Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner (Antimaleware Doctor) und eventuell auch mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 08.09.2010, 13:08   #1
basti'
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



Hallo Leute,

habe wohl einen bzw meherere Trojaner auf dem PC. Hatte einen Suchdurchlauf mit Malwarebytes Aniti Malware und SUPERAntiSpyware laufen lassen und alles gelöscht. Doch als ich vom Abgesicherten Modus wieder in den Normalen Modus gegangen bin war alles wieder da.

Lasse jetzt Malwarebytes ein zweites Mal durchlaufen und habe einiges mit HijackThis entfernt, aber was muss ich machen um die Schädlinge permanent wegzukriegen?

Vielen Dank im Vorraus


HijackThis-,
RSIT-,
hjtscanlist logs im Anhang

Alt 08.09.2010, 13:54   #2
markusg
/// Malware-holic
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



unter malwarebytes, logdateien, poste das erste scan log + das vom neuen scan.
__________________


Alt 08.09.2010, 14:12   #3
basti'
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



Der neue:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4302

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

08.09.2010 14:59:06
mbam-log-2010-09-08 (14-59-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 379292
Laufzeit: 1 Stunde(n), 0 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Basti\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
         

Der alte:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4302

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

07.09.2010 22:31:45
mbam-log-2010-09-07 (22-31-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 378001
Laufzeit: 56 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Temp\0.03431850532331426.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.13627568308413596.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.1020188554202297.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.2261102639580611.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.5718292508924075.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\Test.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
         
__________________

Alt 08.09.2010, 14:43   #4
markusg
/// Malware-holic
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



update mal malwarebytes, schalte dann alle aktieven programme, auch antivirus aus. trenne die internetverbindung und starte nen komplett scan, funde löschen, log posten.

Alt 08.09.2010, 17:25   #5
basti'
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



Hat nochmal einiges gefunden, danke schonmal.

Kann sich noch irgendwo was versteckt haben?

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4571

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

08.09.2010 18:23:53
mbam-log-2010-09-08 (18-23-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 385863
Laufzeit: 57 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netlog2 (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\svc2.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\racis.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\sbpad.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\lsmtynioy\ryaxurfuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\202fbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\3d0c25nfd.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\ahnob.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\aqy8v7y1.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\cyac.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\dcvkbgj.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\E0E4.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\FC50.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\FCFB.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\FE91.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\ubwdklcx.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\mediafix70700en02.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\Desktop\Hosting\EA\EasyAccount.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6f07f4d6-11b4fcca (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gpupdate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\BA27.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\BC93.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
         


Alt 14.09.2010, 18:23   #6
basti'
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



Habe noch einen drauf

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4571

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.09.2010 16:28:02
mbam-log-2010-09-13 (16-28-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 400411
Laufzeit: 2 Stunde(n), 43 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\drivers\qbbbppop.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Wie werde ich den los? Ist trotz mehrmaligem löschen immerwieder drauf

Alt 14.09.2010, 18:35   #7
markusg
/// Malware-holic
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 14.09.2010, 19:17   #8
basti'
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-14.01 - Basti 14.09.2010  19:55:10.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3327.2451 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 24 bytes in 1 streams. 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Basti\AppData\Local\Windows Server
c:\users\Basti\AppData\Local\Windows Server\admin.txt
c:\users\Basti\AppData\Local\Windows Server\server.dat
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\enemies-names.txt
c:\users\Basti\AppData\Roaming\A17966C3E382F00E4DDD684FE9D142DF\local.ini
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Basti\jeali.exe
c:\users\Basti\uspad.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\Data
c:\windows\system32\msllhsjn.dll
c:\windows\system32\nbai.amo

Infizierte Kopie von c:\windows\system32\drivers\tdx.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe wurde wiederhergestellt 

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-14 bis 2010-09-14  ))))))))))))))))))))))))))))))
.

