Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar

Master Stix · 21.02.2013, 20:43

hi, habe den CCleaner Installiert und gestartet. Klicke auf Extras, weiss jetzt leider nicht genau was ich nun machen soll. Finde nichts wie "uninstall Llist".

habs glaub ich gechecked
danke

liste folgt gleich

3DPower B12.0619.1 GIGABYTE 23.10.2012 1.00.0000 unnötig
@BIOS GIGABYTE 23.10.2012 2.28 unnötig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 19.02.2013 6,00MB 11.6.602.168 notwendig
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 16.01.2013 121MB 10.1.5 notwendig
Apple Application Support Apple Inc. 19.12.2012 65,0MB 2.3.2 notwendig
Apple Mobile Device Support Apple Inc. 19.12.2012 25,1MB 6.0.1.3 notwendig
Apple Software Update Apple Inc. 07.09.2012 2,38MB 2.1.3.127 notwendig
Bonjour Apple Inc. 07.09.2012 2,00MB 3.0.0.10 notwendig
CCleaner Piriform 23.01.2013 3.27 unnötig
CrystalDiskInfo 5.0.0 Crystal Dew World 30.10.2012 3,20MB 5.0.0 unnötig
Easy Tune 6 B12.0801.1 GIGABYTE 28.01.2013 66,1MB 1.00.0000 unnötig
ElsterFormular Landesfinanzdirektion Thüringen 19.02.2013 343MB 14.0.0.10960 unnötig
Geeks3D.com FurMark 1.10.2 Geeks3D.com 19.10.2012 5,52MB unnötig
Google Chrome Google Inc. 07.09.2012 24.0.1312.57 unnötig
GUILD WARS 07.09.2012 notwendig
Guild Wars 2 NCsoft Corporation, Ltd. 24.10.2012 notwendig
Hdd Speed Test Tool v. 1.0.14 (RC 1) Marko Oette (oette.info) 30.10.2012 unnötig
iCloud Apple Inc. 19.12.2012 81,8MB 2.1.0.39 notwendig
Intel(R) Control Center Intel Corporation 28.01.2013 1.2.1.1008 unnötig
Intel(R) Processor Graphics Intel Corporation 11.02.2013 9.17.10.2932 unnötig
Intel(R) Rapid Storage Technology Intel Corporation 28.01.2013 11.6.0.1030 unnötig
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 28.01.2013 1.0.4.225 unnötig
IsoBuster 3.0 Smart Projects 05.01.2013 10,3MB 3.0 notwendig
iTunes Apple Inc. 19.12.2012 191MB 11.0.1.12 notwendig
Java 7 Update 11 (64-bit) Oracle 21.01.2013 127MB 7.0.110 unnötig
Logitech SetPoint 6.32 Logitech 07.09.2012 39,0MB 6.32.20 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 21.02.2013 18,4MB 1.70.0.1100 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 07.09.2012 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 07.09.2012 2,93MB 4.0.30319 unbekannt
Microsoft Office Professional Plus 2010 Microsoft Corporation 07.09.2012 14.0.6029.1000 unbekannt
Microsoft Security Essentials Microsoft Corporation 21.02.2013 4.2.223.1 notwendig
Microsoft Silverlight Microsoft Corporation 07.09.2012 50,6MB 5.1.10411.0 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.09.2012 298KB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 07.09.2012 788KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 09.09.2012 788KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.09.2012 596KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 09.09.2012 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 23.10.2012 13,8MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 23.10.2012 11,1MB 10.0.40219 unbekannt
NVIDIA 3D Vision Controller-Treiber 314.07 NVIDIA Corporation 19.02.2013 314.07 notwendig
NVIDIA 3D Vision Treiber 314.07 NVIDIA Corporation 19.02.2013 314.07 notwendig
NVIDIA Display Control Panel NVIDIA Corporation 12.02.2013 135MB 6.14.12.5896 notwendig
NVIDIA GeForce Experience 1.0.1 (BETA) NVIDIA Corporation 28.01.2013 1.0.1 (BETA) notwendig
NVIDIA Grafiktreiber 314.07 NVIDIA Corporation 19.02.2013 314.07 notwendig
NVIDIA HD-Audiotreiber 1.3.23.1 NVIDIA Corporation 19.02.2013 1.3.23.1 notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 28.11.2012 9.12.1031 notwendig
QuickTime Apple Inc. 19.12.2012 73,1MB 7.73.80.64 notwendig
Serviio 15.09.2012 notwendig
Sniper Elite V2 Version v1.0 Rebellion, Inc. 15.01.2013 v1.0 notwendig
SopCast 3.0.3 SopCast.com 19.02.2013 3.0.3 unnötig
System Requirements Lab for Intel (64-bit) Husdawg, LLC 23.10.2012 1,19MB 4.5.11.0 unbekannt
TeamSpeak 3 Client TeamSpeak Systems GmbH 08.11.2012 3.0.9.2 notwendig
UseNeXT Tangysoft Ltd. 05.12.2012 9,23MB notwendig
Virtual DJ - Atomix Productions 19.09.2012 notwendig
VLC media player 0.9.9 VideoLAN Team 12.11.2012 0.9.9 notwendig
WD Drive Utilities Western Digital Technologies, Inc. 13.11.2012 12,8MB 1.0.3.3 unnötig
WD Security Western Digital Technologies, Inc. 13.11.2012 14,4MB 1.0.3.3 unnötig
WD SmartWare Western Digital 13.11.2012 39,1MB 1.5.4 unnötig
WinISO WinISO Computing Inc. 05.01.2013 22,0MB 6.1.0.4435 notwendig
WinRAR 07.09.2012 notwendig
XMedia Recode Version 3.1.4.1 XMedia Recode 19.01.2013 17,0MB 3.1.4.1 notwendig

