Home » Spyware & Browser Hijacker Support Forum » Komme über google nur auf "Enter-Search" - ActivationManager » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Komme über google nur auf "Enter-Search" - ActivationManager

09.01.2008, 23:34

cybwer

...neu hier

Beiträge: 5

#1 Immer wenn ich auf google was suche, komme ich auf die Seite 'Enter-Search'. Könnt ihr mir helfen, hab HijackThis installiert.
Die log file ist folgende:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:30, on 09.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\OEM04Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [ICQ] ??
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9999DBAC-D71A-48D1-B03B-8ADC2AE6E601}: NameServer = 213.191.92.86 62.109.123.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11311 bytes

Was ist faul? Vielen Dank schon mal für die Hilfe

Dieser Beitrag wurde am 09.01.2008 um 23:41 Uhr von cybwer editiert.

09.01.2008, 23:49

Pinguin

Ehrenmitglied

Beiträge: 1441

#2 cybwer

so ein Problem ist mir noch nie untergekommen - seit wann passiert das ? Was installiert ? Oder plötzlich aufgetreten, ohne besonderen Anlass ?

seit wann hast du das installiert ?
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

09.01.2008, 23:56

cybwer

...neu hier

Themenstarter

Beiträge: 5

#3 Weiss ich nicht? Das ist schon seit 2 Wochen und es häuft sich, es ist plötzlich aufgetreten, kann es ein problem in

O17 - HKLM\System\CCS\Services\Tcpip\..\{9999DBAC-D71A-48D1-B03B-8ADC2AE6E601}: NameServer = 213.191.92.86 62.109.123.7

sein?
Woher kommt dieser Server, Wo kann ich das nachschauen?

von dem:

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

weiß ich gar nichts! Könnte von Dell vorab reingemacht sein?
Wenn ich vor den Eintrag ein Häckchen mach, und fix checked klicke, geh ich da ein zu hohes Risiko ein, was meinem System entscheidend zu verändern?

Dieser Beitrag wurde am 10.01.2008 um 00:09 Uhr von cybwer editiert.

10.01.2008, 02:07

Argus

Ehrenmitglied

Beiträge: 6028

#4 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

ComboFix
Download ComboFix und speichert es auf den Desktop!
Alle Fenster schliessen und combofix.exe starten
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Wenn dein Virenscanner meckert,ignorieren !

zusammen mit ein neuen log von HijackThis
__________
MfG Argus

10.01.2008, 10:10

hevtig

Moderator

Beiträge: 2312

Zitat

cybwer postete
Weiss ich nicht? Das ist schon seit 2 Wochen und es häuft sich, es ist plötzlich aufgetreten, kann es ein problem in

O17 - HKLM\System\CCS\Services\Tcpip\..\{9999DBAC-D71A-48D1-B03B-8ADC2AE6E601}: NameServer = 213.191.92.86 62.109.123.7

sein?
Woher kommt dieser Server, Wo kann ich das nachschauen?

So, wie es aussieht sind das DNS- Server von Hansenet / Alice.

Zitat

von dem:

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

weiß ich gar nichts! Könnte von Dell vorab reingemacht sein?

Ja, das ist was von DELL. Sollte dich nomalerweise hier hin führen => http://www.google.com/hws/dell/afe?

Die dll- Datei gehört zu "Browser Address Error Redirector".
Das kannst du bei Bedarf deinstallieren.
__________
Woher soll ich wissen was ich denke, bevor ich höre was ich sage??
Sag NEIN zu HD+/CI+ - boykottiert die Etablierung von HD+/CI+!

10.01.2008, 11:19

Pinguin

Ehrenmitglied

Beiträge: 1441

#6 cybwer

also: versuchen wir es mal..

HijackThis
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked + starte den Rechner neu.