2010-09-10 15:36 . 2010-09-10 15:36	--------	d-----w-	c:\program files\ASIO4ALL v2
2010-09-10 15:30 . 2006-06-20 08:56	225280	----a-w-	c:\windows\system32\rewire.dll
2010-09-10 15:29 . 2010-09-10 15:30	--------	d-----w-	c:\program files\Vstplugins
2010-09-10 15:29 . 2010-09-10 15:29	--------	d-----w-	c:\program files\Outsim
2010-09-10 15:26 . 2010-09-10 15:30	--------	d-----w-	c:\program files\Image-Line
2010-09-08 11:38 . 2010-09-08 12:03	--------	d-----w-	c:\program files\trend micro
2010-09-08 11:38 . 2010-09-08 11:38	--------	dc----w-	C:\rsit
2010-09-08 11:27 . 2010-09-08 11:27	113	----a-w-	c:\users\Basti\a.bat
2010-09-08 11:25 . 2010-09-07 06:43	114688	----a-w-	c:\users\Basti\impad.exe
2010-09-08 11:25 . 2010-09-10 14:00	--------	d-----w-	c:\windows\system32\MpEngineStore
2010-09-07 18:16 . 2010-09-08 16:23	--------	d-----w-	c:\users\Basti\AppData\Local\lsmtynioy
2010-09-04 13:20 . 2010-09-04 13:20	--------	d--h--w-	c:\program files\InstallJammer Registry
2010-09-03 21:07 . 2010-09-03 21:07	--------	dc----w-	c:\programdata\SweetIM
2010-09-03 13:23 . 2010-09-03 13:23	--------	d-----w-	c:\users\Basti\AppData\Local\119614856374854900
2010-09-03 13:23 . 2010-09-03 13:23	--------	d-----w-	c:\users\Basti\AppData\Local\119611643739317492
2010-09-02 22:17 . 2010-09-10 16:34	--------	d-----w-	c:\users\Basti\AppData\Roaming\.minecraft
2010-08-30 19:45 . 2010-08-30 19:49	--------	d-----w-	c:\program files\osu!
2010-08-30 19:44 . 2010-08-30 19:44	--------	d-----w-	c:\users\Basti\AppData\Roaming\Downloaded Installations
2010-08-30 18:03 . 2010-08-30 18:03	--------	dc----w-	c:\programdata\IsolatedStorage
2010-08-21 19:04 . 2010-08-21 19:04	--------	d-----w-	c:\users\Basti\AppData\Roaming\Creative
2010-08-20 13:08 . 2010-08-20 13:08	--------	d-----w-	c:\users\Basti\AppData\Local\TechSmith
2010-08-18 21:25 . 2010-08-18 21:25	--------	d-----w-	c:\users\Basti\AppData\Local\119614890735445236
2010-08-18 21:25 . 2010-08-18 21:25	--------	d-----w-	c:\users\Basti\AppData\Local\119611678099907828
2010-08-18 13:30 . 2010-08-18 13:30	--------	d-----w-	c:\users\Basti\AppData\Local\119614890734396660
2010-08-18 13:30 . 2010-08-18 13:30	--------	d-----w-	c:\users\Basti\AppData\Local\119611678098859252
2010-08-17 20:12 . 2010-08-17 20:12	--------	d-----w-	c:\users\Basti\AppData\Roaming\Xilisoft
2010-08-17 19:10 . 2010-08-17 19:10	--------	d-----w-	c:\users\Basti\AppData\Roaming\Datel
2010-08-17 19:09 . 2010-08-17 19:09	--------	d-----w-	c:\program files\Datel
2010-08-17 16:01 . 2010-08-17 16:01	--------	d-----w-	c:\users\Basti\AppData\Roaming\GameTuts
2010-08-17 16:01 . 2010-08-17 16:01	--------	d-----w-	c:\users\Basti\AppData\Local\GameTuts
2010-08-17 14:46 . 2010-08-17 14:47	--------	dc----w-	c:\programdata\XHEO INC
2010-08-17 14:45 . 2010-08-17 14:45	--------	d-----w-	c:\users\Basti\AppData\Local\IsolatedStorage

