HomeTab, MPSigStub.exe und mpas-fe.exe

schrauber · 08.07.2013, 21:19

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

unknownname · 09.07.2013, 12:24

Hallo schrauber,

hier die ComboFix.txt:

Code:

ATTFilter

ComboFix 13-07-08.04 - unknownname 09.07.2013   9:44.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.7890.5143 [GMT 2:00]
ausgeführt von:: c:\users\unknownname\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2014 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2014 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\programdata\Roaming
.
----- Datei Replikatoren -----
.
c:\program files (x86)\Git\bin\git.exe
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-column.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-credential.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\program files (x86)\Git\libexec\git-core\git.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-09 bis 2013-07-09  ))))))))))))))))))))))))))))))
.
.
2013-07-09 08:54 . 2013-07-09 08:54	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-09 08:54 . 2013-07-09 08:54	--------	d-----w-	c:\users\unknownname\AppData\Local\temp
2013-07-07 07:54 . 2013-07-07 07:54	--------	d-----w-	C:\FRST
2013-07-07 06:03 . 2013-06-12 03:08	9552976	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FF4A729-6F74-4225-9CAD-4587BD719DB4}\mpengine.dll
2013-07-03 18:10 . 2013-07-03 18:10	312232	----a-w-	c:\windows\system32\javaws.exe
2013-07-03 18:10 . 2013-07-03 18:10	189352	----a-w-	c:\windows\system32\javaw.exe
2013-07-03 18:10 . 2013-07-03 18:10	188840	----a-w-	c:\windows\system32\java.exe
2013-07-03 18:10 . 2013-07-03 18:10	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-03 17:59 . 2013-07-03 17:59	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2013-07-02 18:05 . 2013-07-02 18:05	--------	d-----w-	c:\program files (x86)\StreamTransport
2013-07-02 18:05 . 2009-10-27 17:31	3982240	----a-w-	c:\windows\SysWow64\Flash10d.ocx
2013-06-25 11:35 . 2013-06-25 12:32	--------	d-----w-	c:\program files (x86)\Weka-3-6
2013-06-24 18:39 . 2013-06-24 18:39	--------	d-----w-	c:\users\unknownname\AppData\Local\Secunia PSI
2013-06-24 18:38 . 2013-06-24 18:38	--------	d-----w-	c:\program files (x86)\Secunia
2013-06-24 18:17 . 2013-06-24 18:17	--------	d-----w-	c:\program files\WOT
2013-06-24 18:17 . 2013-06-24 18:17	--------	d-----w-	c:\program files (x86)\WOT
2013-06-24 14:35 . 2013-06-24 14:35	--------	d-----w-	c:\programdata\Licenses
2013-06-24 14:35 . 2013-06-28 06:43	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2013-06-24 14:22 . 2013-06-24 14:22	--------	d-----w-	c:\users\unknownname\AppData\Roaming\WinPatrol
2013-06-24 14:22 . 2013-06-24 14:22	--------	d-----w-	c:\program files (x86)\BillP Studios
2013-06-24 11:30 . 2013-06-24 11:30	--------	d-----w-	c:\users\unknownname\AppData\Roaming\Malwarebytes
2013-06-24 11:30 . 2013-06-24 11:30	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-24 11:30 . 2013-06-24 11:30	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-24 11:30 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-20 11:28 . 2013-06-12 19:47	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-12 18:42 . 2013-06-12 18:42	--------	d-----w-	c:\program files\iPod
2013-06-12 18:42 . 2013-06-12 18:42	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 18:42 . 2013-06-12 18:42	--------	d-----w-	c:\program files\iTunes
2013-06-12 18:42 . 2013-06-12 18:42	--------	d-----w-	c:\program files (x86)\iTunes
2013-06-12 18:18 . 2013-06-08 14:08	279040	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 18:18 . 2013-06-08 12:28	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-12 18:18 . 2013-06-08 11:41	218112	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-12 18:18 . 2013-06-08 11:13	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-06-12 18:17 . 2013-06-08 14:08	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-06-12 18:17 . 2013-06-08 14:06	526336	----a-w-	c:\windows\system32\ieui.dll
2013-06-12 18:17 . 2013-06-08 14:06	2648064	----a-w-	c:\windows\system32\iertutil.dll
2013-06-12 18:17 . 2013-06-08 14:06	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-06-12 18:17 . 2013-06-08 14:07	19233792	----a-w-	c:\windows\system32\mshtml.dll
