Viren im Temp Ordner Win 7 |
||
---|---|---|
#0
| ||
06.03.2010, 17:34
Member
Beiträge: 16 |
||
|
||
06.03.2010, 17:58
Member
Beiträge: 3716 |
||
|
||
06.03.2010, 18:03
Member
Themenstarter Beiträge: 16 |
#3
Zitat Maxxwood posteteIch hoffe das es so richtig ist |
|
|
||
06.03.2010, 18:58
Member
Beiträge: 3716 |
#4
hab das falsche erwischt.
http://board.protecus.de/t23188.htm hiermal combofix und gmer, logs posten. |
|
|
||
06.03.2010, 19:39
Member
Themenstarter Beiträge: 16 |
#5
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3829 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.03.2010 19:12:36 mbam-log-2010-03-06 (19-12-33).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 112991 Laufzeit: 3 minute(s), 5 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\file_3.exe (Trojan.Agent) -> No action taken. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-06 19:32:09 Windows 6.1.7600 Running: nsoi1qo8.exe; Driver: C:\Users\Maxxwood\AppData\Local\Temp\kxldqpog.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830182D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83017898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830301A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C48579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4C6E300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA4CB6300, 0x1BEE, 0xE8000020] .text peauth.sys A4CC0C9D 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...] .text peauth.sys A4CC0CC1 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...] PAGE peauth.sys A4CC6B9B 72 Bytes [60, CB, D9, 1F, 62, F0, 11, ...] PAGE peauth.sys A4CC6BEC 111 Bytes [EE, 9A, 9F, CE, 6A, 5A, B1, ...] PAGE peauth.sys A4CC6E20 101 Bytes [09, 92, 4F, BD, 77, 09, 96, ...] PAGE ... .text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA4D8B000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA4DAE050] .text kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 .text kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 .text kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 .text kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 .text kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00012470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00012440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000124A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000124C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000124E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0053000A .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 004D000A .text C:\Windows\system32\svchost.exe[1036] ole32.dll!CoCreateInstance 75CC57FC 5 Bytes JMP 0056000A .text C:\Windows\system32\svchost.exe[1036] USER32.dll!GetCursorPos 7755C198 5 Bytes JMP 0058000A .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00022470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00022440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000224A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000224C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000224E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00332470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00332440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 003324A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 003324C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 003324E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 0037000A .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0038000A .text C:\Windows\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0036000A .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 002D2470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 002D2440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 002D24A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 002D24C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 002D24E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 004F000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0046000A ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Disabled 0 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Disabled 0 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote ---- EOF - GMER 1.0.15 ---- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:33:47, on 06.03.