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 18:10 . 2010-02-07 16:16	--------	d-----w-	c:\users\Basti\AppData\Roaming\Skype
2010-09-14 18:08 . 2010-06-11 16:24	--------	d-----w-	c:\users\Basti\AppData\Roaming\Dropbox
2010-09-14 18:08 . 2010-02-18 21:00	--------	d-----w-	c:\users\Basti\AppData\Roaming\Xfire
2010-09-14 18:08 . 2010-02-07 16:18	--------	d-----w-	c:\users\Basti\AppData\Roaming\skypePM
2010-09-14 18:08 . 2010-08-12 13:32	--------	d-----w-	c:\program files\Common Files\Akamai
2010-09-14 18:08 . 2010-06-28 16:49	--------	d-----w-	c:\program files\Steam
2010-09-14 18:07 . 2010-02-16 17:03	--------	dc----w-	c:\programdata\NVIDIA
2010-09-14 18:01 . 2009-07-14 08:47	696132	----a-w-	c:\windows\system32\perfh007.dat
2010-09-14 18:01 . 2009-07-14 08:47	147428	----a-w-	c:\windows\system32\perfc007.dat
2010-09-14 17:34 . 2010-02-21 16:55	--------	d-----w-	c:\program files\JDownloader
2010-09-13 19:50 . 2010-09-10 16:34	65024	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-13 19:50 . 2010-09-10 16:34	62464	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-13 19:50 . 2010-09-10 16:34	61952	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-09-13 19:50 . 2010-09-10 16:34	59392	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-09-13 19:50 . 2010-09-10 16:34	273920	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-13 19:50 . 2010-09-10 16:34	195072	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-13 19:50 . 2010-09-10 16:34	193024	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-09-13 19:50 . 2010-09-10 16:34	108032	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-09-13 19:28 . 2010-03-12 13:59	138520	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-09-13 19:28 . 2010-03-12 13:59	233960	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-09-13 14:28 . 2010-02-07 14:22	--------	d-----w-	c:\users\Basti\AppData\Roaming\ICQ
2010-09-12 20:47 . 2010-02-07 14:45	--------	d-----w-	c:\users\Basti\AppData\Roaming\vlc
2010-09-11 11:16 . 2010-02-18 21:00	--------	dc----w-	c:\programdata\Xfire
2010-09-10 20:17 . 2010-05-13 19:39	--------	d-----w-	c:\program files\MeGUI
2010-09-10 11:31 . 2010-03-07 15:51	--------	d-----w-	c:\users\Basti\AppData\Roaming\UseNeXT
2010-09-09 22:36 . 2010-02-15 22:00	--------	dc----w-	c:\programdata\Sony
2010-09-09 22:35 . 2010-02-15 22:15	--------	d-----w-	c:\users\Basti\AppData\Roaming\Sony
2010-09-07 20:35 . 2010-07-10 23:42	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-09-07 12:08 . 2010-04-25 13:33	--------	dc----w-	c:\programdata\Microsoft Help
2010-09-06 22:36 . 2010-02-21 02:20	128400	---ha-w-	c:\windows\system32\mlfcache.dat
2010-09-04 23:23 . 2010-09-04 23:22	2788816	----a-w-	c:\users\Basti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-09-04 13:20 . 2010-09-04 13:20	1490343	----a-w-	c:\windows\Cursors\uninstall.exe
2010-09-03 21:17 . 2010-05-01 19:03	--------	d-----w-	c:\program files\Sony
2010-09-03 15:59 . 2010-09-03 15:59	144696	-c--a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-03 15:59 . 2010-05-08 21:47	--------	dc----w-	c:\programdata\DivX
2010-08-31 18:49 . 2010-02-07 00:25	86296	----a-w-	c:\users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-31 18:45 . 2010-02-13 14:54	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-29 18:41 . 2010-07-21 18:35	--------	d-----w-	c:\program files\MW2CU
2010-08-29 12:58 . 2010-02-07 14:21	--------	d-----w-	c:\program files\ICQ7.0
2010-08-28 19:56 . 2010-08-28 19:56	126976	----a-w-	c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuozl.exe
2010-08-28 11:55 . 2010-02-07 14:48	--------	d-----w-	c:\users\Basti\AppData\Roaming\dvdcss
2010-08-17 20:10 . 2010-04-06 20:20	--------	d-----w-	c:\program files\Xilisoft
2010-08-12 21:59 . 2010-08-12 21:59	47364	-c--a-w-	c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-12 21:59 . 2010-08-12 20:29	--------	dc----w-	c:\programdata\Blizzard Entertainment
2010-08-12 20:48 . 2010-08-12 20:29	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2010-08-12 15:42 . 2010-02-16 17:02	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-12 15:42 . 2010-02-16 17:02	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:20 . 2010-08-11 18:19	--------	d-----w-	c:\users\Basti\AppData\Roaming\ManyCam
2010-08-11 18:19 . 2010-08-11 18:19	--------	d-----w-	c:\program files\ManyCam
2010-08-11 18:10 . 2010-08-11 18:10	--------	d-----w-	c:\program files\Fake Webcam
2010-08-11 18:10 . 2010-08-11 18:10	--------	d-----w-	c:\program files\Common Files\fwc
2010-08-11 17:58 . 2010-08-11 17:58	10134	----a-r-	c:\users\Basti\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-08-11 17:58 . 2010-08-11 17:58	--------	d-----w-	c:\program files\AMD
2010-08-08 12:42 . 2010-04-02 22:40	--------	d-----w-	c:\program files\Palringo
2010-08-04 22:58 . 2010-08-04 22:51	--------	d-----w-	c:\users\Basti\AppData\Roaming\Call Graph
2010-08-04 22:53 . 2010-08-04 22:53	--------	d-----w-	c:\users\Basti\AppData\Roaming\Sedna Wireless
2010-08-04 22:51 . 2010-08-04 22:51	--------	d-----w-	c:\program files\Call Graph
2010-08-01 22:16 . 2010-02-16 22:41	--------	d-----w-	c:\program files\WeGame
2010-07-31 15:01 . 2010-07-31 15:04	151552	----a-w-	c:\windows\system32\nvRegDev.dll
2010-07-30 20:22 . 2010-02-11 14:30	--------	d-----w-	c:\users\Basti\AppData\Roaming\Media Player Classic
2010-07-30 17:41 . 2010-07-30 17:29	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-07-30 17:30 . 2010-07-30 17:30	--------	d-----w-	c:\program files\CCleaner
2010-07-30 17:29 . 2010-07-30 17:29	--------	d-----w-	c:\users\Basti\AppData\Roaming\TuneUp Software
2010-07-30 17:29 . 2010-07-30 17:29	--------	dc----w-	c:\programdata\TuneUp Software
2010-07-30 17:28 . 2010-07-30 17:28	--------	dcsh--w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-29 00:01 . 2010-07-29 00:01	--------	d-----w-	c:\program files\Orekaria
2010-07-27 18:00 . 2010-07-26 00:03	148	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-07-26 20:28 . 2010-07-26 20:27	--------	d-----w-	c:\program files\Cinema4D
2010-07-26 00:03 . 2010-07-26 00:03	16	-c-h--w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\nkz3kk1.dll
2010-07-26 00:03 . 2010-07-26 00:03	120	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03	--------	dc----w-	c:\programdata\SafeNet Sentinel
2010-07-26 00:03 . 2010-07-26 00:03	--------	d-----w-	c:\program files\Vicon
2010-07-25 21:08 . 2010-07-25 21:08	--------	dc----w-	c:\programdata\regid.1986-12.com.adobe
2010-07-25 20:45 . 2010-07-25 20:45	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-07-25 20:44 . 2010-07-25 20:45	38784	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-25 19:31 . 2010-02-06 23:04	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-25 19:14 . 2010-07-23 00:58	--------	d-----w-	c:\program files\Illustrate
2010-07-25 18:53 . 2010-07-25 18:53	--------	d-----w-	c:\program files\VS Revo Group
2010-07-25 16:06 . 2010-02-13 15:35	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-07-23 00:59 . 2010-07-23 00:59	3291	----a-w-	c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-23 00:59 . 2010-03-19 22:17	869608	----a-w-	c:\windows\system32\SpoonUninstall.exe
2010-07-22 00:17 . 2010-07-22 00:17	--------	d-----w-	c:\program files\Noel Danjou
2010-07-21 16:53 . 2010-04-25 13:36	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-20 12:57 . 2010-07-19 18:39	--------	d-----w-	c:\program files\MediaInfo
2010-07-19 18:40 . 2010-07-19 18:40	--------	d-----w-	c:\users\Basti\AppData\Roaming\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39	--------	d-----w-	c:\program files\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39	331304	----a-w-	c:\users\Basti\AppData\Roaming\OpenCandy\OpenCandy_2CBAF7D0FFB3454FBE5E3999AE55DD86\DLMgr_3_1.6.44.exe
2010-07-19 18:39 . 2010-07-19 18:39	--------	d-----w-	c:\users\Basti\AppData\Roaming\OpenCandy
2010-07-18 19:53 . 2010-07-06 11:39	--------	d-----w-	c:\program files\PS3 Media Server
2010-07-17 22:54 . 2010-07-17 22:52	--------	d-----w-	c:\program files\Google
2010-07-17 22:50 . 2010-07-17 22:50	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-12 17:10 . 2010-07-10 23:43	63488	----a-w-	c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-12 17:10 . 2010-07-10 23:43	117760	----a-w-	c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-10 23:43 . 2010-07-10 23:43	52224	----a-w-	c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 19:04 . 2010-07-09 19:04	41872	----a-w-	c:\windows\system32\xfcodec.dll
2010-07-06 11:26 . 2010-07-30 17:30	30528	----a-w-	c:\windows\system32\TURegOpt.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\steam\steam.exe" [2010-08-28 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-02 2424560]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2010-02-13 2521464]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-06-24 1680680]
"Google Update"="c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nuozl.exe [2010-8-28 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35	640440	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26	38840	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-13 17:05	2521464	-c--a-w-	c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	-c--a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-05-14 13:33	5562832	----a-w-	c:\program files\QIP 2010\qip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2010-02-18 10:24	1573448	-c--a-w-	c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2010-02-18 10:47	3203144	-c--a-w-	c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-06-21 18:41	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-02 11:53	322352	----a-w-	c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16	37376	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R0 jpqje;jpqje;c:\windows\System32\drivers\wvjhfc.sys [x]
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-06 79360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3411964]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-07 1343400]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-12 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-21 173352]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - qbbbppop

