Trojaner-Board
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   C:\Windows\System32\services.exe Infiziert! (https://www.trojaner-board.de/135366-c-windows-system32-services-exe-infiziert.html)

smeenk 23.05.2013 19:17
Keine Problem, schauen wir dann weiter :)

Florian_Ice 24.05.2013 14:11
Tut mir leid ich bin gerade erst nach hause gekommen.

Also der Vorgang ist abgeschlossen und es hat soweit alles Problemlos funktioniert.

Aber dabei sollte ich vielleicht noch erwähnen, dass das Hochfahren sehr lange gedauert hat

und dass der explorer nach dem Hochfahren ein paar Minuten lang nicht reagiert hat und die

Desktop Symbole auch erst nach ein paar Minuten erschienen sind.

Brauchen sie irgendwelche Logs ?

smeenk 24.05.2013 14:47
Es ist möglich dass auf der hintergrund noch einiges von Windows Repair aktiv war beim Hochfahren und es darum lange gedauert hat ;)

Erstelle eine Farbar Services Scanner Log-Datei und poste mir diese Log? :)

Florian_Ice 24.05.2013 14:50
Code:
Farbar Service Scanner Version: 14-04-2013
Ran by IceShock (administrator) on 24-05-2013 at 15:49:32
Running from "C:\Users\IceShock\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

smeenk 24.05.2013 15:44
Downloade Dir untenstehende Reg-Datei:

http://download.bleepingcomputer.com...aredAccess.reg

DoppelKlicken und Änderungen ermöglichen.

Rechner nachher neustarten.

Erneut eine Farbar Service Scanner Log-Datei erstellen und posten :)

Florian_Ice 24.05.2013 15:52
Bitteschön

Code:
Farbar Service Scanner Version: 14-04-2013
Ran by IceShock (administrator) on 24-05-2013 at 16:51:40
Running from "C:\Users\IceShock\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

smeenk 24.05.2013 16:06
Liste der Anhänge anzeigen (Anzahl: 1)
Downloade Dir untenstehende Reg-Datei:

http://download.bleepingcomputer.com...ces/7/BITS.reg
http://download.bleepingcomputer.com.../WinDefend.reg

Und auch diese Anhang: fix.reg

DoppelKlicken und Änderungen ermöglichen.

Rechner nachher neustarten.

Erneut eine Farbar Service Scanner Log-Datei erstellen und posten :)

Florian_Ice 24.05.2013 16:09
Ich kann mir fix.reg nicht runterladen ! Da steht dann "Ungültige Angabe : Anhang"

smeenk 24.05.2013 16:12
Bei mir geht es ohne Probleme, versuch es noch ein mal :)

Florian_Ice 24.05.2013 16:12
Ah jetzt auf einmal ^^

Hier das Log
Code:
Farbar Service Scanner Version: 14-04-2013
Ran by IceShock (administrator) on 24-05-2013 at 17:17:06
Running from "C:\Users\IceShock\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

smeenk 24.05.2013 18:51
Irgendwie klappt es noch nicht :)

Downloade diese Tool: http://www.hijackthis.nl/smeenk/Tools/EnableCMD.exe
Rechtsklicke EnableCMD.exe und wähle ausführen als administrator

Wenn es diese Meldung gibt:
http://home.kpn.nl/stefsmeenk/Enable.../enablecmd.gif
Dann würde etwas Repariert ;)


Kannst Du diese Tool nochmals ein versuch geben?


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    emptyclsid;
    chromelook;
    autoclean;
    startupall;
    filesrcm;
    firefoxlook;
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Wenn es nicht klappt bitte melden :)

Florian_Ice 24.05.2013 20:57
Ok habe es nochmal versucht, aber weder bei dem einen, noch bei dem Tool passiert irgendetwas. Ich weiß echt nicht woran es liegt.
Virenprogramme sind alle deaktiviert und habe es als Admin ausgeführt.
Habe zoek.exe nun gefühlte 20 mal gestartet und danach mehrere Minuten abgewartet.