2013-06-12 12:21 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-12 12:21 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 12:21 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 12:18 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 12:18 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-12 12:18 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 12:18 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 12:17 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 12:17 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-12 12:17 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 12:17 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 12:17 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 12:17 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 12:17 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 12:17 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-12 12:17 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-12 12:17 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 12:17 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-12 12:17 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-09 23:52 . 2013-06-09 23:52	52888	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\LabManagement\deu\TestAgentInstallerMessages.dll
2013-06-09 23:52 . 2013-06-09 23:52	388208	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\x86\1031\TFSOfficeAdd-inUI.dll
2013-06-09 23:52 . 2013-06-09 23:52	379072	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Windows Simulator\11.0\en\Microsoft.Windows.Simulator.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	374464	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Windows Simulator\11.0\de\Microsoft.Windows.Simulator.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	26392	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\de\Microsoft.TeamFoundation.Sync.ProjectServerApi.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	25328	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\de\Microsoft.TeamFoundation.Sync.Mapping.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	25232	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\de\TFSFieldMapping.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	212256	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\de\Microsoft.TeamFoundation.OfficeIntegration.Excel.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	21152	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\de\TfsProtocolHandler.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	124200	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\de\Microsoft.TeamFoundation.OfficeIntegration.Project.resources.dll
2013-06-09 23:52 . 2013-06-09 23:52	121064	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\de\Microsoft.TeamFoundation.Sync.Shared.resources.dll
2013-06-09 15:23 . 2013-06-09 15:23	388216	----a-w-	c:\program files\Common Files\Microsoft Shared\Team Foundation Server\11.0\amd64\1031\TFSOfficeAdd-inUI.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 18:10 . 2013-02-03 09:59	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-03 18:10 . 2013-02-03 09:59	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-29 11:25 . 2013-04-29 20:20	2573184	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-06-29 11:24 . 2013-03-20 19:48	2622688	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1031\ResourceCache.dll
2013-06-27 05:14 . 2013-06-02 20:08	31816	----a-w-	c:\windows\Launcher.exe
2013-06-25 18:23 . 2012-12-17 21:10	64856	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2013-06-12 19:48 . 2012-12-21 13:14	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2012-12-21 13:14	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-12 18:09 . 2012-12-17 21:10	65368	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2013-06-12 18:09 . 2012-12-17 21:10	130392	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2013-06-12 18:09 . 2012-12-17 21:10	60248	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2013-06-12 17:39 . 2012-12-17 20:45	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 13:02 . 2012-12-17 19:03	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:02 . 2012-12-17 19:03	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-03 15:27 . 2012-12-17 21:10	62808	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2013-06-02 16:32 . 2013-06-02 16:32	335872	------w-	c:\windows\Setup1.exe
2013-06-02 16:32 . 2013-06-02 16:32	74752	----a-w-	c:\windows\ST6UNST.EXE
2013-05-10 07:13 . 2013-05-10 07:13	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-10 07:13 . 2013-05-10 07:13	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-10 07:13 . 2013-05-10 07:13	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-10 07:13 . 2013-05-10 07:13	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-10 07:13 . 2013-05-10 07:13	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-10 07:13 . 2013-05-10 07:13	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-10 07:13 . 2013-05-10 07:13	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-10 07:13 . 2013-05-10 07:13	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-10 07:13 . 2013-05-10 07:13	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-10 07:13 . 2013-05-10 07:13	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-10 07:13 . 2013-05-10 07:13	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-10 07:13 . 2013-05-10 07:13	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-10 07:13 . 