beim durchstöbern des Forums hier, ist mir wieder eingefallen das ich auch Anfangs so eine ähnliche Meldung am Bildschirm hatte wie die mit der BundesPolizei. Leider weiss ich das nicht mehr so genau weil es eben schon länger her ist bei mir.
Kann mich auf jeden Fall daran Erinnern dass ich anschliessend meinen PC im Abgesichertem Modus hochgefahren hab und einen Systemwiederherstellungspunkt gemacht habe der etwa 2-3tage zurück lag. Danach hatte ich keine Probleme mehr mit irgendeiner Meldung am Bildschirm oder einer gehackten WebCam. Mir ist eben nur nach der Zeit das beschriebene Problem mit meiner ProzessorLast etc. aufgefallen.

Hoffe diese Info ist noch Hilfreich für euch.

Danke

so, habe einen Fortschritt zu melden, woher der kommt weiss ich nicht genau, das müsste denk ich mal eine Software gewesen sein die ich drüberlaufen lassen sollte.
Nämlich habe ich jetzt meine besagten Probleme(Prozessor lasst auf einmal hoch + Anzeigetreiber Fehlermeldung etc.) nicht mehr.
Ausserdem hat sich in der Systemkonfiguration unter "msconfig" das Systemstartelement GuardHostComputer von BigDefenseIndustries automatisch umbenannt in folgendes:

{A40125CC-3BBD-5CE4-5FBD-93EE0B0FAD45} Hersteller: Unbekannt
Befehl und Ort sind gleich geblieben.
Dessweiteren lässt es sich nun dauerhaft Deaktivieren, nicht wie zuvor nach Neustart wieder Aktiviert.
Habe anschliessend versucht den Key in der Registry raus zu löschen, jedoch ohne Erfolg, nach Neustart wieder vorhanden.

Muss ich einfach noch einen weiteren Ordner löschen oder Wie soll ich weiter vorgehen?

Danke

markusg · 22.02.2013, 14:37

deinstaliere:
3DPower
@BIOS
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
CrystalDiskInfo
Easy
ElsterFormular
Geeks3D
Google Chrome
Hdd
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
SopCast
VLC
VideoLAN - Official page for VLC media player, the Open Source video framework!
aktuell, Version 2.x

Deinstaliere:
WD : alle
bitte lösch nicht sinnlos und wild drauf los...

Öffne CCleaner, analysieren, starten, PC neustarten.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Master Stix · 22.02.2013, 15:26

Code:

ATTFilter

# AdwCleaner v2.112 - Datei am 22/02/2013 um 15:23:39 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Batman - BATMAN-PC
# Bootmodus : Normal
# Ausgeführt unter : G:\Grusch\Software gegen Trojaner\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Batman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S3].txt - [730 octets] - [22/02/2013 15:23:39]

########## EOF - C:\AdwCleaner[S3].txt - [789 octets] ##########

markusg · 22.02.2013, 15:53

Hi,
HitmanPro - Download - Filepony
hitmanpro laden, doppelklicken, Lizenz, testlizenz.
Scannen, nichts löschen.
Weiter, log als XML exportieren und posten, bzw packen und anhängen.