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe C:\Program Files\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\amBX\Effects\amBX Event Manager.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\amBX\Gaming FXGen\amBXAppMgrHelper.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: amBX Engine - Philips - C:\Program Files\amBX\System\amBX_Engine.exe O23 - Service: amBX Service - amBX - C:\Program Files\amBX\System\amBX_Service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Philips amBX USB HAL - Philips - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe O23 - Service: Philips HAL Starter - Unknown owner - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 6607 bytes Adobe Flash Player 10 Plugin Adobe Reader 9.3 - Deutsch Adobe Shockwave Player 11.5 Alice im Wunderland amBX Control Panel 1.2.2 amBX Effects 1.1.2 amBX FXGen amBX System ANNO 1404 AnyDVD Ashampoo Burning Studio 9.21 Assassin's Creed Auslogics Disk Defrag avast! Antivirus BioShock 2 Borderlands BurnInTest v6.0 Standard Call of Duty(R) - World at War(TM) Call of Duty(R) 4 - Modern Warfare(TM) Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Canasta for Windows Carcassonne Carcassonne Add-On CCleaner CDDRV_Installer Choice Guard CloneDVD2 C-Media CM108 Like Sound Device Command & Conquer 3 Command & Conquer™ Alarmstufe Rot 3 Command & Conquer™ Alarmstufe Rot 3 Der Aufstand CyberLink DVD Menu Template Pack CyberLink LabelPrint CyberLink LabelPrint CyberLink Media Suite CyberLink Media Suite CyberLink MediaShow CyberLink MediaShow CyberLink PhotoNow CyberLink PhotoNow CyberLink Power2Go CyberLink Power2Go CyberLink PowerBackup CyberLink PowerBackup CyberLink PowerDirector CyberLink PowerDirector CyberLink PowerDVD 9 CyberLink PowerDVD 9 CyberLink PowerDVD Copy CyberLink PowerDVD Copy CyberLink PowerProducer CyberLink PowerProducer CyberLink WaveEditor CyberLink WaveEditor DARK VOID Dead Space™ Die Sims™ 3 DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Web Player EPSON-Drucker-Software EVEREST Home Edition v2.20 Free Audio CD Burner version 1.2 Free YouTube to MP3 Converter version 3.2 FUSSBALL MANAGER 10 GIMP 2.6.7 Google Gears Google Update Helper Guitar Pro 5.2 HijackThis 2.0.2 ICQ6.5 James Cameron's AVATAR(tm): DAS SPIEL Java(TM) 6 Update 15 JDownloader KhalInstallWrapper Left 4 Dead LightScribe System Software LightScribe Template Labeler Liveupdate4 Logitech SetPoint Malwarebytes' Anti-Malware Mass Effect Messenger Plus! Live Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (German) 2010 (Beta) Microsoft Office Excel MUI (German) 2010 (Beta) Microsoft Office OneNote MUI (German) 2010 (Beta) Microsoft Office Outlook MUI (German) 2010 (Beta) Microsoft Office PowerPoint MUI (German) 2010 (Beta) Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 (Beta) Microsoft Office Proof (French) 2010 (Beta) Microsoft Office Proof (German) 2010 (Beta) Microsoft Office Proof (Italian) 2010 (Beta) Microsoft Office Proofing (German) 2010 (Beta) Microsoft Office Publisher MUI (German) 2010 (Beta) Microsoft Office Shared MUI (German) 2010 (Beta) Microsoft Office Single Image 2010 (Beta) Microsoft Office Word MUI (German) 2010 (Beta) Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft WSE 3.0 Runtime Mirror's Edge™ MozBackup 1.4.9 Mozilla Firefox (3.6) Mp3tag v2.45a MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NETGEAR WG111v3 wireless USB 2.0 adapter NVIDIA Display Control Panel NVIDIA Drivers NVIDIA GAME System Software 2.8.1 NVIDIA PhysX OpenAL PDF-Viewer Philips amBX V1.4 PowerCinema NE for Everio PunkBuster Services QuickTime RealPlayer Realtek High Definition Audio Driver redist Saw Game Security Update for Microsoft Office 2010 File Validation - Beta (KB976133) Security Update for Microsoft Office 2010 File Validation - Beta (KB976133) Security Update for Microsoft Office 2010 File Validation - Beta (KB976133) Skype™ 4.1 Spielefieber Kartenspiele für Vista Spybot - Search & Destroy Steam SUPERAntiSpyware Free Edition SurfMusik 3.1a System Requirements Lab Trillian TuneUp Utilities UltraISO Premium V9.33 Uninstall 1.0.0.1 VC80CRTRedist - 8.0.50727.4053 Virtual DJ - Atomix Productions Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 9.0 CRT (x86) WinSXS MSM VLC media player 1.0.1 Wild Earth - Africa Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Messenger Windows Live-Uploadtool Windows Media Player Firefox Plugin WinRAR WinZip 12.1 Wolfenstein(TM) 1.1 Patch WORLD IN CONFLICT: SOVIET ASSAULT XMedia Recode 2.1.9.5 Your Uninstaller! 2010 |