2013-05-10 07:13	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-10 07:13 . 2013-05-10 07:13	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-10 07:13 . 2013-05-10 07:13	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-10 07:13 . 2013-05-10 07:13	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-10 07:13 . 2013-05-10 07:13	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-10 07:13 . 2013-05-10 07:13	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-10 07:13 . 2013-05-10 07:13	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-10 07:13 . 2013-05-10 07:13	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-10 07:13 . 2013-05-10 07:13	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-10 07:13 . 2013-05-10 07:13	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-10 07:13 . 2013-05-10 07:13	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-10 07:13 . 2013-05-10 07:13	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-10 07:13 . 2013-05-10 07:13	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-10 07:13 . 2013-05-10 07:13	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-10 07:13 . 2013-05-10 07:13	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-10 07:13 . 2013-05-10 07:13	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-10 07:13 . 2013-05-10 07:13	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-10 07:13 . 2013-05-10 07:13	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-10 07:13 . 2013-05-10 07:13	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-10 07:13 . 2013-05-10 07:13	441856	----a-w-	c:\windows\system32\html.iec
2013-05-10 07:13 . 2013-05-10 07:13	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-10 07:13 . 2013-05-10 07:13	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-10 07:13 . 2013-05-10 07:13	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-10 07:13 . 2013-05-10 07:13	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-10 07:13 . 2013-05-10 07:13	235008	----a-w-	c:\windows\system32\url.dll
2013-05-10 07:13 . 2013-05-10 07:13	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-10 07:13 . 2013-05-10 07:13	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-10 07:13 . 2013-05-10 07:13	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-10 07:13 . 2013-05-10 07:13	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-10 07:13 . 2013-05-10 07:13	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-10 07:13 . 2013-05-10 07:13	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-10 07:13 . 2013-05-10 07:13	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-10 07:13 . 2013-05-10 07:13	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-10 07:13 . 2013-05-10 07:13	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-10 07:13 . 2013-05-10 07:13	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-10 07:13 . 2013-05-10 07:13	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-10 07:13 . 2013-05-10 07:13	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 08:01 . 2013-05-01 08:01	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-28 04:52 . 2013-04-28 04:52	61224	----a-w-	c:\windows\system32\ibmpmsvc.exe
2013-04-28 04:52 . 2013-04-28 04:52	60712	----a-w-	c:\windows\system32\ibmpmctl.exe
2013-04-28 04:52 . 2013-04-28 04:52	44800	----a-w-	c:\windows\system32\drivers\ibmpmdrv.sys
2013-04-28 04:52 . 2013-04-28 04:52	40232	----a-w-	c:\windows\system32\tpinspm.dll
2013-04-23 23:23 . 2013-04-23 23:23	178416	----a-w-	c:\windows\system32\SynTPCo14.dll
2013-04-23 23:23 . 2013-04-23 23:23	460528	----a-w-	c:\windows\system32\drivers\SynTP.sys
2013-04-23 23:23 . 2013-04-23 23:23	114416	----a-w-	c:\windows\SysWow64\SynTPCOM.dll
2013-04-23 23:23 . 2012-12-19 19:16	1048816	----a-w-	c:\windows\system32\SynCOM.dll
2013-04-23 23:22 . 2013-04-23 23:22	229616	----a-w-	c:\windows\system32\SynTPAPI.dll
2013-04-23 23:22 . 2013-04-23 23:22	540400	----a-w-	c:\windows\SysWow64\SynCOM.dll
2013-04-18 13:55 . 2013-04-18 13:55	18456	----a-w-	c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-17 18:11 . 2013-06-02 12:15	3355336	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2013-04-17 11:30 . 2013-06-02 12:15	22429696	----a-w-	c:\windows\system32\RCoRes64.dat
2013-04-16 14:21 . 2013-06-02 12:15	1003080	----a-w-	c:\windows\system32\RtkApi64.dll
2013-04-13 18:39 . 2013-04-13 18:39	59816	----a-r-	c:\users\unknownname\AppData\Roaming\Microsoft\Installer\{47C4D20F-1A75-44F4-BF51-479C3119BEEF}\ARPPRODUCTICON.exe
2013-04-13 18:38 . 2013-04-13 18:38	59816	----a-r-	c:\users\unknownname\AppData\Roaming\Microsoft\Installer\{1D2FF661-4402-4D75-AA40-B23FCAF81D32}\ARPPRODUCTICON.exe
