Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Probleme nach Virensann mit Malwarebytes (https://www.trojaner-board.de/98180-probleme-virensann-malwarebytes.html)

cosinus 02.05.2011 11:14
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Flitzer8 04.05.2011 20:16
Combofix Logfile:
Code:
ComboFix 11-05-03.08 - Simon 04.05.2011  21:00:24.2.4 - x64
ausgeführt von:: c:\users\Simon\Desktop\CoFi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 19:06 . 2011-05-04 19:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-04 18:49 . 2011-05-04 18:49        --------        d-----w-        c:\program files\CCleaner
2011-05-04 18:19 . 2011-05-04 18:36        --------        d-----w-        C:\CoFi.exe
2011-05-04 17:36 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BBCC92D-EF75-485F-8258-3BAAEC2FC3CE}\mpengine.dll
2011-04-30 08:56 . 2011-04-30 08:56        --------        d-----w-        C:\_OTL
2011-04-27 14:37 . 2011-04-27 14:37        1186056        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 11:26 . 2011-03-03 15:06        32256        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 11:26 . 2011-03-03 13:25        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\users\Simon\AppData\Roaming\Malwarebytes
2011-04-26 10:42 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-26 10:42 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-18 18:14 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-18 17:55 . 2011-02-16 15:29        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-04-18 17:55 . 2011-02-16 15:36        48128        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:44        367616        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-18 17:55 . 2011-03-10 16:12        1161728        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:12        1136640        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-04-18 17:55 . 2011-03-10 16:30        1360384        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:30        1398784        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-16 10:17 . 2011-03-02 15:10        117760        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-16 10:17 . 2009-05-04 10:38        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-04-16 10:17 . 2009-05-04 10:11        25088        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-04-07 21:55 . 2011-04-07 21:56        --------        d-----w-        c:\users\Simon\AppData\Roaming\dvdcss
2011-04-07 21:46 . 2011-04-25 18:57        --------        d-----r-        c:\users\Simon\Dropbox
2011-04-07 21:42 . 2011-04-25 18:57        --------        d-----w-        c:\users\Simon\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:06 . 2011-04-27 11:26        100352        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-04-27 11:26        331776        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-04-27 11:26        281600        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56 . 2011-04-27 11:26        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 11:26        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 11:26        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-27 11:26        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-05-04_18.30.06  )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-06 18:15 . 2011-05-04 17:18        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-06 18:15 . 2011-05-04 18:49        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-06 18:15 . 2011-05-04 17:18        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 18:15 . 2011-05-04 18:49        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 18:15 . 2011-05-04 18:49        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-06 18:15 . 2011-05-04 17:18        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2009-9-7 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
R2 gupdate1ca72baeaac123f;Google Update Service (gupdate1ca72baeaac123f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R2 HssWd;Hotspot Shield Monitoring Service;m:\youtube_view_us\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R3 UXDCMN;UXDCMN;I:\UXDCMN.SYS [x]
R3 uxddrv;Dynamically loaded UxdDrv;I:\uxddrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 823288]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-03-05 46112]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-03-04 94240]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-03-04 38432]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
m:\youtube_view_us\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 15940640]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
IE: Free YouTube to Mp3 Converter - c:\users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2011-05-04  21:08:59
ComboFix-quarantined-files.txt  2011-05-04 19:08
ComboFix2.txt  2011-05-04 18:36
.
Vor Suchlauf: 15 Verzeichnis(se), 127.440.916.480 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 131.640.299.520 Bytes frei
.
- - End Of File - - 472BBCAE47E824C1F8C7FF7B3F279D14
--- --- ---

cosinus 05.05.2011 09:38
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
c:\program files\CheckPoint