|
|
||
06.03.2010, 19:40
Member
Themenstarter Beiträge: 16 |
#6
ComboFix 10-03-05.06 - Maxxwood 06.03.2010 18:40:14.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3071.2131 [GMT 1:00] ausgeführt von:: c:\users\Maxxwood\Desktop\neu\ram\ram.com SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\program files\temp c:\users\Maxxwood\AppData\Roaming\.# c:\users\Maxxwood\AppData\Roaming\Desktopicon c:\users\Maxxwood\AppData\Roaming\onload.exe c:\windows\file_2.exe c:\windows\system32\ntSVc.ocx c:\windows\system32\SHELLLNK.TLB c:\windows\system32\tmp.reg . ((((((((((((((((((((((( Dateien erstellt von 2010-02-06 bis 2010-03-06 )))))))))))))))))))))))))))))) . 2010-03-06 17:46 . 2010-03-06 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-06 17:10 . 2010-03-06 17:10 52224 ----a-w- c:\users\Maxxwood\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-03-06 17:10 . 2010-03-06 17:10 117760 ----a-w- c:\users\Maxxwood\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-06 17:08 . 2010-03-06 17:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-06 16:29 . 2010-03-06 16:29 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\SUPERAntiSpyware.com 2010-03-06 16:29 . 2010-03-06 16:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-03-03 14:42 . 2010-03-03 14:42 -------- d-----w- c:\programdata\Super X Studios 2010-03-02 15:05 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-03-02 15:05 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-03-02 15:05 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-03-02 15:05 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-03-02 14:35 . 2010-03-02 14:35 -------- d-----w- c:\users\Maxxwood\AppData\Local\Microsoft Corporation 2010-03-02 10:45 . 2010-03-02 11:36 -------- d-----w- c:\program files\JDownloader 2010-03-02 10:37 . 2010-03-02 10:37 -------- d-----w- c:\windows\Left 4 Dead 2010-02-27 11:30 . 2010-02-27 11:30 381406 ----a-w- c:\windows\file_3.exe 2010-02-26 00:07 . 2010-02-26 00:07 -------- d-----w- c:\users\Maxxwood\AppData\Local\Apps 2010-02-25 19:12 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-02-25 19:12 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll 2010-02-25 19:12 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll 2010-02-25 08:13 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-24 15:25 . 2010-02-24 15:28 -------- d-----w- c:\program files\XMedia Recode 2010-02-24 14:47 . 2010-02-24 14:47 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\mkvtoolnix 2010-02-24 14:47 . 2010-02-27 02:31 -------- d-----w- c:\program files\MKVtoolnix 2010-02-20 15:29 . 2010-02-20 15:29 -------- d-----w- c:\users\Maxxwood\AppData\Local\AliensVsPredator 2010-02-20 15:03 . 2010-02-15 11:03 286208 ----a-w- c:\windows\system\binkw32.dll 2010-02-19 20:18 . 2010-02-19 20:18 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-02-18 20:18 . 2010-02-18 20:18 -------- d-----w- c:\program files\DVDVideoSoft 2010-02-18 20:18 . 2010-02-18 20:18 -------- d-----w- c:\program files\YouTube to MP3 Converter 2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\program files\Microsoft Synchronization Services 2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\windows\PCHEALTH 2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\program files\Microsoft.NET 2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-02-18 19:56 . 2010-02-18 19:56 -------- d-----w- c:\program files\Microsoft Analysis Services 2010-02-18 19:55 . 2010-02-18 19:55 -------- d-----w- c:\users\Maxxwood\AppData\Local\Microsoft Help 2010-02-18 19:55 . 2010-03-02 15:19 -------- d-----w- c:\programdata\Microsoft Help 2010-02-18 19:55 . 2010-02-18 19:55 -------- d-----r- C:\MSOCache 2010-02-16 20:54 . 2010-02-16 20:54 -------- d-----w- c:\program files\SystemRequirementsLab 2010-02-13 12:37 . 2010-02-13 12:37 -------- d-----w- c:\windows\system32\temp 2010-02-13 12:37 . 2010-02-13 12:37 -------- d-----w- c:\programdata\PassMark 2010-02-13 12:37 . 2010-02-13 12:37 -------- d-----w- c:\program files\BurnInTest 2010-02-13 10:54 . 2010-02-13 12:21 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Bioshock2 2010-02-13 10:08 . 