hey hab combofix gestartet ,habs durchlaufen lassen ,hat den computer neugestartet ,das programm wollte logfile erstellen ,dass dauerte für mich ewig ,habs abgebrochen , hat 2 dateien und einen ornder gelöscht
habs neu gemacht :
Combofix Logfile: Code:
ComboFix 12-03-28.01 - Gerrit 28.03.2012 16:45:32.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2989 [GMT 2:00]
ausgeführt von:: c:\users\Gerrit\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\users\Gerrit\APB_Reloaded_Installer.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-28 14:56 . 2012-03-28 14:56 -------- d-----w- c:\users\Gerhard\AppData\Local\temp
2012-03-28 14:56 . 2012-03-28 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 12:29 . 2012-03-28 12:29 -------- d-----w- C:\_OTL
2012-03-28 12:01 . 2012-03-28 12:02 -------- d-----r- c:\program files (x86)\Skype
2012-03-28 12:01 . 2012-03-28 12:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-26 16:14 . 2012-03-26 16:14 -------- d-----w- c:\windows\de
2012-03-26 16:11 . 2012-03-26 16:11 -------- d-----w- c:\program files\Windows Live
2012-03-25 16:09 . 2012-03-25 16:09 -------- d-----w- c:\program files (x86)\ESET
2012-03-24 13:37 . 2012-03-24 13:37 -------- d-----w- c:\users\Gerrit\AppData\Roaming\Malwarebytes
2012-03-24 13:36 . 2012-03-24 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 13:36 . 2012-03-24 13:36 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 13:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 13:07 . 2012-03-24 13:07 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-24 10:43 . 2012-03-24 10:43 -------- d-----w- c:\users\Gerrit\AppData\Local\CRE
2012-03-24 10:05 . 2012-03-24 10:09 -------- d-----w- C:\AMD
2012-03-24 08:24 . 2012-03-24 08:24 -------- d-----w- c:\programdata\ATI
2012-03-23 20:27 . 2012-03-23 20:27 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-23 20:26 . 2012-03-23 20:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-23 20:25 . 2012-03-23 20:27 -------- d-----w- c:\program files\ATI Technologies
2012-03-23 20:13 . 2012-03-23 20:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-23 20:12 . 2012-03-23 20:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-23 20:12 . 2012-03-23 20:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-23 20:12 . 2012-03-23 20:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-23 20:12 . 2012-03-23 20:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-23 20:11 . 2012-03-23 20:12 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-23 20:10 . 2012-03-23 20:10 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-23 20:10 . 2012-03-23 20:10 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-23 20:10 . 2012-03-23 20:10 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-23 20:10 . 2012-03-23 20:10 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-23 20:09 . 2012-03-23 20:10 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-23 20:09 . 2012-03-23 20:09 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-23 20:09 . 2012-03-23 20:09 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-23 20:09 . 2012-03-23 20:09 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-23 20:09 . 2012-03-23 20:09 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-23 19:48 . 2012-03-23 19:48 -------- d-----w- c:\users\Gerrit\AppData\Local\2K Games
2012-03-23 15:53 . 2012-02-09 10:59 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-03-23 15:53 . 2012-02-09 10:59 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-03-23 15:53 . 2012-02-09 10:59 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-03-23 15:52 . 2012-03-23 15:52 -------- d-----w- c:\users\Gerrit\AppData\Roaming\TuneUp Software
2012-03-23 15:51 . 2012-03-23 15:53 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-03-23 15:50 . 2012-03-23 15:53 -------- d-----w- c:\programdata\TuneUp Software
2012-03-23 15:50 . 2012-03-23 15:50 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-21 12:27 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-21 12:27 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-20 17:26 . 2012-03-20 17:26 -------- d-----w- c:\windows\symbols
2012-03-20 17:20 . 2012-03-20 17:20 -------- d-----w- c:\programdata\VS
2012-03-20 17:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-20 17:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-20 17:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-20 17:01 . 2012-03-20 17:01 -------- d-----w- c:\windows\system32\SPReview
2012-03-20 17:00 . 2012-03-20 17:00 -------- d-----w- c:\windows\system32\EventProviders
2012-03-20 16:59 . 2011-09-22 20:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-03-20 16:59 . 2011-09-22 20:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-03-20 16:59 . 2011-09-22 16:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-03-20 16:58 . 2012-03-20 16:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-03-14 12:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:34 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:34 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:34 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:34 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:34 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:34 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 14:46 . 2012-03-13 14:46 -------- d-----w- C:\found.001
2012-03-12 17:39 . 2012-03-12 18:23 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2012-03-11 15:07 . 2012-03-11 15:16 -------- d-----w- c:\program files (x86)\Time Boss
2012-03-10 09:08 . 2012-03-10 09:08 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-10 09:08 . 2012-03-10 09:08 -------- d-----w- c:\windows\system32\Wat
2012-03-09 19:01 . 2012-03-23 19:46 -------- d-----w- c:\users\Gerrit\AppData\Roaming\HP Support Assistant
2012-03-09 16:07 . 2009-07-21 00:42 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-09 16:07 . 2009-07-21 00:42 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-09 16:06 . 2012-03-09 16:06 -------- d-----w- c:\windows\system32\RsFx
2012-03-09 16:05 . 2012-03-09 16:05 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\SysWow64\1033
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\SysWow64\1031
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\system32\1033
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\system32\1031
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\program files\Microsoft.NET
2012-03-09 16:01 . 2012-03-20 16:56 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-09 15:59 . 2012-03-20 16:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-09 15:59 . 2012-03-26 16:13 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-09 15:59 . 2012-03-21 15:16 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2012-03-09 15:57 . 2012-03-09 16:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-03-09 13:18 . 2010-11-20 13:27 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-03-09 13:17 . 2010-11-20 13:27 235520 ----a-w- c:\windows\system32\onex.dll
2012-03-09 13:16 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-03-09 13:15 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2012-03-09 13:15 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2012-03-09 13:15 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2012-03-09 13:15 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-09 13:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-03-09 13:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-03-09 13:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-09 13:13 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-09 13:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-09 13:08 . 2012-03-09 13:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-09 13:08 . 2012-03-23 16:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-09 13:03 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-09 13:03 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-03-09 13:02 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 16:53 . 2012-03-07 16:59 -------- d-----w- c:\users\Gerrit\AppData\Local\NPE
2012-03-07 16:28 . 2012-03-07 16:32 -------- d-----w- c:\users\Gerrit\AppData\Local\gctmp
2012-03-07 16:28 . 2012-03-07 16:28 -------- d-----w- c:\users\Gerrit\AppData\Local\Xenocode
2012-03-06 17:50 . 2012-03-06 17:50 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-05 17:01 . 2012-03-09 13:20 -------- d-----w- c:\users\Gerrit\AppData\Local\Smartbar
2012-03-05 15:15 . 2012-03-05 17:01 -------- d-----w- c:\users\Gerrit\AppData\Local\Linkury
2012-03-05 15:14 . 2012-03-05 19:56 -------- d-----w- c:\users\Gerrit\AppData\Roaming\OpenCandy
2012-03-05 14:19 . 2012-03-05 14:19 -------- d-----w- c:\users\Gerrit\AppData\Local\GamersFirst LIVE!