Master Stix · 22.02.2013, 16:13

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.2.188
www.hitmanpro.com

   Computer name . . . . : BATMAN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Batman-PC\Batman
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-02-22 16:04:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 1.214.761
   Files scanned . . . . : 14.344
   Remnants scanned  . . : 236.714 files / 963.703 keys

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)

Cookies _____________________________________________________________________

   C:\Users\Batman\AppData\Roaming\Microsoft\Windows\Cookies\60P0MUAV.txt
   C:\Users\Batman\AppData\Roaming\Microsoft\Windows\Cookies\74Z75UVF.txt

Master Stix · 22.02.2013, 16:15

habs jetzt noch als Anhang mit ran gepackt, so wie du geschrieben hast

danke

markusg · 22.02.2013, 16:15

hi
hitmanpro funde löschen bitte, neustarten, neues otl log posten

Master Stix · 22.02.2013, 16:26

Code:

ATTFilter

OTL logfile created on: 22.02.2013 16:24:41 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Grusch\Software gegen Trojaner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,95% Memory free
15,78 Gb Paging File | 13,58 Gb Available in Paging File | 86,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 126,24 Gb Free Space | 64,67% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 122,00 Gb Free Space | 40,93% Space Free | Partition Type: NTFS
Drive G: | 736,20 Gb Total Space | 303,70 Gb Free Space | 41,25% Space Free | Partition Type: NTFS
 