2010-02-13 10:08 -------- d--h--w- c:\windows\PIF 2010-02-13 10:01 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-13 10:01 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-13 10:01 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2010-02-13 10:01 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll 2010-02-13 10:01 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll 2010-02-13 10:01 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-02-13 10:01 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-02-13 10:01 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll 2010-02-13 10:01 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-02-13 10:01 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll 2010-02-13 10:00 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-13 10:00 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-13 10:00 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-13 10:00 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-13 10:00 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll 2010-02-13 10:00 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll 2010-02-13 10:00 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-13 10:00 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-13 10:00 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-13 10:00 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-09 06:56 . 2010-02-09 06:56 -------- d-----w- c:\users\Maxxwood\Cyberlink . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-06 17:25 . 2009-07-03 11:00 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\uTorrent 2010-03-06 17:08 . 2009-07-01 23:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-06 16:29 . 2009-08-16 15:53 -------- d-----w- c:\program files\Trillian 2010-03-06 12:11 . 2009-09-02 17:25 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\vlc 2010-03-06 10:35 . 2009-09-23 15:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-03-06 10:12 . 2009-07-01 18:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-06 09:55 . 2009-07-14 08:47 647138 ----a-w- c:\windows\system32\perfh007.dat 2010-03-06 09:55 . 2009-07-14 08:47 127198 ----a-w- c:\windows\system32\perfc007.dat 2010-03-06 09:14 . 2009-07-03 11:18 -------- d-----w- c:\program files\uTorrent 2010-03-03 15:40 . 2009-07-21 15:36 -------- d-----w- c:\program files\CCleaner 2010-03-02 14:34 . 2009-09-06 23:03 -------- d-----w- c:\program files\EVEREST Home Edition 2010-03-02 13:37 . 2010-01-24 19:20 121280 ----a-w- c:\users\Maxxwood\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-28 17:30 . 2009-08-31 16:41 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\dvdcss 2010-02-27 11:30 . 2010-02-27 11:30 12 ----a-w- c:\windows\system32\DROPPEDFILEOKgfx3.tmp 2010-02-27 02:26 . 2010-01-12 20:44 -------- d-----w- c:\program files\SSC Service Utility 2010-02-27 02:09 . 2009-07-17 11:03 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Ubisoft 2010-02-27 02:02 . 2009-10-07 10:58 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-27 00:24 . 2009-07-03 14:49 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-02-27 00:23 . 2009-07-03 14:49 215104 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-02-26 23:23 . 2009-07-30 13:37 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Skype 2010-02-26 23:23 . 2009-07-30 13:40 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\skypePM 2010-02-26 17:28 . 2009-10-14 00:44 -------- d-----w- c:\program files\MSI Live Update 4 2010-02-20 16:07 . 2010-01-24 18:27 -------- d-----w- c:\programdata\NVIDIA 2010-02-20 16:05 . 2010-01-24 18:27 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-18 20:43 . 2009-07-03 14:00 -------- d-----w- c:\program files\OpenOffice.org 3 2010-02-18 20:18 . 2009-08-29 18:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-02-16 18:49 . 2009-07-07 17:47 1 ----a-w- c:\users\Maxxwood\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-14 11:09 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-02-13 12:44 . 2009-08-25 09:51 -------- d-----w- c:\program files\Google 2010-02-09 06:56 . 2009-08-22 12:26 -------- d-----w- c:\programdata\Cyberlink 2010-02-04 13:49 . 2010-02-04 13:36 -------- d-----w- c:\program files\Navilog1 2010-02-04 13:17 . 2010-02-04 13:17 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Malwarebytes 2010-02-04 13:17 . 2010-02-04 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-04 13:16 . 2010-02-04 13:16 -------- d-----w- c:\programdata\Malwarebytes 2010-02-04 08:26 . 