Zitat

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll

O4 - HKCU\..\Run: [ICQ]

««
poste das Log von Combofix
http://www.virus-protect.org/artikel/tools/combofix.html

____________

Info:
ActivationManager
Search hijacker, redirecting search results to Findology.com, a division of TrafficAds Media, installed alongside the "ADSTechnology Module" BHO
http://www.castlecops.com/tk36286-ActivationManager_dll_ActivationManager_dll_upd_ConnectionServices_dll_upd.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

10.01.2008, 15:52

cybwer

...neu hier

Themenstarter

Beiträge: 5

#7 ComboFix 08-01-10.2 - Thomas Maier 2008-01-10 15:41:19.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1031.18.2578 [GMT 1:00]
ausgeführt von:: C:\Users\Thomas Maier\Desktop\Tom\Download\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-10 bis 2008-01-10 ))))))))))))))))))))))))))))))
.

2008-01-10 15:40 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-09 23:06 . 2008-01-09 23:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-09 09:13 . 2008-01-09 09:13 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 09:13 . 2008-01-09 09:13 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 09:13 . 2008-01-09 09:13 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 09:13 . 2008-01-09 09:13 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 09:13 . 2008-01-09 09:13 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 09:12 . 2008-01-09 09:12 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 09:12 . 2008-01-09 09:12 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 09:12 . 2008-01-09 09:12 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 09:12 . 2008-01-09 09:12 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 09:12 . 2008-01-09 09:12 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 09:12 . 2008-01-09 09:12 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 09:12 . 2008-01-09 09:12 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 09:12 . 2008-01-09 09:12 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 09:12 . 2008-01-09 09:12 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 09:12 . 2008-01-09 09:12 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 22:25 . 2008-01-06 22:25 <DIR> d-------- C:\Users\All Users\Elaborate Bytes
2008-01-06 22:25 . 2008-01-06 22:25 <DIR> d-------- C:\ProgramData\Elaborate Bytes
2008-01-04 15:20 . 2008-01-05 14:28 <DIR> d-------- C:\Users\All Users\FreePDF
2008-01-04 15:20 . 2008-01-05 14:28 <DIR> d-------- C:\ProgramData\FreePDF
2008-01-04 15:20 . 2008-01-04 15:20 <DIR> d-------- C:\Program Files\FreePDF_XP
2008-01-04 15:20 . 2005-01-06 18:33 119,152 --a------ C:\Windows\System32\redmon.hlp
2008-01-04 15:20 . 2005-01-06 18:33 116,224 --a------ C:\Windows\System32\redmonnt.dll
2008-01-04 15:20 . 2005-01-06 18:33 45,056 --a------ C:\Windows\System32\unredmon.exe
2008-01-04 15:18 . 2008-01-04 15:19 <DIR> d-------- C:\Program Files\gs
2008-01-04 15:14 . 2008-01-04 15:14 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-01-04 15:14 . 2008-01-04 15:14 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-01-04 15:14 . 2008-01-04 15:14 <DIR> d-------- C:\Program Files\MSECache
2008-01-04 15:11 . 2008-01-04 15:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-03 19:58 . 2008-01-03 19:58 <DIR> d-------- C:\CloneDVDTemp
2008-01-03 19:48 . 2008-01-03 19:48 <DIR> d-------- C:\Users\All Users\SlySoft
2008-01-03 19:48 . 2008-01-03 19:48 <DIR> d-------- C:\ProgramData\SlySoft
2008-01-03 19:47 . 2008-01-03 19:52 <DIR> d-------- C:\Program Files\SlySoft
2008-01-03 19:44 . 2008-01-03 19:48 72 ---hs---- C:\Windows\S386DD8E6.tmp
2008-01-03 19:42 . 2008-01-03 19:42 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-01-03 18:30 . 2008-01-03 18:30 <DIR> d-------- C:\Program Files\GSC Game World