Driver::
UXDCMN
ISWKL
IswSvc
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Flitzer8 05.05.2011 18:01
Combofix Logfile:
Code:
ComboFix 11-05-03.08 - Simon 05.05.2011  18:35:02.3.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.4093.2680 [GMT 2:00]
ausgeführt von:: c:\users\Simon\Desktop\CoFi.exe.exe
Benutzte Befehlsschalter :: c:\users\Simon\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CheckPoint
c:\program files\CheckPoint\ZAForceField\akxcpt.ini
c:\program files\CheckPoint\ZAForceField\CFG\Heuristics.xml
c:\program files\CheckPoint\ZAForceField\CFG\Normal.xml
c:\program files\CheckPoint\ZAForceField\CFG\Privacy.xml
c:\program files\CheckPoint\ZAForceField\Clean_tool.exe
c:\program files\CheckPoint\ZAForceField\CPLic.dll
c:\program files\CheckPoint\ZAForceField\ForceField.exe
c:\program files\CheckPoint\ZAForceField\ForceField64.xml
c:\program files\CheckPoint\ZAForceField\GUI\FileSaveRunProtectionGreenTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiAbout.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiAdvancedPanelHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiAKFalsePosHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiClearVfsHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiConfirmClose.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpMinimal.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpPostpone.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpProgress.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpSelect.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiEmailConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFFConfirmClose.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFFXpiHelpTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFFXpiInstallConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileAccessConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunConfirmBad.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunConfirmWarn.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunProtection.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFirstRun.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiHeuristicsInfoHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdate.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdateRestartSystemConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdateShutdownConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswFlushConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswShutdownConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicDaysLeftPanel.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyAcceptedNeedNoRestart.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyAcceptedNeedRestart.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyEnter.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyExpired.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyPirated.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyServerCheck.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyServerSyncFailed.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyUnexpectedError.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyWhereToFind.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicServerTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiManAdvanced.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiManBase.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiManGeneral.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiPrivateBrowserAlert.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiProtectionSummaryTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSbStatistics.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiScanResultDetailsHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSearchConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSendURLConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSettingsTakeEffectConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiShutdownConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSiteInfo.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSplash.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSubscription.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiTheme.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUnsignedHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUnvirtualizedWindowsUpdateConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUrlAccess.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUrlProgress.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiViewIswComponentsVersion.xml
c:\program files\CheckPoint\ZAForceField\GUI\HtmlPages\goback.html
c:\program files\CheckPoint\ZAForceField\GUI\HtmlPages\logo.bmp
c:\program files\CheckPoint\ZAForceField\GUI\TCPhishingHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\TcSiteRedirectWarning.xml
c:\program files\CheckPoint\ZAForceField\GUI\TCSuspiciousAlert.xml
c:\program files\CheckPoint\ZAForceField\GUI\TCUnsafeAlertHeuristics.xml
c:\program files\CheckPoint\ZAForceField\GUI\TCUnsafeAlertRed.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarNormalModeNormalView.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarNormalModeShortView.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarPrivacyModeNormalView.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarPrivacyModeShortView.xml
c:\program files\CheckPoint\ZAForceField\GUI\tooltip_protection.xml
c:\program files\CheckPoint\ZAForceField\GUI\tooltip_status.xml
c:\program files\CheckPoint\ZAForceField\injectxcpt.ini
c:\program files\CheckPoint\ZAForceField\install.log
c:\program files\CheckPoint\ZAForceField\ISW_no_shext.xml
c:\program files\CheckPoint\ZAForceField\ISWAPPCOMPAT.xml
c:\program files\CheckPoint\ZAForceField\ISWCOMMON.xml
c:\program files\CheckPoint\ZAForceField\ISWDLG.dll
c:\program files\CheckPoint\ZAForceField\ISWKL.sys
c:\program files\CheckPoint\ZAForceField\ISWLDR.dat
c:\program files\CheckPoint\ZAForceField\ISWLDRC.dat
c:\program files\CheckPoint\ZAForceField\ISWPOL.xml
c:\program files\CheckPoint\ZAForceField\ISWPOLFLUSH.xml
c:\program files\CheckPoint\ZAForceField\iswrcs.dll
c:\program files\CheckPoint\ZAForceField\ISWSVC.exe
c:\program files\CheckPoint\ZAForceField\IswSvcPreload.txt
c:\program files\CheckPoint\ZAForceField\ISWUILib.dll
c:\program files\CheckPoint\ZAForceField\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\ISWVEXTCU.ini
c:\program files\CheckPoint\ZAForceField\ISWWOW64.dll
c:\program files\CheckPoint\ZAForceField\license.txt
c:\program files\CheckPoint\ZAForceField\NormalNonVirtual.xml
c:\program files\CheckPoint\ZAForceField\NormalVirtual.xml
c:\program files\CheckPoint\ZAForceField\Plugins\icsscan.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWUPDE.exe
c:\program files\CheckPoint\ZAForceField\Plugins\plugins.txt
c:\program files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll
c:\program files\CheckPoint\ZAForceField\Plugins\updating.dll
c:\program files\CheckPoint\ZAForceField\README.txt