2009-07-03 10:34 -------- d-----w- c:\program files\Avast4 2010-01-30 12:05 . 2010-01-30 12:05 -------- d-----w- c:\program files\Ashampoo Burning Studio 9 2010-01-30 11:47 . 2009-07-03 10:24 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Ashampoo 2010-01-30 09:53 . 2009-07-03 15:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-29 07:06 . 2009-09-17 14:38 -------- d-----w- c:\program files\Alcohol 120 2010-01-28 08:56 . 2009-07-03 13:28 -------- d-----w- c:\programdata\LogiShrd 2010-01-28 08:56 . 2009-07-03 13:27 -------- d-----w- c:\program files\Common Files\Logishrd 2010-01-25 11:45 . 2009-07-03 12:54 -------- d-----w- c:\program files\amBX 2010-01-25 11:10 . 2010-01-25 11:10 -------- d-----w- c:\program files\TuneUp Utilities 2010 2010-01-25 11:10 . 2010-01-25 11:09 -------- d-----w- c:\programdata\TuneUp Software 2010-01-25 11:09 . 2010-01-25 11:09 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-01-25 10:53 . 2010-01-25 10:53 -------- d-----w- c:\program files\MSXML 4.0 2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Vorlagen 2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Startmenü 2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Favoriten 2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Dokumente 2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Anwendungsdaten 2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\program files\Gemeinsame Dateien 2010-01-24 18:52 . 2010-01-24 18:52 21532 ----a-w- c:\windows\system32\emptyregdb.dat 2010-01-24 18:37 . 2010-01-19 13:33 -------- d-----w- c:\programdata\Solidshield 2010-01-24 18:37 . 2009-08-12 17:08 -------- dc-h--w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE} 2010-01-24 18:37 . 2009-08-12 16:32 -------- dc-h--w- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8} 2010-01-24 18:37 . 2009-07-20 12:28 -------- d-----w- c:\programdata\Tages 2010-01-24 18:37 . 2009-07-17 09:56 -------- d-----w- c:\programdata\Ubisoft 2010-01-24 18:37 . 2009-07-09 18:07 -------- d-----w- c:\programdata\UDL 2010-01-24 18:37 . 2009-07-03 11:07 -------- d-----w- c:\programdata\WinZip 2010-01-24 18:37 . 2009-07-30 13:36 -------- d-----w- c:\programdata\Skype 2010-01-24 18:37 . 2009-07-03 13:08 -------- d-----w- c:\programdata\SlySoft 2010-01-24 18:37 . 2010-01-14 15:05 -------- d-sh--w- c:\programdata\SecuROM 2010-01-24 18:37 . 2009-10-17 17:52 -------- d-----w- c:\programdata\Screaming Bee 2010-01-24 18:37 . 2009-08-16 17:41 -------- d-----w- c:\programdata\Propellerhead Software 2010-01-24 18:35 . 2009-07-03 15:29 -------- d-----w- c:\program files\OpenAL 2010-01-24 18:35 . 2009-07-01 18:20 -------- d-----w- c:\program files\NETGEAR 2010-01-24 18:35 . 2009-07-17 10:33 -------- d-----w- c:\program files\Mp3tag 2010-01-24 18:35 . 2009-07-03 12:17 -------- d-----w- c:\program files\MSI 2010-01-24 18:35 . 2009-08-13 13:04 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-24 18:35 . 2009-07-16 13:05 -------- d-----w- c:\program files\Microsoft WSE 2010-01-24 18:35 . 2009-07-16 11:15 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-01-24 18:35 . 2009-07-03 10:20 -------- d-----w- c:\program files\MozBackup 2010-01-24 18:35 . 2009-07-03 14:40 -------- d-----w- c:\program files\Messenger Plus! Live 2010-01-24 18:35 . 2009-07-03 12:05 -------- d-----w- c:\program files\Microsoft 2010-01-24 18:35 . 2009-07-03 13:27 -------- d-----w- c:\program files\Logitech 2010-01-24 18:35 . 2009-11-13 16:38 -------- d-----w- c:\program files\LightScribe Template Labeler 2010-01-24 18:35 . 2009-07-03 14:00 -------- d-----w- c:\program files\Java 2010-01-24 18:34 . 2009-07-03 12:59 -------- d-----w- c:\program files\ICQ6.5 2010-01-24 18:34 . 2009-08-16 19:50 -------- d-----w- c:\program files\Guitar Pro 5 2010-01-24 18:34 . 2009-09-23 15:56 -------- d-----w- c:\program files\GIMP-2.0 2010-01-24 18:34 . 2009-10-22 16:40 -------- d-----w- c:\program files\Futuremark 2010-01-24 18:34 . 2009-09-25 16:40 -------- d-----w- c:\program files\Free YouTube to MP3 Converter 2010-01-24 18:34 . 2009-07-09 17:55 -------- d-----w- c:\program files\epson 2010-01-24 18:34 . 2009-07-03 10:41 -------- d-----w- c:\program files\DivX 2010-01-24 18:34 . 2009-10-22 17:08 -------- d-----w- c:\program files\CyberLink PCM4Everio 2010-01-24 18:33 . 2009-08-22 12:24 -------- d-----w- c:\program files\CyberLink 2010-01-24 18:28 . 