2008-01-02 14:24 . 2008-01-02 14:24 <DIR> d-------- C:\Program Files\Ski Alpin Racing 2007 (Demo)
2008-01-02 14:10 . 2008-01-02 14:10 <DIR> d-------- C:\Users\All Users\BOONTY
2008-01-02 14:10 . 2008-01-02 14:10 <DIR> d-------- C:\ProgramData\BOONTY
2008-01-02 14:10 . 2008-01-02 14:10 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
2008-01-02 13:43 . 2008-01-02 14:09 <DIR> d-------- C:\Users\Thomas Maier\AppData\Roaming\uTorrent
2008-01-02 13:43 . 2008-01-02 13:43 <DIR> d-------- C:\Program Files\uTorrent
2007-12-28 18:44 . 2007-12-28 18:44 <DIR> d-------- C:\Users\Thomas Maier\AppData\Roaming\ACD Systems
2007-12-28 18:07 . 2007-12-28 21:43 <DIR> d-------- C:\Users\All Users\ACD Systems
2007-12-28 18:07 . 2007-12-28 21:43 <DIR> d-------- C:\ProgramData\ACD Systems
2007-12-28 18:07 . 2007-12-28 18:07 9,856 --a------ C:\Windows\System32\drivers\pfc.sys
2007-12-28 18:06 . 2007-12-28 18:06 <DIR> d-------- C:\Windows\Downloaded Installations
2007-12-28 15:13 . 2007-12-28 15:13 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2007-12-28 15:12 . 2007-12-28 15:13 <DIR> d-------- C:\Users\Thomas Maier\AppData\Roaming\Tunebite
2007-12-28 15:12 . 2007-12-11 09:52 26,784 --a------ C:\Windows\System32\drivers\tbhsd.sys
2007-12-27 18:42 . 2007-12-27 18:42 <DIR> d-------- C:\Program Files\FLV Player
2007-12-25 09:09 . 2007-12-25 09:09 <DIR> d-------- C:\Program Files\SCi Games
2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\Windows\System32\drivers\AnyDVD.sys
2007-12-15 15:06 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll
2007-12-15 15:05 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2007-12-13 18:33 . 2007-12-13 18:33 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-13 18:31 . 2007-12-13 18:31 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl
2007-12-13 18:29 . 2007-12-13 18:29 3,505,848 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 18:29 . 2007-12-13 18:29 3,472,056 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 18:29 . 2007-12-13 18:29 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-11 00:30 . 2007-12-11 00:32 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-12-11 00:30 . 2007-12-28 20:11 <DIR> d-------- C:\Program Files\Maple 11
2007-12-11 00:28 . 2007-12-11 00:28 <DIR> d--h----- C:\Users\Thomas Maier\InstallAnywhere
2007-12-11 00:11 . 2007-12-11 00:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-10 21:04 . 2007-12-10 21:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-10 14:45 . 2007-12-10 14:45 <DIR> d-------- C:\Users\Thomas Maier\AppData\Roaming\ScanSoft
2007-12-10 14:45 . 2007-12-10 14:45 <DIR> d-------- C:\Users\All Users\ScanSoft
2007-12-10 14:45 . 2007-12-10 14:45 <DIR> d-------- C:\ProgramData\ScanSoft
2007-12-10 14:45 . 2007-12-10 14:45 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-12-10 14:45 . 2007-12-10 14:45 412 --a------ C:\Windows\MAXLINK.INI
2007-12-10 14:44 . 2007-12-10 14:44 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-10 14:40 . 2007-12-10 14:40 <DIR> d-------- C:\Program Files\Common Files\CANON
2007-12-10 14:38 . 2007-12-10 14:38 <DIR> d--h----- C:\Users\All Users\CanonBJ
2007-12-10 14:38 . 2007-12-10 14:38 <DIR> d--h----- C:\ProgramData\CanonBJ
2007-12-10 14:37 . 2007-12-10 14:37 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2007-12-10 14:36 . 2007-12-10 14:36 <DIR> d--h----- C:\Program Files\CanonBJ
2007-12-10 14:36 . 2007-03-23 08:30 1,400,832 --a------ C:\Windows\System32\CNC220C.DLL
2007-12-10 14:36 . 2007-03-18 21:00 215,040 --a------ C:\Windows\System32\CNMLM8T.DLL
2007-12-10 14:36 . 2007-03-19 02:18 200,704 --a------ C:\Windows\System32\CNC220L.DLL
2007-12-10 14:36 . 2007-03-15 06:12 188,416 --a------ C:\Windows\System32\CNC220O.DLL
2007-12-10 14:36 . 2007-03-23 08:29 98,304 --a------ C:\Windows\System32\CNC220I.DLL
2007-12-10 14:35 . 2007-12-10 15:01 <DIR> d-------- C:\Program Files\Canon