2012-03-05 14:19 . 2012-03-26 15:03 -------- d-----w- c:\program files (x86)\GamersFirst
2012-03-04 20:13 . 2012-03-04 20:13 -------- d-----w- c:\programdata\EA Core
2012-03-04 17:35 . 2012-03-04 17:35 -------- d-----w- c:\users\Gerrit\AppData\Local\Windows Live Writer
2012-03-04 17:35 . 2012-03-04 17:35 -------- d-----w- c:\users\Gerrit\AppData\Roaming\Windows Live Writer
2012-03-04 15:57 . 2012-03-28 14:00 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-04 15:56 . 2012-03-12 17:44 -------- d-----w- c:\users\Gerrit\AppData\Local\PunkBuster
2012-03-04 15:51 . 2012-03-28 14:00 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-04 15:51 . 2012-03-28 13:58 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-04 15:51 . 2012-03-12 19:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-04 11:57 . 2012-03-04 11:57 -------- d-----w- C:\found.000
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 17:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-20 17:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-03 10:35 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-03 08:20 . 2009-10-01 23:44 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-08 12:34 . 2012-03-16 19:26 7680 ----a-w- c:\windows\help\OEM\Scripts\NetworkCheckAlert.exe
2012-01-31 17:15 . 2012-01-31 17:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15 . 2012-01-31 17:15 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-01-31 17:15 . 2012-01-31 17:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15 . 2012-01-31 17:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15 . 2012-01-31 17:15 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-01-31 17:15 . 2012-01-31 17:15 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-01-31 17:15 . 2012-01-31 17:15 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-01-31 17:15 . 2012-01-31 17:15 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-01-31 17:15 . 2012-01-31 17:15 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-01-31 17:15 . 2012-01-31 17:15 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-01-31 17:15 . 2012-01-31 17:15 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-01-31 17:15 . 2012-01-31 17:15 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-01-31 17:15 . 2012-01-31 17:15 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-01-31 17:15 . 2012-01-31 17:15 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-01-31 17:15 . 2012-01-31 17:15 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-01-31 17:15 . 2012-01-31 17:15 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-01-31 17:15 . 2012-01-31 17:15 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-01-09 09:28 . 2012-03-16 19:26 55168 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpdaterObj.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk.disabled [2012-3-5 1170]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Easybits Recovery"=c:\program files (x86)\EasyBits For Kids\ezRecover.exe
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va006;X6va006;c:\users\Gerrit\AppData\Local\Temp\00683DF.tmp [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120324.004\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-13 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-09 11856]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044037015-4269376589-4159146494-1000Core.job
- c:\users\Gerrit\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 09:09]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044037015-4269376589-4159146494-1000UA.job
- c:\users\Gerrit\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 09:09]
.
2012-03-03 c:\windows\Tasks\HPCeeScheduleForGerrit.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-10-01 12:38]
.
2012-03-02 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gerrit\AppData\Roaming\Mozilla\Firefox\Profiles\zdzacfp4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-loadtbs-2.1 - c:\users\Gerrit\AppData\Roaming\loadtbs\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Gerrit\AppData\Local\Temp\00683DF.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E421B744-12A1-4447-AB8A-DA2F96D9D9EE}]
@Denied: (A 2) (S-1-5-21-3044037015-4269376589-4159146494-1000)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (RestrictedCode)
"Flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TimeBossSrv]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Users)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"c:\\Program Files (x86)\\Time Boss\\time_boss_s.exe"
"DisplayName"="Time boss srv"
"WOW64"=dword:00000001
"ObjectName"="LocalSystem"
"Description"="The main part of Time Boss application"
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,14,00,00,
00,01,00,00,00,0a,00,00,00
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Time Boss\time_boss_s.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28 17:11:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-28 15:11
.
Vor Suchlauf: 16 Verzeichnis(se), 270.657.163.264 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 270.266.310.656 Bytes frei
.
- - End Of File - - DA211FCAA0D1025B1DC42149566151B8
[/CODE]
--- --- ---
Hoffe, das das kein fehler war !!! |