Computer Name: BATMAN-PC | User Name: Batman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.21 13:50:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Grusch\Software gegen Trojaner\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.22 14:46:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.09 19:25:50 | 000,207,872 | ---- | M] () [Auto | Running] -- C:\Programme\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.01 17:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.09.01 17:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.27 01:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 01:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 01:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.20 05:39:16 | 000,205,312 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012.01.20 05:39:04 | 000,254,464 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011.12.16 13:18:56 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.28 18:57:06 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2013.01.28 18:56:51 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.10.30 13:52:05 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010.02.04 09:09:00 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys -- (GPCIDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = G:\Grusch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 58 A3 0E 14 8D CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {72349996-FB7D-4E70-8B3D-22F59F3829FA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{72349996-FB7D-4E70-8B3D-22F59F3829FA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7MERD_deDE502
IE - HKCU\..\SearchScopes\{A85AB85A-F7FA-491E-AFEE-4C62B7659F3F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=08E77021-1286-4C48-A64F-DB57B8D40B82&apn_sauid=599D2609-1A26-44A2-B105-970B22074A69
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Batman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Batman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://de.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Batman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2013.02.21 20:20:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Users\Batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk = C:\Programme\Serviio\bin\ServiioConsole.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab (Geräteerkennung)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE69099-F348-441B-8233-A69E06C19BAF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 16:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.02.22 16:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.02.22 16:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.02.22 15:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.22 15:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.22 15:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 15:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 14:53:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.22 07:36:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.21 20:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.21 20:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.02.21 20:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.02.21 20:21:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.21 20:17:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.21 20:17:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.21 20:17:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.21 20:17:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.21 20:17:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.21 13:39:40 | 000,000,000 | ---D | C] -- C:\Users\Batman\AppData\Roaming\Malwarebytes
[2013.02.21 13:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.21 13:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.21 13:39:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.21 13:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.19 20:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2013.02.12 07:40:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.02.12 07:40:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.01.28 18:51:47 | 000,000,000 | ---D | C] -- C:\Users\Batman\AppData\Local\NVIDIA
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.22 16:19:28 | 000,000,110 | ---- | M] () -- C:\.dir
[2013.02.22 16:19:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 16:18:56 | 2060,599,295 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.22 16:04:01 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.02.22 15:56:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525669722-3757799730-524398789-1000UA.job
[2013.02.22 15:32:12 | 000,034,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 15:32:12 | 000,034,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 15:18:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.22 15:05:43 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 15:05:06 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.22 10:56:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525669722-3757799730-524398789-1000Core.job
[2013.02.22 08:18:03 | 001,502,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.22 08:18:03 | 000,655,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.22 08:18:03 | 000,617,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.22 08:18:03 | 000,130,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.22 08:18:03 | 000,106,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.21 20:29:52 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.21 20:20:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.21 14:03:39 | 000,000,000 | ---- | M] () -- C:\Users\Batman\defogger_reenable
[2013.02.14 07:42:17 | 000,416,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 08:19:31 | 000,000,445 | ---- | M] () -- C:\Users\Batman\Desktop\Yahoo!.website
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.02.07 17:53:39 | 000,002,370 | ---- | M] () -- C:\Users\Batman\Desktop\Google Chrome.lnk
[2013.01.28 18:57:06 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013.01.28 18:51:39 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.01.28 18:30:51 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[2013.01.28 18:29:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.28 18:07:28 | 000,001,635 | ---- | M] () -- C:\Users\Batman\Desktop\Everest (2).lnk
[2013.01.28 18:07:05 | 000,001,635 | ---- | M] () -- C:\Users\Batman\Desktop\Everest.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.22 16:04:01 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.02.22 15:18:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.22 15:05:43 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 15:05:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 15:05:06 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.21 20:29:45 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.02.21 20:17:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.21 20:17:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.21 20:17:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.21 20:17:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.21 20:17:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.21 18:30:46 | 000,001,843 | ---- | C] () -- C:\Users\Batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
[2013.02.21 14:03:39 | 000,000,000 | ---- | C] () -- C:\Users\Batman\defogger_reenable
[2013.02.20 17:56:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.20 17:40:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.01.28 18:51:39 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.01.28 18:30:51 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2013.01.28 18:29:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.28 18:07:28 | 000,001,635 | ---- | C] () -- C:\Users\Batman\Desktop\Everest (2).lnk
[2013.01.28 18:07:05 | 000,001,635 | ---- | C] () -- C:\Users\Batman\Desktop\Everest.lnk
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.09.15 11:50:06 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.09.07 18:21:47 | 000,007,597 | ---- | C] () -- C:\Users\Batman\AppData\Local\resmon.resmoncfg
[2012.09.07 17:47:58 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.22 15:21:26 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\DAEMON Tools Lite
[2012.10.23 17:56:06 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\GetRightToGo
[2012.09.07 20:12:35 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Leadertech
[2012.10.11 18:35:05 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Samsung
[2013.02.22 15:21:26 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\TS3Client
[2013.01.14 18:32:48 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\UltraMixer
[2013.02.22 11:24:47 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\UseNeXT
[2013.01.05 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\WinISO Computing
[2013.01.19 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >

markusg · 22.02.2013, 17:17

zu welchem ordner zeigt der von dir deaktivierte autostart eintrag?

Master Stix · 22.02.2013, 17:24

C:\User\Batman\AppData\Roaming\Buofy\wazu.exe

Der Ort ist der wie in meiner Thread Überschrift

HKCU\SOFTWARE........\Run

markusg · 22.02.2013, 17:44

Start programme zubehör editor reinkopieren:

Killall::
Rootkit::
Folder::
C:\User\Batman\AppData\Roaming\Buofy

Datei speichern unter, Ort, dort wo sich combofix befindet.
Dateityp alle.
Name:
Cfscript.txt
ziehe cfscript auf combofix, programm startet log posten

Master Stix · 23.02.2013, 11:20

Code:

ATTFilter

ComboFix 13-02-23.01 - Batman 23.02.2013  11:08:13.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8082.6112 [GMT 1:00]
ausgeführt von:: g:\grusch\Software gegen Trojaner\ComboFix.exe
Benutzte Befehlsschalter :: g:\grusch\Software gegen Trojaner\Cfscript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-23 bis 2013-02-23  ))))))))))))))))))))))))))))))
.
.
2013-02-23 10:11 . 2013-02-23 10:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-02-23 10:11 . 2013-02-23 10:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-22 19:38 . 2013-02-07 15:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA15D023-733C-4B30-92A5-BD7F9B7C2CE3}\mpengine.dll
2013-02-22 15:04 . 2013-02-22 15:04	--------	d-----w-	c:\program files\HitmanPro
2013-02-22 15:02 . 2013-02-22 15:18	--------	d-----w-	c:\programdata\HitmanPro
2013-02-22 14:06 . 2013-02-22 14:06	310688	----a-w-	c:\windows\system32\javaws.exe
2013-02-22 14:06 . 2013-02-22 14:06	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-22 14:06 . 2013-02-22 14:06	188832	----a-w-	c:\windows\system32\javaw.exe
2013-02-22 14:06 . 2013-02-22 14:06	188320	----a-w-	c:\windows\system32\java.exe
2013-02-22 14:04 . 2013-02-22 14:04	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-22 13:59 . 2013-02-22 13:59	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-22 13:59 . 2013-02-22 13:59	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-21 19:39 . 2013-02-22 14:18	--------	d-----w-	c:\program files\CCleaner
2013-02-21 19:34 . 2013-02-21 19:33	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7791A10-5E26-4432-8546-AA82703AEA72}\gapaengine.dll
2013-02-21 19:34 . 2013-02-07 15:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-21 19:29 . 2013-02-21 19:29	--------	d-----w-	c:\program files\Microsoft Security Client
2013-02-21 19:29 . 2013-02-21 19:29	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2013-02-21 19:15 . 2013-02-22 06:36	--------	d-----w-	c:\users\Administrator
2013-02-21 12:39 . 2013-02-21 12:39	--------	d-----w-	c:\users\Batman\AppData\Roaming\Malwarebytes
2013-02-21 12:39 . 2013-02-21 12:39	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-21 12:39 . 2013-02-21 12:39	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-21 12:39 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-20 16:56 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-02-20 16:56 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-02-20 16:56 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-02-20 16:56 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-02-20 16:56 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-02-20 16:56 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-02-20 16:56 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-02-20 16:40 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-02-20 16:40 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-02-20 16:40 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-02-20 16:40 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 15:07 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:07 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 13:30 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 13:30 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 13:30 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 13:30 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 13:30 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 13:30 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 13:30 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 13:30 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 13:30 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 13:30 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 13:30 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 13:30 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 06:40 . 2013-02-19 17:33	--------	d-----w-	c:\windows\SysWow64\NV
2013-02-12 06:40 . 2013-02-19 17:33	--------	d-----w-	c:\windows\system32\NV
2013-02-09 17:43 . 2013-02-09 17:43	555808	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-01-28 17:51 . 2013-01-28 17:51	--------	d-----w-	c:\users\Batman\AppData\Local\NVIDIA
2013-01-28 17:28 . 2012-03-27 00:12	41984	----a-w-	c:\windows\system32\drivers\USB3Ver.dll
2013-01-28 17:28 . 2012-03-27 00:13	789272	----a-w-	c:\windows\system32\drivers\iusb3xhc.sys
2013-01-28 17:28 . 2012-03-27 00:13	356632	----a-w-	c:\windows\system32\drivers\iusb3hub.sys