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:47 --------- d-----w C:\ProgramData\Google Updater
2008-01-10 14:37 --------- d-----w C:\Program Files\McAfee
2008-01-09 08:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 08:14 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 08:12 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 08:12 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 08:12 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 08:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-07 14:15 --------- d-----w C:\Users\Thomas Maier\AppData\Roaming\Skype
2008-01-02 13:32 107,560 ----a-w C:\Users\Thomas Maier\AppData\Roaming\nvModes.dat
2007-12-28 17:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 14:14 --------- d-----w C:\ProgramData\RapidSolution
2007-12-27 17:36 --------- d-----w C:\Program Files\DivX
2007-12-25 16:18 --------- d-----w C:\ProgramData\Roxio
2007-12-25 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 17:52 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-13 17:32 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 17:32 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 17:32 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 17:31 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 17:31 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 17:31 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 17:31 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 17:31 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 17:31 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-10 23:43 --------- d-----w C:\ProgramData\Nero
2007-12-10 23:11 --------- d-----w C:\Program Files\Common Files\Real
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-25 22:43 245,408 ----a-w C:\Windows\System32\unicows.dll
2007-11-24 16:58 --------- d-----w C:\Program Files\PixelNet Layouter
2007-11-24 16:57 737,280 ----a-w C:\Windows\iun6002.exe
2007-11-24 14:12 --------- d-----w C:\Users\Thomas Maier\AppData\Roaming\SopCast
2007-11-19 21:15 --------- d-----w C:\Program Files\maddeneditor
2007-11-18 13:03 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-13 17:14 73,216 ----a-w C:\Windows\cadkasdeinst01.exe
2007-11-13 10:26 --------- d-----w C:\ProgramData\MiKTeX
2007-11-11 18:01 --------- d-----w C:\Users\Thomas Maier\AppData\Roaming\Roxio
2007-10-15 15:47 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2007-10-15 15:47 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2007-10-15 15:45 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2007-10-15 15:32 174 --sha-w C:\Program Files\desktop.ini
2007-10-15 15:29 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-10-15 15:29 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-10-15 15:29 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-10-15 15:29 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-10-15 15:29 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-10-15 15:29 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-10-15 15:29 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-10-15 15:29 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-10-15 15:29 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-10-15 15:29 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-10-15 15:29 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-10-15 15:29 134,656 ----a-w C:\Windows\System32\dps.dll
2007-10-15 15:29 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-10-15 15:29 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-10-15 15:24 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-10-15 15:24 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-10-15 15:24 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-10-15 15:24 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-10-15 15:24 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-10-15 15:24 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-10-15 15:24 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-10-15 15:24 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-10-15 15:24 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-10-15 15:24 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-10-15 15:24 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-10-15 15:24 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-10-15 15:24 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-10-15 15:24 105,984 ----a-w C:\Windows\System32\CscMig.dll
2007-10-15 15:24 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-10-15 15:24 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-10-15 14:55 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-15 14:55 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-15 14:55 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-15 14:55 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-15 14:55 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2007-10-15 14:55 23,552 ----a-w C:\Windows\System32\lpremove.exe
2007-10-15 14:55 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2007-10-15 14:55 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2007-10-15 14:55 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-10-15 14:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-15 14:53 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-15 14:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-15 14:53 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-10-15 14:51 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-10-15 14:39 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-10-15 14:39 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-10-15 14:39 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-10-15 14:39 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-10-15 14:39 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-10-15 14:39 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-10-15 14:39 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-10-15 14:39 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-10-15 14:39 2,923,520 ----a-w C:\Windows\explorer.exe
2007-10-15 14:39 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-10-15 14:29 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-10-15 14:29 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-10-15 14:29 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-10-15 14:29 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-09-24 14:45 76 --sh--r C:\Windows\CT4CET.bin
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [ ]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 13:34 1649600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 08:00 857648]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 17:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 00:10 185896]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"OEM04Mon.exe"="C:\Windows\OEM04Mon.exe" [2007-06-11 10:01 36864]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-26 10:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-26 10:38 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-26 10:39 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-26 10:39 67584]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]