smeenk 24.05.2013 21:14
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Florian_Ice 24.05.2013 21:48
So hier ist das Log
Code:
ComboFix 13-05-24.01 - IceShock 24.05.2013  22:37:53.2.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8173.6204 [GMT 2:00]
ausgeführt von:: c:\users\IceShock\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\IceShock\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-24 bis 2013-05-24  ))))))))))))))))))))))))))))))
.
.
2013-05-24 20:46 . 2013-05-24 20:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-24 13:02 . 2013-05-24 13:10        --------        d-----w-        c:\windows\system32\catroot2
2013-05-23 18:17 . 2013-05-23 18:19        --------        d-----w-        c:\windows\SysWow64\wbem\Performance
2013-05-23 16:53 . 2013-01-06 20:24        127488        ----a-w-        c:\windows\system32\ff_vfw.dll
2013-05-23 16:53 . 2013-05-23 16:53        --------        d-----w-        c:\program files\ffdshow
2013-05-23 16:25 . 2013-05-23 16:25        --------        d-----w-        C:\RegBackup
2013-05-23 15:58 . 2013-05-23 18:21        181064        ----a-w-        c:\windows\PSEXESVC.EXE
2013-05-23 12:57 . 2013-05-23 12:57        121        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-05-23 12:39 . 2013-05-23 12:39        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Malwarebytes
2013-05-23 12:39 . 2013-05-23 12:39        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-23 12:39 . 2013-05-23 12:39        --------        d-----w-        c:\programdata\Malwarebytes
2013-05-23 12:39 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-05-23 11:39 . 2013-05-23 11:39        --------        d-----w-        C:\TDSSKiller_Quarantine
2013-05-22 17:28 . 2013-05-22 17:28        --------        d-----w-        c:\users\IceShock\AppData\Local\Diagnostics
2013-05-22 17:15 . 2013-05-22 17:15        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2013-05-22 14:15 . 2013-05-22 14:15        --------        d-----w-        c:\programdata\Kaspersky Lab
2013-05-22 14:15 . 2013-05-22 14:15        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2013-05-22 13:02 . 2013-05-22 13:35        --------        d-----w-        C:\OutputFolder
2013-05-22 13:02 . 2013-05-22 13:28        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Digiarty
2013-05-22 13:01 . 2013-05-22 13:28        --------        d-----w-        c:\program files (x86)\Digiarty
2013-05-22 11:40 . 2013-05-22 11:47        --------        d-----w-        c:\program files (x86)\Lucius
2013-05-21 16:39 . 2013-05-21 16:39        --------        d-----w-        c:\program files (x86)\EA Games
2013-05-16 13:13 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 16:21 . 2013-05-15 16:46        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Audacity
2013-05-15 16:21 . 2013-05-15 16:21        --------        d-----w-        c:\program files (x86)\Audacity
2013-05-15 16:18 . 2013-05-15 16:18        --------        d-----w-        c:\programdata\YTD Video Downloader
2013-05-15 16:18 . 2013-05-15 16:18        --------        d-----w-        c:\program files (x86)\GreenTree Applications
2013-05-14 10:58 . 2013-05-14 10:58        971680        ----a-w-        c:\windows\system32\deployJava1.dll
2013-05-14 10:58 . 2013-05-14 10:58        311200        ----a-w-        c:\windows\system32\javaws.exe
2013-05-14 10:58 . 2013-05-14 10:58        1092512        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-05-14 10:58 . 2013-05-14 10:58        108448        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-14 10:58 . 2013-05-14 10:58        188832        ----a-w-        c:\windows\system32\javaw.exe
2013-05-14 10:58 . 2013-05-14 10:58        188320        ----a-w-        c:\windows\system32\java.exe
2013-05-14 10:57 . 2013-05-14 10:57        --------        d-----w-        c:\program files\Java
2013-05-13 18:07 . 2013-05-13 18:07        --------        d-----w-        c:\users\IceShock\AppData\Local\Realmware
2013-05-13 18:07 . 2013-05-13 18:07        --------        d-----w-        c:\program files\Realmware
2013-05-12 10:04 . 2013-05-19 13:01        --------        d-----w-        c:\users\IceShock\AppData\Roaming\.minecraft
2013-05-10 15:54 . 2013-05-10 15:54        --------        d-----w-        c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-05-10 15:54 . 2013-05-10 15:54        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-10 13:25 . 2013-05-10 13:25        --------        d-----w-        c:\program files (x86)\Winamp Detect