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai	REG_MULTI_SZ   	Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000Core.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000UA.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
HKCU-Run-saeji - c:\users\Basti\saeji.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-Adobe_ID0ENQBO - c:\progra~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSConfigStartUp-nonep - c:\users\Basti\AppData\Local\Temp\tmp9c3961f8\killexe.exe
MSConfigStartUp-Pinnacle Game Profiler - c:\program files\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\WebcamMax.exe
MSConfigStartUp-{0D6EF551-81D5-428B-6701-9BBA448D5B36} - c:\users\Basti\AppData\Roaming\Owcuw\yfony.exe
AddRemove-FLV Pro Player - c:\program files\FLV Pro Player\uninstall.exe
AddRemove-LOCO - c:\program files\Alaplaya\LOCO\uninst.exe
AddRemove-MeGUI - c:\program files\MeGUI\megui-uninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\qbbbppop]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1584810832-2463764626-296550485-1000\Software\SecuROM\License information*]
"datasecu"=hex:73,24,85,13,71,26,4a,6b,8f,ec,e8,27,94,6e,b0,64,91,38,cd,f2,67,
   5d,c6,e1,d7,a5,3f,0f,26,34,1a,18,33,36,ab,3d,e0,38,14,f9,3c,ae,5f,3c,d9,90,\
"rkeysecu"=hex:00,37,ca,59,02,77,7a,3b,cd,04,49,ad,15,94,a4,bf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2920)
c:\users\Basti\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-14  20:16:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-14 18:16

Vor Suchlauf: 5.151.526.912 Bytes frei
Nach Suchlauf: 5.332.586.496 Bytes frei

- - End Of File - - 10E6CFCF8D19C141507FE55101FD9028
         
--- --- ---

Alt 14.09.2010, 19:42   #9
markusg
/// Malware-holic
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



start programme zubehör editor,kopiere rein
Killall::
Rootkit::
c:\windows\System32\drivers\wvjhfc.sys
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nuozl.exe
c:\windows\system32\drivers\qbbbppop.sys
Driver::
wvjhfc
qbbbppop
folder::
c:\users\Basti\AppData\Local\lsmtynioy
dds::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577

Datei speichern unter, ort dort wo sich combofix.exe befindet. typ alle dateien, name cfscript.txt
ziehe cfscript auf combofix, programm startet, log posten.

Alt 14.09.2010, 20:50   #10
basti'
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



Code:
ATTFilter
ComboFix 10-09-14.01 - Basti 14.09.2010  21:20:42.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3327.2176 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Basti\Downloads\cfscript.txt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Basti\AppData\Local\lsmtynioy

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QBBBPPOP
-------\Service_qbbbppop
-------\Service_jpqje


(((((((((((((((((((((((   Dateien erstellt von 2010-08-14 bis 2010-09-14  ))))))))))))))))))))))))))))))
.

2010-09-14 19:30 . 2010-09-14 19:30	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-14 19:30 . 2010-09-14 19:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-14 18:41 . 2010-09-14 18:41	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-09-14 18:06 . 2010-09-14 19:44	--------	d-----w-	c:\users\Basti\AppData\Local\temp
2010-09-10 16:34 . 2010-09-13 19:50	65024	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-10 16:34 . 2010-09-13 19:50	62464	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-10 16:34 . 2010-09-13 19:50	61952	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-09-10 16:34 . 2010-09-13 19:50	59392	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-09-10 16:34 . 2010-09-13 19:50	273920	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-10 16:34 . 2010-09-13 19:50	195072	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-10 16:34 . 2010-09-13 19:50	193024	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-09-10 16:34 . 2010-09-13 19:50	108032	----a-w-	c:\users\Basti\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-09-10 15:36 . 2010-09-10 15:36	--------	d-----w-	c:\program files\ASIO4ALL v2
2010-09-10 15:30 . 2006-06-20 08:56	225280	----a-w-	c:\windows\system32\rewire.dll
2010-09-10 15:29 . 2010-09-10 15:30	--------	d-----w-	c:\program files\Vstplugins
2010-09-10 15:29 . 2010-09-10 15:29	--------	d-----w-	c:\program files\Outsim
2010-09-10 15:26 . 2010-09-10 15:30	--------	d-----w-	c:\program files\Image-Line
2010-09-08 11:38 . 2010-09-08 12:03	--------	d-----w-	c:\program files\trend micro
2010-09-08 11:38 . 2010-09-08 11:38	--------	dc----w-	C:\rsit
2010-09-08 11:27 . 2010-09-08 11:27	113	----a-w-	c:\users\Basti\a.bat
2010-09-08 11:25 . 2010-09-07 06:43	114688	----a-w-	c:\users\Basti\impad.exe
2010-09-08 11:25 . 2010-09-10 14:00	--------	d-----w-	c:\windows\system32\MpEngineStore
2010-09-07 18:16 . 2010-09-14 19:30	778752	----a-w-	c:\windows\system32\drivers\qbbbppop.sys
2010-09-04 23:22 . 2010-09-04 23:23	2788816	----a-w-	c:\users\Basti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-09-04 13:20 . 2010-09-04 13:20	--------	d--h--w-	c:\program files\InstallJammer Registry
2010-09-03 21:07 . 2010-09-03 21:07	--------	dc----w-	c:\programdata\SweetIM
2010-09-03 15:59 . 2010-09-03 15:59	144696	-c--a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-03 13:23 . 2010-09-03 13:23	--------	d-----w-	c:\users\Basti\AppData\Local\119614856374854900
2010-09-03 13:23 . 2010-09-03 13:23	--------	d-----w-	c:\users\Basti\AppData\Local\119611643739317492
2010-09-02 22:17 . 2010-09-10 16:34	--------	d-----w-	c:\users\Basti\AppData\Roaming\.minecraft
2010-08-30 19:45 . 2010-08-30 19:49	--------	d-----w-	c:\program files\osu!
2010-08-30 19:44 . 2010-08-30 19:44	--------	d-----w-	c:\users\Basti\AppData\Roaming\Downloaded Installations
2010-08-30 18:03 . 2010-08-30 18:03	--------	dc----w-	c:\programdata\IsolatedStorage
2010-08-28 19:56 . 2010-08-28 19:56	126976	----a-w-	c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuozl.exe
2010-08-21 19:04 . 2010-08-21 19:04	--------	d-----w-	c:\users\Basti\AppData\Roaming\Creative
2010-08-20 13:08 . 2010-08-20 13:08	--------	d-----w-	c:\users\Basti\AppData\Local\TechSmith
2010-08-18 21:25 . 2010-08-18 21:25	--------	d-----w-	c:\users\Basti\AppData\Local\119614890735445236
2010-08-18 21:25 . 2010-08-18 21:25	--------	d-----w-	c:\users\Basti\AppData\Local\119611678099907828
2010-08-18 13:30 . 2010-08-18 13:30	--------	d-----w-	c:\users\Basti\AppData\Local\119614890734396660
2010-08-18 13:30 . 2010-08-18 13:30	--------	d-----w-	c:\users\Basti\AppData\Local\119611678098859252
2010-08-17 20:12 . 2010-08-17 20:12	--------	d-----w-	c:\users\Basti\AppData\Roaming\Xilisoft
2010-08-17 19:10 . 2010-08-17 19:10	--------	d-----w-	c:\users\Basti\AppData\Roaming\Datel
2010-08-17 19:09 . 2010-08-17 19:09	--------	d-----w-	c:\program files\Datel
2010-08-17 16:01 . 2010-08-17 16:01	--------	d-----w-	c:\users\Basti\AppData\Roaming\GameTuts
2010-08-17 16:01 . 2010-08-17 16:01	--------	d-----w-	c:\users\Basti\AppData\Local\GameTuts
2010-08-17 14:46 . 2010-08-17 14:47	--------	dc----w-	c:\programdata\XHEO INC
2010-08-17 14:45 . 2010-08-17 14:45	--------	d-----w-	c:\users\Basti\AppData\Local\IsolatedStorage