2013-04-13 05:49 . 2013-05-14 18:00	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 18:00	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 18:00	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 18:00	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 18:00	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 18:00	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:36	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-11 12:35 . 2013-06-02 12:15	138824	----a-w-	c:\windows\system32\RCoInstII64.dll
2013-04-10 15:22 . 2013-06-02 12:15	2802760	----a-w-	c:\windows\system32\RtPgEx64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	130736	----a-w-	c:\users\unknownname\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	130736	----a-w-	c:\users\unknownname\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	130736	----a-w-	c:\users\unknownname\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-03-22 1854928]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-07-25 508656]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-09-24 5998144]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-03-26 703888]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-02-15 134616]
"G Data AntiVirus Tray"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-03-22 1444304]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\unknownname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\unknownname\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\SECUNIA\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 13:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\unknownname\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\unknownname\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\unknownname\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\unknownname\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-03 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-03 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-03 441152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-10 13519432]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-08 1278024]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2012-09-21 85864]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"TpShocks"="TpShocks.exe" [2012-09-20 228744]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-11-26 293232]
"PasswordManager"="c:\program files\Lenovo\Password Manager\password_manager.exe" [2012-10-23 1534888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:newtab
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = about:newtab
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 131.188.0.10 131.188.0.11
FF - ProfilePath - c:\users\unknownname\AppData\Roaming\Mozilla\Firefox\Profiles\e3cv4ewy.default\
FF - prefs.js: browser.startup.homepage - about:newtab
FF - prefs.js: keyword.URL - hxxps://www.google.de/search?ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:de:official&client=firefox-a&q=
FF - ExtSQL: 2013-06-18 08:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\unknownname\AppData\Roaming\Mozilla\Firefox\Profiles\e3cv4ewy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-24 11:01; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\unknownname\AppData\Roaming\Mozilla\Firefox\Profiles\e3cv4ewy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-06-24 20:29; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\unknownname\AppData\Roaming\Mozilla\Firefox\Profiles\e3cv4ewy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-06-25 13:10; {c36177c0-224a-11da-8cd6-0800200c9a91}; c:\users\unknownname\AppData\Roaming\Mozilla\Firefox\Profiles\e3cv4ewy.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF - ExtSQL: 2013-06-25 13:13; adblockpopups@jessehakanen.net; c:\users\unknownname\AppData\Roaming\Mozilla\Firefox\Profiles\e3cv4ewy.default\extensions\adblockpopups@jessehakanen.net.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
Toolbar-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
Wow6432Node-HKCU-Run-PureSync - c:\program files (x86)\PureSync\PureSyncTray.exe
c:\users\unknownname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\unknownname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DSite - c:\users\unknownname\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\lenovo\lenovo solution center\lsc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-09  11:07:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-09 09:07
.
Vor Suchlauf: 15 Verzeichnis(se), 101.043.507.200 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 100.403.417.088 Bytes frei
.
- - End Of File - - 9A6449A78047BCC6CD93047E181F837A
A36C5E4F47E84449FF07ED3517B43A31

Außerdem ist es mir jetzt schon mehrfach passiert, dass der Dialog wegen HomeTab auch einfach während des normalen Betriebs erschienen ist.

Schöne Grüße

unknownname

HomeTab, MPSigStub.exe und mpas-fe.exe

Plagegeister aller Art und deren Bekämpfung: HomeTab, MPSigStub.exe und mpas-fe.exe

HomeTab, MPSigStub.exe und mpas-fe.exe

HomeTab, MPSigStub.exe und mpas-fe.exe

Ähnliche Themen: HomeTab, MPSigStub.exe und mpas-fe.exe