2013-05-10 13:24 . 2013-05-10 13:24        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine
2013-05-10 13:24 . 2013-05-20 09:53        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Winamp
2013-05-10 13:24 . 2013-05-10 13:26        --------        d-----w-        c:\program files (x86)\Winamp
2013-05-10 13:21 . 2013-05-10 13:21        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Meine Traffic
2013-05-10 13:21 . 2010-06-01 12:30        331136        ----a-w-        c:\windows\MTrUn.EXE
2013-05-10 13:21 . 2013-05-10 13:21        --------        d-----w-        c:\program files (x86)\MT
2013-05-10 11:17 . 2013-05-10 11:17        --------        d-----w-        c:\programdata\LogiShrd
2013-05-10 11:15 . 2013-05-10 11:15        --------        d-----w-        c:\users\IceShock\AppData\Local\Logitech
2013-05-10 11:15 . 2013-05-10 11:15        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Leadertech
2013-05-10 11:14 . 2013-05-10 11:15        --------        d-----w-        c:\program files\Logitech Gaming Software
2013-05-10 11:13 . 2013-05-10 11:13        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Logitech
2013-05-10 11:13 . 2013-05-10 11:13        --------        d-----w-        c:\users\IceShock\AppData\Roaming\Logishrd
2013-05-09 18:10 . 2013-05-09 18:12        --------        d-----w-        C:\Twixtor5AE
2013-05-09 13:27 . 2013-05-09 13:45        --------        d-----w-        c:\programdata\PopCap Games
2013-05-06 16:13 . 2013-05-06 16:13        --------        d-----w-        c:\program files\Common Files\OFX
2013-05-03 16:15 . 2013-05-03 16:15        --------        d-----w-        c:\users\IceShock\AppData\Local\SmartTechnology
2013-05-03 15:45 . 2013-05-03 15:45        --------        d-----w-        c:\programdata\SmartTechnology
2013-05-03 15:45 . 2013-05-03 15:45        --------        d-----w-        c:\program files\SmartTechnology
2013-05-03 15:38 . 2013-05-03 15:38        --------        d-----w-        c:\programdata\Sentinel
2013-05-03 15:38 . 2013-05-03 15:38        --------        d-----w-        c:\program files (x86)\Mad Catz
2013-05-03 15:18 . 2013-05-03 15:18        --------        d-----w-        c:\program files (x86)\MonitorDriver
2013-05-03 15:17 . 2013-05-03 15:17        --------        d-----w-        c:\users\IceShock\AppData\Roaming\InstallShield
2013-05-01 09:48 . 2013-05-01 08:38        122904        ----a-w-        c:\windows\system\OpenAL32.dll
2013-04-28 09:45 . 2013-04-28 09:46        --------        d-----w-        c:\users\IceShock\AppData\Local\Divinity 2
2013-04-28 08:18 . 2013-04-28 08:18        --------        d-----w-        c:\programdata\Divinity 2
2013-04-28 08:07 . 2013-04-28 08:21        --------        d-----w-        c:\program files (x86)\Divinity II - Ego Draconis
2013-04-24 21:56 . 2013-04-24 21:56        77592        ----a-w-        c:\windows\system32\ladfGSRCoinst_amd64.dll
2013-04-24 21:56 . 2013-04-24 21:56        410008        ----a-w-        c:\windows\system32\drivers\ladfGSCamd64.sys
2013-04-24 21:56 . 2013-04-24 21:56        102808        ----a-w-        c:\windows\system32\drivers\ladfGSRamd64.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 17:52 . 2012-11-21 17:31        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 17:52 . 2012-11-21 17:31        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-20 17:42 . 2012-11-09 14:50        45856        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys
2013-05-16 17:31 . 2012-11-08 17:00        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-16 16:54 . 2012-11-10 12:38        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-05-16 16:54 . 2012-11-09 16:17        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-05-16 16:45 . 2012-11-09 16:17        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-05-01 08:38 . 2012-12-21 16:42        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2013-05-01 08:38 . 2012-12-21 16:42        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2013-05-01 08:38 . 2012-12-21 16:42        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2013-04-15 15:09 . 2012-11-18 13:42        802136        ----a-w-        c:\program files\uTorrent.exe