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 19:45 . 2010-02-07 16:16	--------	d-----w-	c:\users\Basti\AppData\Roaming\Skype
2010-09-14 19:44 . 2010-06-11 16:24	--------	d-----w-	c:\users\Basti\AppData\Roaming\Dropbox
2010-09-14 19:44 . 2010-06-28 16:49	--------	d-----w-	c:\program files\Steam
2010-09-14 19:36 . 2009-07-14 08:47	696132	----a-w-	c:\windows\system32\perfh007.dat
2010-09-14 19:36 . 2009-07-14 08:47	147428	----a-w-	c:\windows\system32\perfc007.dat
2010-09-14 19:32 . 2010-08-12 13:32	--------	d-----w-	c:\program files\Common Files\Akamai
2010-09-14 19:32 . 2010-02-16 17:03	--------	dc----w-	c:\programdata\NVIDIA
2010-09-14 19:19 . 2010-07-10 23:42	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-09-14 18:41 . 2010-02-12 12:56	--------	d-----w-	c:\program files\DAEMON Tools Lite
2010-09-14 18:39 . 2010-02-12 12:57	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-09-14 18:08 . 2010-02-18 21:00	--------	d-----w-	c:\users\Basti\AppData\Roaming\Xfire
2010-09-14 18:08 . 2010-02-07 16:18	--------	d-----w-	c:\users\Basti\AppData\Roaming\skypePM
2010-09-14 17:34 . 2010-02-21 16:55	--------	d-----w-	c:\program files\JDownloader
2010-09-13 19:28 . 2010-03-12 13:59	138520	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-09-13 19:28 . 2010-03-12 13:59	233960	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-09-13 14:28 . 2010-02-07 14:22	--------	d-----w-	c:\users\Basti\AppData\Roaming\ICQ
2010-09-12 20:47 . 2010-02-07 14:45	--------	d-----w-	c:\users\Basti\AppData\Roaming\vlc
2010-09-11 11:16 . 2010-02-18 21:00	--------	dc----w-	c:\programdata\Xfire
2010-09-10 20:17 . 2010-05-13 19:39	--------	d-----w-	c:\program files\MeGUI
2010-09-10 11:31 . 2010-03-07 15:51	--------	d-----w-	c:\users\Basti\AppData\Roaming\UseNeXT
2010-09-09 22:36 . 2010-02-15 22:00	--------	dc----w-	c:\programdata\Sony
2010-09-09 22:35 . 2010-02-15 22:15	--------	d-----w-	c:\users\Basti\AppData\Roaming\Sony
2010-09-07 12:08 . 2010-04-25 13:33	--------	dc----w-	c:\programdata\Microsoft Help
2010-09-06 22:36 . 2010-02-21 02:20	128400	---ha-w-	c:\windows\system32\mlfcache.dat
2010-09-04 13:20 . 2010-09-04 13:20	1490343	----a-w-	c:\windows\Cursors\uninstall.exe
2010-09-03 21:17 . 2010-05-01 19:03	--------	d-----w-	c:\program files\Sony
2010-09-03 15:59 . 2010-05-08 21:47	--------	dc----w-	c:\programdata\DivX
2010-08-31 18:49 . 2010-02-07 00:25	86296	----a-w-	c:\users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-31 18:45 . 2010-02-13 14:54	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-29 18:41 . 2010-07-21 18:35	--------	d-----w-	c:\program files\MW2CU
2010-08-29 12:58 . 2010-02-07 14:21	--------	d-----w-	c:\program files\ICQ7.0
2010-08-28 11:55 . 2010-02-07 14:48	--------	d-----w-	c:\users\Basti\AppData\Roaming\dvdcss
2010-08-17 20:10 . 2010-04-06 20:20	--------	d-----w-	c:\program files\Xilisoft
2010-08-12 21:59 . 2010-08-12 21:59	47364	-c--a-w-	c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-12 21:59 . 2010-08-12 20:29	--------	dc----w-	c:\programdata\Blizzard Entertainment
2010-08-12 20:48 . 2010-08-12 20:29	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2010-08-12 15:42 . 2010-02-16 17:02	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-12 15:42 . 2010-02-16 17:02	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:20 . 2010-08-11 18:19	--------	d-----w-	c:\users\Basti\AppData\Roaming\ManyCam
2010-08-11 18:19 . 2010-08-11 18:19	--------	d-----w-	c:\program files\ManyCam
2010-08-11 18:10 . 2010-08-11 18:10	--------	d-----w-	c:\program files\Fake Webcam
2010-08-11 18:10 . 2010-08-11 18:10	--------	d-----w-	c:\program files\Common Files\fwc
2010-08-11 17:58 . 2010-08-11 17:58	10134	----a-r-	c:\users\Basti\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-08-11 17:58 . 2010-08-11 17:58	--------	d-----w-	c:\program files\AMD
2010-08-08 12:42 . 2010-04-02 22:40	--------	d-----w-	c:\program files\Palringo
2010-08-04 22:58 . 2010-08-04 22:51	--------	d-----w-	c:\users\Basti\AppData\Roaming\Call Graph
2010-08-04 22:53 . 2010-08-04 22:53	--------	d-----w-	c:\users\Basti\AppData\Roaming\Sedna Wireless
2010-08-04 22:51 . 2010-08-04 22:51	--------	d-----w-	c:\program files\Call Graph
2010-08-01 22:16 . 2010-02-16 22:41	--------	d-----w-	c:\program files\WeGame
2010-07-31 15:01 . 2010-07-31 15:04	151552	----a-w-	c:\windows\system32\nvRegDev.dll
2010-07-30 20:22 . 2010-02-11 14:30	--------	d-----w-	c:\users\Basti\AppData\Roaming\Media Player Classic
2010-07-30 17:41 . 2010-07-30 17:29	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-07-30 17:30 . 2010-07-30 17:30	--------	d-----w-	c:\program files\CCleaner
2010-07-30 17:29 . 2010-07-30 17:29	--------	d-----w-	c:\users\Basti\AppData\Roaming\TuneUp Software
2010-07-30 17:29 . 2010-07-30 17:29	--------	dc----w-	c:\programdata\TuneUp Software
2010-07-30 17:28 . 2010-07-30 17:28	--------	dcsh--w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-29 00:01 . 2010-07-29 00:01	--------	d-----w-	c:\program files\Orekaria
2010-07-27 18:00 . 2010-07-26 00:03	148	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-07-26 20:28 . 2010-07-26 20:27	--------	d-----w-	c:\program files\Cinema4D
2010-07-26 00:03 . 2010-07-26 00:03	16	-c-h--w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\nkz3kk1.dll
2010-07-26 00:03 . 2010-07-26 00:03	120	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll
2010-07-26 00:03 . 2010-07-26 00:03	1024	-c--a-w-	c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth1.dll
2010-07-26 00:03 . 2010-07-26 00:03	--------	dc----w-	c:\programdata\SafeNet Sentinel
2010-07-26 00:03 . 2010-07-26 00:03	--------	d-----w-	c:\program files\Vicon
2010-07-25 21:08 . 2010-07-25 21:08	--------	dc----w-	c:\programdata\regid.1986-12.com.adobe
2010-07-25 20:45 . 2010-07-25 20:45	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-07-25 20:44 . 2010-07-25 20:45	38784	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-25 19:31 . 2010-02-06 23:04	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-25 19:14 . 2010-07-23 00:58	--------	d-----w-	c:\program files\Illustrate
2010-07-25 18:53 . 2010-07-25 18:53	--------	d-----w-	c:\program files\VS Revo Group
2010-07-25 16:06 . 2010-02-13 15:35	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-07-23 00:59 . 2010-07-23 00:59	3291	----a-w-	c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-23 00:59 . 2010-03-19 22:17	869608	----a-w-	c:\windows\system32\SpoonUninstall.exe
2010-07-22 00:17 . 2010-07-22 00:17	--------	d-----w-	c:\program files\Noel Danjou
2010-07-21 16:53 . 2010-04-25 13:36	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-20 12:57 . 2010-07-19 18:39	--------	d-----w-	c:\program files\MediaInfo
2010-07-19 18:40 . 2010-07-19 18:40	--------	d-----w-	c:\users\Basti\AppData\Roaming\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39	--------	d-----w-	c:\program files\Uniblue
2010-07-19 18:39 . 2010-07-19 18:39	331304	----a-w-	c:\users\Basti\AppData\Roaming\OpenCandy\OpenCandy_2CBAF7D0FFB3454FBE5E3999AE55DD86\DLMgr_3_1.6.44.exe
2010-07-19 18:39 . 2010-07-19 18:39	--------	d-----w-	c:\users\Basti\AppData\Roaming\OpenCandy
2010-07-18 19:53 . 2010-07-06 11:39	--------	d-----w-	c:\program files\PS3 Media Server
2010-07-17 22:54 . 2010-07-17 22:52	--------	d-----w-	c:\program files\Google
2010-07-17 22:50 . 2010-07-17 22:50	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-12 17:10 . 2010-07-10 23:43	63488	----a-w-	c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-12 17:10 . 2010-07-10 23:43	117760	----a-w-	c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-10 23:43 . 2010-07-10 23:43	52224	----a-w-	c:\users\Basti\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 19:04 . 2010-07-09 19:04	41872	----a-w-	c:\windows\system32\xfcodec.dll
2010-07-06 11:26 . 2010-07-30 17:30	30528	----a-w-	c:\windows\system32\TURegOpt.exe
2010-07-06 11:20 . 2010-07-30 17:41	21312	----a-w-	c:\windows\system32\authuitu.dll
2010-07-06 11:20 . 2010-07-30 17:41	30016	----a-w-	c:\windows\system32\uxtuneup.dll
2010-06-26 23:38 . 2010-03-12 13:59	138056	----a-w-	c:\users\Basti\AppData\Roaming\PnkBstrK.sys
2010-06-26 23:38 . 2010-03-12 13:59	138056	----a-w-	c:\users\Basti\AppData\Roaming\PnkBstrK.sys
2010-06-26 23:37 . 2010-03-12 13:58	2434856	----a-w-	c:\windows\system32\pbsvc_bc2.exe
2010-06-26 13:57 . 2010-04-17 13:47	119296	----a-w-	c:\windows\system32\zlib.dll
2010-06-18 10:22 . 2010-06-18 10:22	72504	-c--a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-18 10:22 . 2010-06-18 10:22	71992	-c--a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\steam\steam.exe" [2010-08-28 1242448]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2010-02-13 2521464]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-06-24 1680680]
"Google Update"="c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nuozl.exe [2010-8-28 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35	640440	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26	38840	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-13 17:05	2521464	-c--a-w-	c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	-c--a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-05-14 13:33	5562832	----a-w-	c:\program files\QIP 2010\qip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2010-02-18 10:24	1573448	-c--a-w-	c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2010-02-18 10:47	3203144	-c--a-w-	c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-06-21 18:41	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-02 11:53	322352	----a-w-	c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:16	37376	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-06 79360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3411964]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai	REG_MULTI_SZ   	Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:52]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000Core.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584810832-2463764626-296550485-1000UA.job
- c:\users\Basti\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 22:52]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://home.sweetim.com
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\lg1yjjt6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1584810832-2463764626-296550485-1000\Software\SecuROM\License information*]
"datasecu"=hex:73,24,85,13,71,26,4a,6b,8f,ec,e8,27,94,6e,b0,64,91,38,cd,f2,67,
   5d,c6,e1,d7,a5,3f,0f,26,34,1a,18,33,36,ab,3d,e0,38,14,f9,3c,ae,5f,3c,d9,90,\
"rkeysecu"=hex:00,37,ca,59,02,77,7a,3b,cd,04,49,ad,15,94,a4,bf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2472)
c:\program files\Xfire\xfire_toucan_43094.dll
c:\users\Basti\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\users\Basti\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-14  21:49:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-14 19:49
ComboFix2.txt  2010-09-14 18:16