c:\program files\CheckPoint\ZAForceField\svcreg.cmd
c:\program files\CheckPoint\ZAForceField\TBI.exe
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\AltFFApi.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\liblua.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\libtextcat.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\PageBlocked.html
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\samplesites.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\TCData.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\TrustChecker.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\Search\Ask.ico
c:\program files\CheckPoint\ZAForceField\Trustchecker\Search\askcom.xml
c:\program files\CheckPoint\ZAForceField\Trustchecker\tcgt.cache
c:\program files\CheckPoint\ZAForceField\Uninstall.exe
c:\program files\CheckPoint\ZAForceField\Updates\LocalCatalog.xml
c:\program files\CheckPoint\ZAForceField\WOW64\CPLic.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWDLG.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWLDR.dat
c:\program files\CheckPoint\ZAForceField\WOW64\ISWLDRC.dat
c:\program files\CheckPoint\ZAForceField\WOW64\iswrcs.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWUILib.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWUL_MIN\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWDMP.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWFWMON.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWUPD.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWVEXT.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\updating.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustChecker.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome.manifest
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome\mozilladownload.jar
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome\trustchecker.jar
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\nsITCPlugins.xpt
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\nsITrustCheckerMozilla.xpt
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\install.rdf
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\update_1.5.232.0.rdf
c:\program files\CheckPoint\ZAForceField\ZAFFDiag.exe
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_dark_mainnav_level2_standardpage_long[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_mainnav_level2_separator[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_standardpage_bottom[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\buttons-sprite[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\footer-links-bg[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbar_32_73DD003E17144CAC.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbar_32_E857042E7D2E74E0.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarDynamic_mui_de_09C19AB1E0C43781.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarDynamic_mui_de_D7CFBCF21E80E850.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarUser_64_BADB6DECFC517831.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarUser_64_BCA4B64C7F249C8F.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\gradient-box-bg[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\KievitWeb-Bold[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\KievitWeb-BoldIta[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\link-arrows[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\support-overview[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\tab_active_right[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\74372433[1].txt
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_directsearch[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_mainnav_level2_separator_active_right[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_mainnav_level3_separator[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_pagination[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_standardpage_top[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\fastsearch_B7C5AC242193BB3E.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\flags[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\footer-links-corners[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarDynamic_32_D5B8545F3CFB02D4.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarDynamic_32_E0B3D00E06C2FA01.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarManager_0E996B068B56FCA2.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarManager_E582EA556D8DE101.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\KievitWeb-BookIta[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\new-logo[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\SearchWithGoogleUpdate_C5C67DF5D46FB314.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_dropdown_arrow_grey[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_mainnav_level3[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_standardpage_middle[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\box-rounded-corners-with-border-sprite[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ga[1].js
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbar_64_18A9496A32B30FED.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbar_64_41D8280252A4200C.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbarDynamic_mui_en_9655453EC427A513.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleUpdaterService_5898FABCFA121C11.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\icon-set[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\icon_set-bedrohung[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\KievitWeb-Book[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\magnifier[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\SearchWithGoogleUpdate_C58171F2E8870EA4.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\tab_active_left[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\825f9a34fd269d998957b92c2f529387[1].js
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_mainnav_level2_separator_active[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_round_corners_transparent[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_standardpage_body[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\col-border[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\f0e84f682515e9f48fcf44828fe81cf9[1].css
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\f33bd0e0f2522151d82152233d1876d5[1].js
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\footernav-seperator[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleCld_3F6C343113693CD9.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleCld_AE2927CDD77381B4.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarDynamic_64_3A8A20607C96A7B3.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarDynamic_64_7B73A586FAD2C6CD.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarUser_32_1D643E0FC0BE74CC.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarUser_32_AE9B99EC70822BD0.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\mainnav_bg[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\red-stripe-gradient[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\simon@avira[2].txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\simon@www.avira[2].txt