2013-01-28 17:28 . 2012-03-27 00:13	19224	----a-w-	c:\windows\system32\drivers\iusb3hcs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 14:06 . 2012-09-15 18:27	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-22 14:06 . 2012-09-15 18:27	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-19 17:18 . 2012-09-07 19:21	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-10 03:25 . 2012-10-10 20:23	17987192	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-10 03:25 . 2012-10-10 20:23	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-10-10 20:23	1114144	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-10 03:25 . 2012-10-10 20:23	15275744	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2012-10-10 20:22	2528840	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-10 03:25 . 2012-10-10 20:22	15038296	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-10 01:04 . 2010-07-09 15:17	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2010-07-09 15:17	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2012-09-07 16:00	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2010-07-09 15:17	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2010-07-09 15:17	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2010-07-09 15:17	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-02-09 13:25 . 2012-09-07 16:00	3035306	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-30 10:53 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-28 17:57 . 2012-09-15 10:50	30528	----a-w-	c:\windows\GVTDrv64.sys
2013-01-28 17:56 . 2012-09-15 04:37	25640	----a-w-	c:\windows\gdrv.sys
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2013-01-20 14:59	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-13 13:30	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-18 08:31 . 2012-09-07 16:00	1510328	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2012-12-16 17:11 . 2012-12-21 09:10	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:10	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:10	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:10	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 01:42 . 2012-12-14 01:42	9728	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrnor.lrc
2012-12-14 01:42 . 2012-12-14 01:42	21850112	----a-w-	c:\windows\SysWow64\igdfcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42	196096	----a-w-	c:\windows\SysWow64\IntelOpenCL32.dll
2012-12-14 01:42 . 2012-12-14 01:42	384512	----a-w-	c:\windows\system32\igfxpph.dll
2012-12-14 01:42 . 2012-12-14 01:42	12615680	----a-w-	c:\windows\system32\igdumd64.dll
2012-12-14 01:42 . 2012-12-14 01:42	64512	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-12-14 01:42 . 2012-12-14 01:42	64000	----a-w-	c:\windows\system32\igfxsrvc.dll
2012-12-14 01:42 . 2012-12-14 01:42	440320	----a-w-	c:\windows\system32\igfxrell.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrptb.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437248	----a-w-	c:\windows\system32\igfxrtha.lrc
2012-12-14 01:42 . 2012-12-14 01:42	435712	----a-w-	c:\windows\system32\igfxrheb.lrc
2012-12-14 01:42 . 2012-12-14 01:42	435712	----a-w-	c:\windows\system32\igfxrara.lrc
2012-12-14 01:42 . 2012-12-14 01:42	431104	----a-w-	c:\windows\system32\igfxrkor.lrc
2012-12-14 01:42 . 2012-12-14 01:42	429056	----a-w-	c:\windows\system32\igfxrcht.lrc
2012-12-14 01:42 . 2012-12-14 01:42	330752	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2012-12-14 01:42 . 2012-12-14 01:42	28672	----a-w-	c:\windows\system32\igfxexps.dll
2012-12-14 01:42 . 2012-12-14 01:42	180224	----a-w-	c:\windows\SysWow64\iglhcp32.dll
2012-12-14 01:42 . 2012-12-14 01:42	11174912	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-12-14 01:42 . 2012-12-14 01:42	110592	----a-w-	c:\windows\system32\hccutils.dll
2012-12-14 01:42 . 2012-12-14 01:42	640512	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42	512112	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrnld.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrdeu.lrc
2012-12-14 01:42 . 2012-12-14 01:42	3121152	----a-w-	c:\windows\SysWow64\igfxcmjit32.dll
2012-12-14 01:42 . 2012-12-14 01:42	255088	----a-w-	c:\windows\system32\igfxext.exe
2012-12-14 01:42 . 2012-12-14 01:42	9007616	----a-w-	c:\windows\system32\igfxress.dll
2012-12-14 01:42 . 2012-12-14 01:42	483840	----a-w-	c:\windows\system32\igfx11cmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42	439808	----a-w-	c:\windows\system32\igfxresn.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrtrk.lrc
2012-12-14 01:42 . 2012-12-14 01:42	428544	----a-w-	c:\windows\system32\igfxrchs.lrc
2012-12-14 01:42 . 2012-12-14 01:42	241664	----a-w-	c:\windows\system32\IntelOpenCL64.dll
2012-12-14 01:42 . 2012-12-14 01:42	12858368	----a-w-	c:\windows\system32\igd10umd64.dll
2012-12-14 01:42 . 2012-12-14 01:42	80384	----a-w-	c:\windows\system32\igdde64.dll
2012-12-14 01:42 . 2012-12-14 01:42	754652	----a-w-	c:\windows\system32\igcodeckrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42	598384	----a-w-	c:\windows\system32\igvpkrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42	524800	----a-w-	c:\windows\system32\iglhsip64.dll
2012-12-14 01:42 . 2012-12-14 01:42	519680	----a-w-	c:\windows\SysWow64\iglhsip32.dll
2012-12-14 01:42 . 2012-12-14 01:42	459264	----a-w-	c:\windows\SysWow64\igfx11cmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrptg.lrc
2012-12-14 01:42 . 2012-12-14 01:42	286208	----a-w-	c:\windows\system32\igfxrenu.lrc