Vor Suchlauf: 4.875.395.072 Bytes frei
Nach Suchlauf: 4.648.689.664 Bytes frei

- - End Of File - - C5396FB5A373F55C0B225655904780FD
         

Alt 15.09.2010, 09:54   #11
markusg
/// Malware-holic
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



öffne mein computer, c: qoobox dort rechtsklick auf quarantain und zu quarantain.zip oder rar hinzufügen. das archiv an uns hochladen.
dateiupload:
http://www.trojaner-board.de/54791-a...ner-board.html

Alt 17.09.2010, 17:29   #12
markusg
/// Malware-holic
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



ok wie läuft er jetzt?

Alt 17.09.2010, 18:27   #13
basti'
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



Normal, wie immer

Alt 17.09.2010, 18:30   #14
markusg
/// Malware-holic
 
Trojaner (Antimaleware Doctor) und eventuell auch mehr - Standard

Trojaner (Antimaleware Doctor) und eventuell auch mehr



also gab es keine antimalware dr. meldungen und sonstigen probleme? dann können wir nämlich zum schluss kommen

Antwort

Themen zu Trojaner (Antimaleware Doctor) und eventuell auch mehr
abgesicherte, abgesicherten, abgesicherten modus, antimaleware, antimaleware doctor, doctor, entfern, entfernt, gen, hijack, hijackthis, laufe, laufen, leute, malwarebytes, modus, normale, normalen, permanent, schädlinge, superantispyware, troja, trojaner, wegzukriegen, zweites



Ähnliche Themen: Trojaner (Antimaleware Doctor) und eventuell auch mehr


  1. Habe Antimaleware Doctor eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (24)
  2. Antimaleware doctor entfernt - Internet geht nicht mehr?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (1)
  3. Antimaleware-Doctor eingefangen
    Plagegeister aller Art und deren Bekämpfung - 11.09.2010 (11)
  4. Antimaleware doctor seit 2 Tagen auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (6)
  5. Antimaleware doctor, mein malewarebytes log
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (1)
  6. Antimaleware Doctor
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (1)
  7. Probleme mit antimaleware doctor
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (1)
  8. antimaleware Doctor
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (1)
  9. Ärger mit Antimaleware Doctor!
    Plagegeister aller Art und deren Bekämpfung - 08.07.2010 (10)
  10. Antimaleware Doctor
    Plagegeister aller Art und deren Bekämpfung - 05.06.2010 (6)
  11. Antimaleware Doctor
    Log-Analyse und Auswertung - 30.05.2010 (2)
  12. Antimaleware-Doctor-Attacke und troj/FakeAV-***
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (59)
  13. Habe Antimaleware doctor! Was soll ich tun?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (7)
  14. Antimaleware Doctor - nicht zu löschen !
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (5)
  15. Antimaleware Doctor und Antimaleware Soft Attacke
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (4)
  16. Antimaleware Doctor entfernt - Logfiles zur Auswertung
    Plagegeister aller Art und deren Bekämpfung - 28.04.2010 (13)
  17. Antimaleware doctor oder anderer fissling?
    Plagegeister aller Art und deren Bekämpfung - 28.04.2010 (1)

Zum Thema Trojaner (Antimaleware Doctor) und eventuell auch mehr - Hallo Leute, habe wohl einen bzw meherere Trojaner auf dem PC. Hatte einen Suchdurchlauf mit Malwarebytes Aniti Malware und SUPERAntiSpyware laufen lassen und alles gelöscht. Doch als ich vom Abgesicherten - Trojaner (Antimaleware Doctor) und eventuell auch mehr...
Archiv
Du betrachtest: Trojaner (Antimaleware Doctor) und eventuell auch mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.