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ISWKL
-------\Service_ISWKL
-------\Service_IswSvc
-------\Service_UXDCMN
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-05 bis 2011-05-05  ))))))))))))))))))))))))))))))
.
.
2011-05-05 16:41 . 2011-05-05 16:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-04 18:49 . 2011-05-04 18:49        --------        d-----w-        c:\program files\CCleaner
2011-05-04 18:19 . 2011-05-04 18:36        --------        d-----w-        C:\CoFi.exe
2011-05-04 17:36 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BBCC92D-EF75-485F-8258-3BAAEC2FC3CE}\mpengine.dll
2011-04-30 08:56 . 2011-04-30 08:56        --------        d-----w-        C:\_OTL
2011-04-27 14:37 . 2011-04-27 14:37        1186056        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 11:26 . 2011-03-03 15:06        32256        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 11:26 . 2011-03-03 13:25        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\users\Simon\AppData\Roaming\Malwarebytes
2011-04-26 10:42 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-26 10:42 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-18 18:14 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-18 17:55 . 2011-02-16 15:29        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-04-18 17:55 . 2011-02-16 15:36        48128        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:44        367616        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-18 17:55 . 2011-03-10 16:12        1161728        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:12        1136640        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-04-18 17:55 . 2011-03-10 16:30        1360384        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:30        1398784        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-16 10:17 . 2011-03-02 15:10        117760        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-16 10:17 . 2009-05-04 10:38        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-04-16 10:17 . 2009-05-04 10:11        25088        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-04-07 21:55 . 2011-04-07 21:56        --------        d-----w-        c:\users\Simon\AppData\Roaming\dvdcss
2011-04-07 21:46 . 2011-05-05 16:09        --------        d-----r-        c:\users\Simon\Dropbox
2011-04-07 21:42 . 2011-05-05 16:09        --------        d-----w-        c:\users\Simon\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:06 . 2011-04-27 11:26        100352        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-04-27 11:26        331776        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-04-27 11:26        281600        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56 . 2011-04-27 11:26        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 11:26        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 11:26        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-27 11:26        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-05-04_18.30.06  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-05-04 17:16        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-05-05 16:43        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-05-05 16:43        81920              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-05-04 17:16        81920              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-05-05 16:43        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-05-04 17:16        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-05-05 16:10        56868              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-05-05 16:10        83566              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-09-06 18:19 . 2011-05-04 17:17        16702              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1332130780-3182642251-3336314582-1000_UserData.bin
+ 2009-09-06 18:19 . 2011-05-05 16:10        16702              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1332130780-3182642251-3336314582-1000_UserData.bin
+ 2009-11-26 09:07 . 2011-05-05 16:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 09:07 . 2011-05-04 17:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 09:07 . 2011-05-05 16:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 09:07 . 2011-05-04 17:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-04 17:14 . 2011-05-04 17:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-05 16:43 . 2011-05-05 16:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-04 17:14 . 2011-05-04 17:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-05 16:43 . 2011-05-05 16:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2011-05-05 16:13        595620              c:\windows\system32\perfh009.dat
- 2008-01-21 11:09 . 2011-05-04 17:20        628504              c:\windows\system32\perfh007.dat
+ 2008-01-21 11:09 . 2011-05-05 16:13        628504              c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2011-05-05 16:13        103694              c:\windows\system32\perfc009.dat
- 2008-01-21 11:09 . 2011-05-04 17:20        126248              c:\windows\system32\perfc007.dat
+ 2008-01-21 11:09 . 2011-05-05 16:13        126248              c:\windows\system32\perfc007.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2009-9-7 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca72baeaac123f;Google Update Service (gupdate1ca72baeaac123f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R3 uxddrv;Dynamically loaded UxdDrv;I:\uxddrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
S2 HssWd;Hotspot Shield Monitoring Service;m:\youtube_view_us\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-03-05 46112]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-03-04 94240]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-03-04 38432]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
m:\youtube_view_us\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi.exe9375c\CF18603.cfxxe" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 15940640]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
IE: Free YouTube to Mp3 Converter - c:\users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\system32\HidService.exe
m:\youtube_view_us\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-05  18:52:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-05 16:52
ComboFix2.txt  2011-05-04 19:08
ComboFix3.txt  2011-05-04 18:36
.
Vor Suchlauf: 15 Verzeichnis(se), 131.874.304.000 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 131.365.056.512 Bytes frei
.
- - End Of File - - AEB06116383A55F0C33BBE275BEA7337
--- --- ---

cosinus 05.05.2011 19:28
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Flitzer8 05.05.2011 21:08
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: IMEDIA X4614 GE
Logical Drives Mask: 0x000016fe

Kernel Drivers (total 146):
0x0261F000 \SystemRoot\system32\ntoskrnl.exe
0x02B37000 \SystemRoot\system32\hal.dll
0x0060A000 \SystemRoot\system32\kdcom.dll
0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00641000 \SystemRoot\system32\PSHED.dll
0x00655000 \SystemRoot\system32\CLFS.SYS
0x006B2000 \SystemRoot\system32\CI.dll
0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E9000 \SystemRoot\system32\drivers\acpi.sys
0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00948000 \SystemRoot\system32\drivers\msisadrv.sys
0x00952000 \SystemRoot\system32\drivers\pci.sys
0x00982000 \SystemRoot\System32\drivers\partmgr.sys
0x00997000 \SystemRoot\system32\drivers\volmgr.sys
0x00764000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AB000 \SystemRoot\system32\drivers\pciide.sys
0x009B2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C2000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D5000 \SystemRoot\system32\drivers\atapi.sys
0x007CA000 \SystemRoot\system32\drivers\ataport.SYS
0x009DD000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x00A0D000 \SystemRoot\system32\DRIVERS\storport.sys
0x00A6A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AB0000 \SystemRoot\system32\drivers\fileinfo.sys
0x00AC4000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00AD1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C03000 \SystemRoot\system32\drivers\ndis.sys
0x00B58000 \SystemRoot\system32\drivers\msrpc.sys
0x00BA8000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0E000 \SystemRoot\System32\drivers\tcpip.sys
0x00F80000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01003000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01187000 \SystemRoot\system32\drivers\volsnap.sys
0x011CB000 \SystemRoot\System32\Drivers\spldr.sys
0x011D3000 \SystemRoot\System32\Drivers\mup.sys
0x00FAC000 \SystemRoot\System32\drivers\ecache.sys
0x011E5000 \SystemRoot\system32\drivers\disk.sys
0x00DC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FD8000 \SystemRoot\system32\drivers\crcdisk.sys
0x02A32000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02A3B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02A64000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02A70000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02A7E000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02A89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02ACF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02AE0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02AF3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02B05000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0350E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x035ED000 \SystemRoot\System32\drivers\watchdog.sys
0x02B15000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x02B1E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03609000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03771000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0377A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x037B2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x037BF000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x037D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02B3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02B46000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02B77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02B87000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02BBD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03807000 \SystemRoot\system32\DRIVERS\ks.sys
0x0383B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03846000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03856000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0389D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E0B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03F69000 \SystemRoot\system32\drivers\portcls.sys
0x03FA4000 \SystemRoot\system32\drivers\drmk.sys
0x03FC7000 \SystemRoot\system32\drivers\ksthunk.sys
0x03FCD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03FD7000 \SystemRoot\System32\Drivers\Null.SYS
0x03FEA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03FF2000 \SystemRoot\System32\drivers\vga.sys
0x038B1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03E00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03FE0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x038D6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x038E1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x038F2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x038FB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03918000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03E09000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03934000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0393F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0394F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03964000 \SystemRoot\System32\Drivers\RTL2832UUSB.sys
0x03971000 \SystemRoot\system32\drivers\RTL2832UBDA.sys
0x03987000 \SystemRoot\system32\drivers\BdaSup.SYS
0x0398B000 \SystemRoot\system32\DRIVERS\RTL2832U_IRHID.sys
0x03995000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x039A7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03C07000 \SystemRoot\system32\DRIVERS\fwlanusbn.sys
0x03C8E000 \SystemRoot\system32\DRIVERS\smb.sys
0x03CA9000 \SystemRoot\system32\drivers\afd.sys