2013-04-13 05:49 . 2013-05-16 13:13        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 13:13        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 13:13        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 13:13        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 13:13        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 13:13        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:39        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-18 15:24        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-01 18:22 . 2012-11-09 16:17        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-03-19 06:04 . 2013-04-10 14:48        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:48        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:48        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:48        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:48        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:48        112640        ----a-w-        c:\windows\system32\smss.exe
2013-03-13 11:36 . 2012-11-08 16:23        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-03-13 11:36 . 2012-11-08 16:23        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-09 16:53 . 2013-03-09 16:53        4608        ----a-w-        c:\windows\SysWow64\w95inf32.dll
2013-03-09 16:53 . 2013-03-09 16:53        2272        ----a-w-        c:\windows\SysWow64\w95inf16.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27        158224        ----a-w-        c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\IceShock\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-09-14 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-07-06 303104]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2013-04-24 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2013-04-24 102808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-02 36448]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-24 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-07-06 2656536]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 Said1109;Said1109;c:\windows\system32\DRIVERS\Said1109.sys [2012-10-15 25920]
S3 SaiK1109;SaiK1109;c:\windows\system32\DRIVERS\SaiK1109.sys [2012-10-15 180544]
S3 SaiK1713;SaiK1713;c:\windows\system32\DRIVERS\SaiK1713.sys [2012-09-20 180544]
S3 SaiU1713;SaiU1713;c:\windows\system32\DRIVERS\SaiU1713.sys [2012-09-20 47168]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 11:28        1642448        ----a-w-        c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 17:52]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 16:14]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27        190480        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7466600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-01-24 477600]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-10-15 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-10-15 158208]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to iPod Converter - c:\users\IceShock\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-08 19:11; m2k@m2kdownloader.com; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\m2k@m2kdownloader.com.xpi
FF - ExtSQL: 2013-04-28 17:28; info@maltegoetz.de; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\info@maltegoetz.de.xpi
FF - ExtSQL: 2013-04-28 18:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-09 17:23; ich@maltegoetz.de; c:\users\IceShock\AppData\Roaming\Mozilla\Firefox\Profiles\ym4wpztj.default\extensions\ich@maltegoetz.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-LEGO Stunt Rally - c:\allespiele\lego stunt rally\Uninst.isu
AddRemove-{9B8C0E34-8323-43D9-AD5B-771ECCD1453A}_is1 - c:\allespiele\Arcuz\Arcuz Behind The Darck\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-623712556-1154303772-162369497-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:e3,51,4e,f5,e1,0f,1e,e7,8b,48,50,8c,b8,76,9b,d4,34,7f,13,e7,f3,
  6a,30,39,77,aa,2b,75,16,61,cb,67,51,78,7f,27,cd,b4,a3,91,9b,26,9e,bb,55,a8,\
"rkeysecu"=hex:9b,57,2d,36,6a,15,ae,c6,c5,1d,8a,96,64,58,d5,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2013-05-24  22:47:38
ComboFix-quarantined-files.txt  2013-05-24 20:47
ComboFix2.txt  2013-05-23 15:14
.
Vor Suchlauf: 24 Verzeichnis(se), 34.840.387.584 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 72.337.879.040 Bytes frei
.
- - End Of File - - 9D8BE07203F45E8787CE3D251C670A6A
Ich bin dann mal kurz weg.

Gegen 1 Uhr bin ich spätestens wieder da.

smeenk 25.05.2013 07:07
Hoffentlich hat Combofix seine Arbeit richtig gemacht ;)

Erstelle und poste mir eine neue Log von Farbar Service Scanner.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:28 Uhr.
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131