko\ofhou.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Olimef\hioq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Onecy\kuir.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Onli\ygtih.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Osxa\tyol.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Qeluo\orwo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Riozo\qedyi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ryvu\ufsi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Inykse\luigy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Isry\moivw.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Katyif\ywso.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Keiw\olnyq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Tigae\lacay.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Togaep\gatuy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Upokel\rouxa.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Uqyzho\atvac.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Utgu\mivuu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Uvup\valod.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Efik\eblii.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Egcy\kukyq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Enuro\xyty.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Eruvfo\yvvic.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Esynca\cotu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Fuizse\itliz.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Fukiz\gyer.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Gaave\imdo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Hicyoc\aduh.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Icpi\xiub.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Idqoo\afqi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Idve\ibduo.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ilec\ofuq.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Vywic\onecy.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wahemy\ypux.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wohoof\ehiw.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wowi\taacr.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Wyzofi\agyve.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Xiyt\ynopu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Xuty\zoer.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ynte\koyc.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Yqwosu\abpay.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ysosi\wuwe.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\####\AppData\Roaming\Ziyc\ibgu.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Windows\pss\inted.exe.Startup (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
RSIT Log:
RSIT Logfile:
Code:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Julia at 2010-07-20 23:31:48
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 51 GB (35%) free of 148 GB
Total RAM: 3066 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:32:17, on 20.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Julia\Desktop\^^^^^^\RSIT.exe
C:\Program Files\trend micro\Julia.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C0870115-39DF-3EFC-8886-5157427C8137} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: vuommy.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 6214 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{0E4EE21F-876B-46C3-8E36-00EE05DF8807}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0870115-39DF-3EFC-8886-5157427C8137}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Diamondback"=C:\Program Files\Razer\Diamondback 3G\razerhid.exe [2007-08-01 147456]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-19 13793824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-10 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cleansweep.exe]
C:\cleansweep.exe\cleansweep.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2010-05-14 1238352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0FD800DE-8F9A-0A20-D284-EFE759E688B3}]
C:\Users\Julia\AppData\Roaming\Olulmu\suxo.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-02-12 723496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Julia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk]
C:\PROGRA~1\FRITZ!~1\StCenter.exe [2005-11-15 679936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Julia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^inted.exe]
C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inted.exe []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bb0c06e-7791-11de-978e-001377b225a8}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-07-20 23:31:51 ----D---- C:\Program Files\trend micro
2010-07-20 23:31:48 ----D---- C:\rsit
2010-07-05 22:20:34 ----D---- C:\Users\####\AppData\Roaming\Malwarebytes
2010-07-05 22:20:20 ----D---- C:\ProgramData\Malwarebytes
2010-07-05 22:20:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-05 00:02:55 ----A---- C:\Windows\system32\SQLServerManager.msc
2010-07-05 00:02:54 ----A---- C:\Windows\system32\sqlctr90.dll
2010-07-05 00:02:53 ----A---- C:\Windows\system32\iwmssvc.dll
2010-07-05 00:02:52 ----A---- C:\Windows\system32\BCMMS32.DLL
2010-06-27 11:00:35 ----D---- C:\Windows\system32\Adobe
2010-06-26 12:56:56 ----D---- C:\Users\####\AppData\Roaming\Facebook
2010-06-24 09:33:20 ----D---- C:\Users\####\AppData\Roaming\Boek
======List of files/folders modified in the last 1 months======
2010-07-20 23:32:10 ----D---- C:\Windows\Temp
2010-07-20 23:31:53 ----D---- C:\Windows\Prefetch
2010-07-20 23:31:51 ----RD---- C:\Program Files
2010-07-20 23:30:32 ----D---- C:\Windows\Internet Logs
2010-07-20 23:28:59 ----D---- C:\Windows
2010-07-20 23:26:05 ----D---- C:\Windows\system32\drivers
2010-07-20 23:26:05 ----D---- C:\Windows\System32
2010-07-20 22:48:20 ----D---- C:\Users\####\AppData\Roaming\Olulmu
2010-07-20 21:48:04 ----D---- C:\Windows\pss
2010-07-20 21:46:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-18 12:18:27 ----D---- C:\Users\####\AppData\Roaming\dvdcss
2010-07-18 12:17:53 ----D---- C:\DVDVideoSoft
2010-07-17 11:50:26 ----D---- C:\Users\####\AppData\Roaming\Skype
2010-07-17 11:35:32 ----D---- C:\Users\####\AppData\Roaming\skypePM
2010-07-16 16:45:34 ----D---- C:\Downloads
2010-07-13 22:05:50 ----D---- C:\Windows\system32\catroot2
2010-07-08 07:30:13 ----D---- C:\Users\####\AppData\Roaming\Esset
2010-07-05 22:44:46 ----D---- C:\Windows\Branding
2010-07-05 22:20:20 ----HD---- C:\ProgramData
2010-07-04 18:53:15 ----D---- C:\Program Files\Steam
2010-06-30 19:16:09 ----D---- C:\Program Files\Mozilla Firefox
2010-06-28 20:45:34 ----D---- C:\Program Files\ICQ6.5
2010-06-27 11:03:54 ----D---- C:\ProgramData\NOS
2010-06-25 17:31:05 ----D---- C:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-01-04 75072]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-09-22 34968]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2009-12-18 223440]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-10-09 293776]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-27 281760]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2008-07-23 71184]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-27 25888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-19 9787488]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-10-18 47360]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\Windows\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-06-05 242048]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 aa1lkiwu;aa1lkiwu; C:\Windows\system32\drivers\aa1lkiwu.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Julia\AppData\Local\Temp\YKK8268.tmp []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-21 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-19 211488]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-07-23 693512]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 S3D Service (Win32);S3D Service (Win32); C:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2009-11-04 360960]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-07-23 910600]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-02-25 332720]
S4 AVM IGD CTRL Service;AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [2005-11-21 81920]
S4 de_serv;AVM FRITZ!web Routing Service; C:\Program Files\Common Files\AVM\de_serv.exe [2005-11-21 315392]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
-----------------EOF-----------------
--- --- ---
sieht wohl ziemlich heftig aus ^^