0x03D16000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D5A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D78000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D87000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DA2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03DF0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x039B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x039CE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x039F0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02BCF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x02BD9000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x02A00000 \SystemRoot\System32\drivers\Dxapi.sys
0x02A0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x0760A000 \SystemRoot\system32\drivers\luafv.sys
0x0762C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x07649000 \SystemRoot\system32\drivers\spsys.sys
0x076E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x076F7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0772B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07736000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0774E000 \SystemRoot\system32\drivers\HTTP.sys
0x0860A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08633000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08651000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0866B000 \SystemRoot\system32\drivers\mrxdav.sys
0x08692000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x086BB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08704000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08723000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08755000 \SystemRoot\System32\DRIVERS\srv.sys
0x09205000 \SystemRoot\system32\drivers\peauth.sys
0x092BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x092C6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x092D5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x092F5000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0930B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x09327000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x0932F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x778E0000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
556 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\winlogon.exe
900 C:\Windows\System32\nvvsvc.exe
932 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
132 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\audiodg.exe
604 C:\Windows\System32\svchost.exe
628 C:\Windows\System32\SLsvc.exe
916 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\rundll32.exe
1476 C:\Windows\System32\spoolsv.exe
1520 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1572 C:\Windows\System32\svchost.exe
1916 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1928 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1996 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2040 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
1124 C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
1988 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2076 C:\Windows\SysWOW64\svchost.exe
2104 C:\Windows\System32\HidService.exe
2172 M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe
2192 M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe
2208 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2256 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2328 C:\Windows\SysWOW64\IoctlSvc.exe
2348 C:\Windows\System32\svchost.exe
2396 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\svchost.exe
2516 C:\Windows\System32\SearchIndexer.exe
2664 WUDFHost.exe
1592 C:\Windows\System32\taskeng.exe
3712 C:\Program Files\Windows Media Player\wmpnetwk.exe
3356 C:\Windows\System32\taskeng.exe
1772 C:\Windows\System32\dwm.exe
3364 C:\Windows\explorer.exe
1036 C:\Windows\System32\conime.exe
2056 C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
3656 C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
3280 C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
1320 C:\Program Files\Windows Media Player\wmpnscfg.exe
3816 C:\Windows\System32\wuauclt.exe
3284 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3244 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3664 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
1376 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
2764 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
964 C:\Windows\splwow64.exe
3920 C:\Windows\System32\SearchProtocolHost.exe
4380 C:\Windows\System32\SearchFilterHost.exe
3700 dllhost.exe
1664 dllhost.exe
4584 C:\Users\Simon\Desktop\MBRCheck.exe

\\.\B: --> \\.\PhysicalDrive0 at offset 0x00000058`01f00000 (NTFS)
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x0000004f`b5000000 (NTFS)

PhysicalDrive0 Model Number: ST3640623AS, Rev: SD43

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Kurze Zwischenfrage: Muss ich noch viele solcher Scanns machen?;)

cosinus 06.05.2011 08:47
Zitat:
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Windows7 installiert? Win7-DVD 64-Bit zur Hand?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 64-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Win7-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Flitzer8 06.05.2011 15:54
Hallo,

das ist mir langsam etwas zu heikel.
Gibt es auch noch andere Möglichkeiten?
Ist es schlimm, dass MBR nicht geht?

Grüße,

Simon

p.s.: ich habe windows vista und würde ungern alles neu aufbauen und strukturieren.

cosinus 06.05.2011 18:08
Wenn der MBR erfolgreich neu geschrieben wurde, gibt es weder Datenverlust noch Änderungen an den Partitionen noch sonst etwas.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:28 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27