C:\Users\Thomas Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-09-24 15:47:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Thomas Maier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Users\Thomas Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\Windows\pss\Yahoo! Widget Engine.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 15:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 12:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-07-30 20:40 16384 c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe]
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-26 10:39 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM04Mon.exe]
--a------ 2007-06-11 10:01 36864 C:\Windows\OEM04Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-04-16 16:10 184320 C:\Program Files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-06-29 07:15 405504 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-24 12:11 22880040 C:\Program Files\Skype\\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-24 15:42 77824 c:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-11 00:10 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-09-24 23:22 1006264 C:\Program Files\Windows Defender\MSASCui.exe

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 13:35]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-06 03:45]
R3 OEM04Vid;Creative Camera OEM004 Driver;C:\Windows\system32\DRIVERS\OEM04Vid.sys [2007-10-10 17:01]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-01-02 14:10]
S3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 tbhsd;Tunebite High-Speed Dubbing;C:\Windows\system32\drivers\tbhsd.sys [2007-12-11 09:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
"2007-10-14 23:00:02 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-09-24 15:09:50 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-01-10 14:38:59 C:\Windows\Tasks\User_Feed_Synchronization-{A19BEA97-66C0-4DA4-8699-E2CF1DA3EA0D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 15:47:07
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-10 15:48:00
ComboFix-quarantined-files.txt 2008-01-10 14:47:57
.
2008-01-09 08:13:36 --- E O F ---

-------------------------------------------------------------------------
hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:54, on 10.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9999DBAC-D71A-48D1-B03B-8ADC2AE6E601}: NameServer = 213.191.92.86 62.109.123.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10604 bytes

Dieser Beitrag wurde am 10.01.2008 um 16:03 Uhr von cybwer editiert.

10.01.2008, 16:17

Argus

Ehrenmitglied

Beiträge: 6028

#8 Entferne auf C:\ Qoobox-->Papierkorb leeren

Start-->Ausführen kopiere rein:
sc stop "Boonty Games"
Klicke OK
Mach dasselbe mit
sc delete "Boonty Games"
Klicke OK

CombiFix entfernen
Start > Ausführen>Kopiere rein Combofix /U OK

ATF cleaner
Benutze ATF Cleaner http://board.protecus.de/t23188.htm
__________
MfG Argus

10.01.2008, 16:24

cybwer

...neu hier

Themenstarter

Beiträge: 5

#9 Hab ich gemacht. Vielen DANK!!!!

10.01.2008, 16:34

Argus

Ehrenmitglied

Beiträge: 6028

#10 Mache noch folgendes
Entferne C:\Program Files\Common Files\BOONTY Shared

Edit: Ueber Boonty
http://www.castlecops.com/o23list-1744.html
__________
MfG Argus

10.01.2008, 16:36

cybwer

...neu hier

Themenstarter

Beiträge: 5

#11 Ist erledigt, vielen dank

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1