2012-12-14 01:42 . 2012-12-14 01:42	142336	----a-w-	c:\windows\system32\igfxdo.dll
2012-12-14 01:42 . 2012-12-14 01:42	11049472	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-12-14 01:42 . 2012-12-14 01:42	56832	----a-w-	c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-12-14 01:42 . 2012-12-14 01:42	5353888	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-12-14 01:42 . 2012-12-14 01:42	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrcsy.lrc
2012-12-14 01:42 . 2012-12-14 01:42	25088	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2012-12-14 01:42 . 2012-12-14 01:42	185968	----a-w-	c:\windows\system32\difx64.exe
2012-12-14 01:42 . 2012-12-14 01:42	11633152	----a-w-	c:\windows\system32\ig7icd64.dll
2012-12-14 01:42 . 2012-12-14 01:42	8621056	----a-w-	c:\windows\SysWow64\ig7icd32.dll
2012-12-14 01:42 . 2012-12-14 01:42	518656	----a-w-	c:\windows\system32\igfxcmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrfin.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrsve.lrc
2012-12-14 01:42 . 2012-12-14 01:42	432128	----a-w-	c:\windows\system32\igfxrjpn.lrc
2012-12-14 01:42 . 2012-12-14 01:42	27457536	----a-w-	c:\windows\system32\igdfcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42	116224	----a-w-	c:\windows\system32\igfxCoIn_v2932.dll
2012-12-14 01:42 . 2012-12-14 01:42	442880	----a-w-	c:\windows\system32\igfxdev.dll
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrita.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrhun.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437248	----a-w-	c:\windows\system32\igfxrdan.lrc
2012-12-14 01:42 . 2012-12-14 01:42	27643904	----a-w-	c:\windows\SysWow64\igdrcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42	126976	----a-w-	c:\windows\system32\igfxcpl.cpl
2012-12-14 01:42 . 2012-12-14 01:42	441968	----a-w-	c:\windows\system32\igfxpers.exe
2012-12-14 01:42 . 2012-12-14 01:42	439808	----a-w-	c:\windows\system32\igfxrfra.lrc
2012-12-14 01:42 . 2012-12-14 01:42	410112	----a-w-	c:\windows\system32\igfxTMM.dll
2012-12-14 01:42 . 2012-12-14 01:42	3581440	----a-w-	c:\windows\system32\igdbcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42	172144	----a-w-	c:\windows\system32\igfxtray.exe
2012-12-14 01:42 . 2012-12-14 01:42	94208	----a-w-	c:\windows\system32\IccLibDll_x64.dll
2012-12-14 01:42 . 2012-12-14 01:42	5906032	----a-w-	c:\windows\system32\GfxUI.exe
2012-12-14 01:42 . 2012-12-14 01:42	56320	----a-w-	c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrsky.lrc
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2012-8-9 493056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Atheros Traffic Shaping;Atheros Traffic Shaping;c:\program files (x86)\Atheros ASAV\AthrTS6_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-10-30 25640]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [2010-02-04 14376]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-28 30528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-12-16 14464]
R3 WISOVD;WISOVD;c:\program files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
R4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 28216]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2012-08-09 207872]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2012-01-20 205312]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2012-01-20 254464]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2525669722-3757799730-524398789-1000Core.job
- c:\users\Batman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 19:41]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2525669722-3757799730-524398789-1000UA.job
- c:\users\Batman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-23  11:15:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-23 10:15
.
Vor Suchlauf: 16 Verzeichnis(se), 135.102.251.008 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 135.023.681.536 Bytes frei
.
- - End Of File - - 9071F3FF3E27D699BF92586237E8D410

Master Stix · 25.02.2013, 16:41

combofix hatte 2x gemeckert wegen Microsoft Security Essentials, weil das noch aktiv war. habs leider nicht geschafft es aus zu schalten. keinen peil wie das bei dem programm geht.
Anschliessend hiess es das das Programm auf eigene Verantwortung durchgeführt wird. PC startete neu. Danach kam der Logfile.

Hoffe man kann dennoch damit was anfangen.

LG Master Stix

markusg · 25.02.2013, 19:02

ja das passt, noch Probleme?

Master Stix · 25.02.2013, 20:48

wie schon vorher mal erwähnt hab ich keine probleme mehr. Das Programm steht hald immer noch in den Systemstartelementen drin, und der Ordner dieses Programms lässt sich nicht aus der Registry löschen.
Ist aber kein Thema für mich falls das so bleiben würde, da ja meine eigentlichen PC Probleme gelöst sind.
Hab ich den Trojaner oder was das auch immer war, jetzt noch drauf oder ist "mein Fall" damit abgeschlossen?

Danke für die Hilfe

Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar

Plagegeister aller Art und deren Bekämpfung: Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar