Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC startet nach längerer Inaktivität einfach neu, Anti-Rootkit findet viel (https://www.trojaner-board.de/96423-pc-startet-laengerer-inaktivitaet-einfach-neu-anti-rootkit-findet-viel.html)

paranetic 10.03.2011 12:23
PC startet nach längerer Inaktivität einfach neu, Anti-Rootkit findet viel
 
Hallo,

mein PC startet nach längerer Inaktivität einfach neu, was dazu führt dass kein Virenscan durchläuft (komplett würde etwa 12 Stunden laufen und irgendwann startet er einfach neu, danach kommt eine Bluescreen-Meldung). Habe mal mit Sophos-Anti-Rootkit gescannt und viele Meldungen erhalten, die mir jetzt Sorgen machen. Außerdem gibts noch den OTL-Log (alle im Anhang)

Danke und viele Grüße

cosinus 11.03.2011 09:52
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

paranetic 11.03.2011 13:12
ok, hier der malwarebytes-log
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6017

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11.03.2011 13:10:59
mbam-log-2011-03-11 (13-10-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181715
Laufzeit: 5 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 11.03.2011 14:03
Zitat:
Art des Suchlaufs: Quick-Scan
Ich wollte einen Vollscan sehen.
Poste auch alle anderen vorhandenen Logs.

paranetic 11.03.2011 15:27
GMR hab ich auch mal scannen lassen.Ich kam dann gerade wieder an den PC --> war wohl in der Zwischenzeit wieder neu gestartet.

Malwarebytes-Scan läuft nochmal vollständig jetzt

paranetic 11.03.2011 20:10
Hier der Full-Scan:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6017

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11.03.2011 20:08:47
mbam-log-2011-03-11 (20-08-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|N:\|)
Durchsuchte Objekte: 984028
Laufzeit: 3 Stunde(n), 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\user\AppData\Roaming\mIRC\scripts\userinput.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
k:\@unsortiert\@software\setup.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
k:\dropbox\my dropbox\Public\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.

cosinus 11.03.2011 20:38
Zitat:
k:\@unsortiert\@software\setup.exe
Wasndas?? :confused:

paranetic 11.03.2011 22:31
war aus meinem download-ordner, irgendein programm ;) habs mal vorsichtshalber gelöscht

cosinus 12.03.2011 12:32
Und was für ein Programm was das?

paranetic 13.03.2011 16:31
weiß ich leider nicht mehr, das lagerte einfach als setup.exe im downloadordner, ohne weitere infos

cosinus 13.03.2011 19:06
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\Shell - "" = AutoRun
O33 - MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\Shell - "" = AutoRun
O33 - MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\Shell\AutoRun\command - "" = N:\Setup.EXE
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BE9FEFC
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

paranetic 17.03.2011 09:42
Ist erledigt:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1498e5b9-0921-11e0-95b6-00241dddb090}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1498e5b9-0921-11e0-95b6-00241dddb090}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3022ed3-0a84-11df-b371-00241dddb090}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3022ed3-0a84-11df-b371-00241dddb090}\ not found.
File N:\Setup.EXE not found.
ADS C:\ProgramData\TEMP:9638A27E deleted successfully.
ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.
ADS C:\ProgramData\TEMP:2BE9FEFC deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Arbeit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Daniel
->Temp folder emptied: 23184014 bytes
->Temporary Internet Files folder emptied: 9479904 bytes
->Java cache emptied: 1357422 bytes
->FireFox cache emptied: 71512068 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3635 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5766 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 724351648 bytes
 
Total Files Cleaned = 791.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03172011_093320

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 17.03.2011 09:54
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

paranetic 17.03.2011 10:25
Combofix Logfile:
Code:
ComboFix 11-03-16.03 - xxxxxx 17.03.2011  10:06:38.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4094.2435 [GMT 1:00]
ausgeführt von:: c:\users\xxxxxx\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag on the Web.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Uninstall Auslogics Disk Defrag.lnk
K:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-17 bis 2011-03-17  ))))))))))))))))))))))))))))))
.
.
2011-03-17 08:36 . 2011-03-17 08:36        9310        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-03-17 08:36 . 2011-03-17 08:36        8646        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-03-17 08:36 . 2011-03-17 08:36        8613        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-03-17 08:36 . 2011-03-17 08:36        8288        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-03-17 08:36 . 2011-03-17 08:36        6910        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-03-17 08:36 . 2011-03-17 08:36        6429        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-03-17 08:36 . 2011-03-17 08:36        63115        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-03-17 08:36 . 2011-03-17 08:36        6208        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-03-17 08:36 . 2011-03-17 08:36        5927        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-03-17 08:36 . 2011-03-17 08:36        4599        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-03-17 08:36 . 2011-03-17 08:36        18541        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-03-17 08:36 . 2011-03-17 08:36        1651        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-03-17 08:35 . 2011-03-17 08:35        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-03-17 08:35 . 2011-03-17 08:35        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-03-17 08:35 . 2011-03-17 08:35        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-03-17 08:35 . 2011-03-17 08:35        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-03-17 08:35 . 2011-03-17 08:35        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-03-17 08:12 . 2011-03-17 08:12        16856        ----a-w-        c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-17 08:12 . 2011-03-17 08:12        719832        ----a-w-        c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-16 06:38 . 2011-03-17 08:34        81984        ----a-w-        c:\windows\system32\bdod.bin
2011-03-15 21:37 . 2011-03-15 21:37        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\BitDefender
2011-03-15 21:36 . 2011-03-16 11:01        --------        d-----w-        c:\programdata\BitDefender
2011-03-15 21:36 . 2011-03-15 21:36        --------        d-----w-        c:\program files\Common Files\BitDefender
2011-03-15 21:36 . 2011-03-15 21:36        --------        d-----w-        c:\program files\BitDefender
2011-03-15 21:35 . 2011-03-15 21:35        --------        d-----w-        c:\program files (x86)\Common Files\BitDefender
2011-03-15 16:43 . 2011-03-15 16:43        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\.clamwin
2011-03-15 16:43 . 2011-03-15 16:43        --------        d-----w-        c:\programdata\.clamwin
2011-03-15 16:43 . 2011-03-15 16:43        --------        d-----w-        c:\program files (x86)\ClamWin
2011-03-15 07:49 . 2011-02-11 07:30        7947600        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A61B774A-D000-4BC8-9640-2C3BE8ACD4CE}\mpengine.dll
2011-03-14 13:59 . 2011-03-14 13:59        --------        d-----w-        c:\program files (x86)\ESET
2011-03-14 08:21 . 2011-03-14 08:21        --------        d-----w-        c:\users\xxxxxx\AppData\Local\AMD
2011-03-14 08:21 . 2011-03-14 08:21        --------        d-----w-        c:\programdata\ATI
2011-03-14 08:21 . 2011-03-14 08:21        --------        d-----w-        c:\program files (x86)\ATI Stream
2011-03-14 08:20 . 2011-03-14 08:20        --------        d-----w-        c:\programdata\AMD
2011-03-13 23:35 . 2011-03-13 23:35        388096        ----a-r-        c:\users\xxxxxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-13 23:35 . 2011-03-13 23:35        --------        d-----w-        c:\program files (x86)\hijackthis204
2011-03-13 22:19 . 2011-03-13 22:19        --------        d-----w-        c:\programdata\tmp
2011-03-13 22:19 . 2011-03-13 22:19        --------        d-----w-        c:\programdata\hps
2011-03-13 22:16 . 2011-03-13 22:16        --------        d-----w-        c:\program files (x86)\Müller Foto
2011-03-10 17:26 . 2011-03-10 17:26        --------        d-----w-        c:\program files (x86)\Vim
2011-03-10 06:58 . 2011-01-07 12:17        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-03-10 06:58 . 2011-01-07 12:17        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-03-10 06:58 . 2011-01-07 07:46        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-03-10 06:58 . 2011-01-07 07:46        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-10 06:54 . 2011-03-10 06:54        --------        d-----w-        C:\AULOGS
2011-03-10 06:46 . 2011-03-10 06:46        --------        d-----w-        c:\program files (x86)\Sophos
2011-03-09 16:27 . 2011-03-09 16:27        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\enchant
2011-03-09 16:27 . 2011-03-17 09:01        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\.purple
2011-03-09 16:26 . 2011-03-09 16:27        --------        d-----w-        c:\program files (x86)\Pidgin
2011-02-27 09:23 . 2011-02-27 09:23        --------        d-----w-        c:\windows\system32\SPReview
2011-02-27 08:59 . 2010-11-20 04:00        2560        ----a-w-        c:\windows\system32\drivers\de-DE\rdpwd.sys.mui
2011-02-27 08:59 . 2010-11-20 04:12        7168        ----a-w-        c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2011-02-27 08:59 . 2010-11-20 04:07        3584        ----a-w-        c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2011-02-27 08:58 . 2010-11-20 04:00        4608        ----a-w-        c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2011-02-27 08:58 . 2010-11-20 04:07        2560        ----a-w-        c:\windows\system32\drivers\de-DE\disk.sys.mui
2011-02-27 08:35 . 2010-11-20 04:33        273792        ----a-w-        c:\windows\system32\drivers\msiscsi.sys
2011-02-27 08:34 . 2010-11-20 04:27        1911808        ----a-w-        c:\windows\system32\OpcServices.dll
2011-02-27 08:33 . 2010-11-20 04:25        186368        ----a-w-        c:\windows\system32\ocsetup.exe
2011-02-27 08:32 . 2010-11-20 04:27        126976        ----a-w-        c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-02-26 18:20 . 2011-02-26 18:21        --------        d-----w-        C:\b07f66b3682bb323c8
2011-02-26 17:24 . 2011-02-26 17:24        --------        d-----w-        c:\windows\CheckSur
2011-02-26 16:37 . 2011-02-26 16:37        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\Malwarebytes
2011-02-26 16:36 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-26 16:36 . 2011-02-26 16:36        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-26 16:36 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-02-26 16:36 . 2011-02-26 16:36        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-26 05:17 . 2011-02-26 05:17        --------        d-----w-        C:\9aeab7026ba9d338c60467
2011-02-26 05:07 . 2011-02-26 05:07        --------        d-----w-        c:\windows\system32\EventProviders
2011-02-25 21:57 . 2011-01-17 11:09        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-02-25 21:57 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2011-02-25 21:57 . 2010-11-20 13:26        321024        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-02-25 21:57 . 2010-11-20 12:18        219136        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 12:56 . 2011-01-21 20:38        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2011-03-16 06:37 . 2009-07-22 15:41        154632        ----a-w-        c:\windows\system32\drivers\bdfm.sys
2011-02-27 09:17 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-02-27 09:17 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-02-24 17:23 . 2010-12-21 17:32        3523928        ----a-w-        c:\windows\RXSUnins.exe
2011-02-24 17:23 . 2010-12-21 17:32        3523928        ----a-w-        c:\windows\RXCUnins.exe
2011-02-02 16:11 . 2010-01-26 10:41        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-26 23:37 . 2011-01-26 23:37        9085952        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22        22295040        ----a-w-        c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00        143360        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00        596480        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59        17204736        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2010-08-04 01:54        708608        ----a-w-        c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2011-01-26 22:56        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56        479232        ----a-w-        c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55        203776        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53        16384        ----a-w-        c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49        4105728        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2009-11-25 03:04        4847616        ----a-w-        c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32        1208320        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32        1912832        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32        3222016        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2011-01-26 22:28        4170752        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27        6982144        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25        5580800        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2011-01-26 22:24        3463680        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21        5316096        ----a-w-        c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2010-08-04 01:23        58880        ----a-w-        c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14        354304        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14        249856        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13        14848        ----a-w-        c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        12800        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        299520        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-08-04 01:15        39936        ----a-w-        c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12        30720        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2010-11-26 02:15        38400        ----a-w-        c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2011-01-26 22:12        28672        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08        53760        ----a-w-        c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08        53760        ----a-w-        c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2011-01-21 20:39 . 2011-01-21 20:39        53248        ----a-r-        c:\users\xxxxxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-07 12:14 . 2011-02-11 12:36        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 09:51 . 2011-02-11 12:39        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-01-07 09:20 . 2011-02-11 12:36        366592        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-07 07:45 . 2011-02-11 12:36        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-01-07 06:01 . 2011-02-11 12:39        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-01-07 05:43 . 2011-02-11 12:36        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-01-05 10:34 . 2011-02-11 12:36        612864        ----a-w-        c:\windows\system32\vbscript.dll
2011-01-05 06:56 . 2011-02-11 12:38        3129344        ----a-w-        c:\windows\system32\win32k.sys
2011-01-05 05:55 . 2011-02-11 12:36        428032        ----a-w-        c:\windows\SysWow64\vbscript.dll
2011-01-04 09:38 . 2011-01-04 09:38        4254288        ----a-w-        c:\windows\SysWow64\qtp-mt334.dll
2011-01-04 09:36 . 2011-01-04 09:36        249936        ----a-w-        c:\windows\SysWow64\prgiso.dll
2010-12-21 20:07 . 2010-01-27 08:20        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2010-12-21 20:07 . 2010-01-27 08:20        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2010-12-21 20:07 . 2010-01-27 08:20        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2010-12-21 20:07 . 2010-01-27 08:20        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2010-12-17 11:42 . 2011-02-11 12:36        214016        ----a-w-        c:\windows\system32\winsrv.dll
2010-12-17 11:40 . 2011-02-11 12:38        715776        ----a-w-        c:\windows\system32\kerberos.dll
2010-01-26 18:56 . 2009-11-25 15:39        9311688        ----a-w-        c:\program files (x86)\Foxit Reader.exe
2010-01-25 11:05 . 2010-01-27 07:05        6578176        ----a-w-        c:\program files (x86)\2009Decoder.exe
2009-08-05 12:24 . 2010-01-26 14:28        472592        ----a-w-        c:\program files (x86)\Core Temp.exe
2010-06-09 13:46 . 2010-06-09 13:46        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 03:20        442880        ----a-w-        c:\windows\System32\ntshrui.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
.
c:\users\Arbeit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TV-Browser.url [2010-9-16 178]
.
c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]
R3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys [x]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]
R3 ALSysIO;ALSysIO;c:\users\xxxxxx\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]
R3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [x]
R3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]
R3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]
R3 cpuz130;cpuz130;c:\users\xxxxxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]
R3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]
R3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]
R3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys [x]
R3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\20B3.tmp [x]
R3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys [x]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]
R3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys [x]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]
R3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PerfHost;Leistungsindikator-DLL-Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [x]
R3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys [x]
R3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Konfiguration für Remotedesktops;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]
R3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys [x]
R3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]
R3 StorSvc;Speicherdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [x]
R3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe [x]
R3 uliagpkx;Uli AGP-Bus-Filter;c:\windows\system32\drivers\uliagpkx.sys [x]
R3 UmRdpService;Anschlussumleitung für Remotedesktopdienst im Benutzermodus;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]
R3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [x]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x]
R3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\System32\drivers\vwifibus.sys [x]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wbengine;Blockebenen-Sicherungsmodul;c:\windows\system32\wbengine.exe [x]
R3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x]
R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-09 30192]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]
S0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\System32\CLFS.sys [x]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]
S0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\System32\DRIVERS\fvevol.sys [x]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x]
S0 spldr;Security Processor Loader Driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 storflt;Filtertreiber zur Busbeschleunigung für den Datenträger des virtuellen Computers;c:\windows\system32\drivers\vmstorfl.sys [x]
S0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys [x]
S0 vmbus;Bus des virtuellen Computers;c:\windows\system32\drivers\vmbus.sys [x]
S0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys [x]
S0 volmgrx;Dynamischer Volume-Manager;c:\windows\System32\drivers\volmgrx.sys [x]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x]
S1 CSC;Treiber für Offlinedateien;c:\windows\system32\drivers\csc.sys [x]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x]
S1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys [x]
S1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys [x]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-10 135336]
S2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 CscService;Offlinedateien;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x]
S2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [x]
S2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x]
S2 Power;Stromversorgung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [2011-02-28 3577688]
S2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x]
S2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]
S3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [x]
S3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys [x]
S3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys [x]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x]
S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe [x]
S3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys [x]
S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [x]
S3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x]
S3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x]
S3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [x]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x]
S3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys [x]
S3 umbus;UMBusenumerator-Treiber;c:\windows\system32\drivers\umbus.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe [2009-07-14 27136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch        REG_MULTI_SZ          Power PlugPlay DcomLaunch
wcssvc        REG_MULTI_SZ          WcsPlugInService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalServiceNetworkRestricted
BthHFSrv
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02        114688        ----a-w-        c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 18:24]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 18:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 04:27        509952        ----a-w-        c:\windows\System32\ntshrui.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2010-12-14 53760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 982528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
homegrouplistener
StorSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MI068C~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\xxxxxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\windows\system32\RSLSP.dll
FF - ProfilePath - c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9r1vxee.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de&source=iglk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM_Wow6432Node-ActiveSetup-Nitro PDF Professional - (no file)
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-QIP 2005 - c:\program files (x86)\QIP\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\20B3.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-17  10:20:41
ComboFix-quarantined-files.txt  2011-03-17 09:20
.
Vor Suchlauf: 23 Verzeichnis(se), 22.954.438.656 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 23.320.522.752 Bytes frei
.
- - End Of File - - 92BA1360E56E2BEDAC623DA2E5B56B37
--- --- ---

cosinus 17.03.2011 11:37
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:57 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131