2010-01-24 18:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-01-24 18:28 . 2010-01-24 18:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2010-01-24 18:25 . 2010-01-24 18:25 -------- d-----w- c:\program files\Realtek 2010-01-21 10:52 . 2010-01-21 06:29 -------- d-sh--r- c:\users\Maxxwood\AppData\Roaming\Update 2010-01-19 13:42 . 2010-01-19 13:42 723456 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{03DA9430-1FD8-9D73-384A-7AD7DCB5C843}-keygen.exe 2010-01-18 12:59 . 2010-01-18 12:59 7680 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\talk.dll 2010-01-18 12:59 . 2010-01-18 12:59 7168 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\events.dll 2010-01-18 12:59 . 2010-01-18 12:59 2048 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\toolkit.dll 2010-01-18 12:59 . 2010-01-18 12:59 10240 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\buddy.dll 2010-01-14 15:14 . 2010-01-14 15:14 7225344 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A7D3EB85-28AF-CB85-B0FC-FD5E1891CC98}-DLCSetup.exe 2010-01-14 15:14 . 2010-01-14 15:14 29352595 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{BBA7D76A-1B39-1605-753A-5900F0894ABD}-Borderlands.exe 2010-01-14 10:12 . 2009-10-03 11:08 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2009-11-03 20:12 556432 ----a-w- c:\progra~1\MIF5BA~1\Office14\URLREDIR.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240] "amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\amBXAppMgr.exe" [2008-10-03 237568] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "avast!"="c:\program files\Avast4\ashDisp.exe" [2009-11-24 81000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ amBX Effects.lnk - c:\program files\amBX\Effects\amBX Event Manager.exe [2009-7-3 47616] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-3 813584] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DualCoreCenter.lnk] backup=c:\windows\pss\DualCoreCenter.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DualCoreCenter.lnk [HKLM\~\startupfolder\C:^Users^Maxxwood^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\Maxxwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amBX Daemon] 2009-09-28 14:27 229376 ----a-w- c:\program files\amBX\Control Panel\amBXDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2009-09-01 16:00 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2009-11-02 13:21 103720 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService] 2008-04-03 08:45 151552 ----a-w- c:\program files\CyberLink PCM4Everio\EverioService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-08-09 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] 2009-04-27 16:50 50472 ----a-w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] 2009-07-06 13:22 87336 ----a-w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-02-27 00:29 1217872 ----a-w- e:\games\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-02-18 15:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-07-03 10:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices R1 SASDIFSV;SASDIFSV;c:\users\Maxxwood\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\Maxxwood\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x] R2 Philips HAL Starter;Philips HAL Starter;c:\program files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe [2008-06-09 10752] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808] R3 FLASHSYS;FLASHSYS;c:\program files\MSI Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] R3 SASENUM;SASENUM;c:\users\Maxxwood\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 133104] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-30 691696] S1 aswSP;avast! Self Protection; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/05 11:39];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 87536] S2 amBX Engine;amBX Engine;c:\program files\amBX\System\amBX_Engine.exe [2008-04-17 434176] S2 amBX Service;amBX Service;c:\program files\amBX\System\amBX_Service.exe [2009-10-14 612864] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [2008-06-09 540672] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 09:51] 2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 09:51] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Maxxwood\AppData\Roaming\Mozilla\Firefox\Profiles\myz2xq1b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: keyword.URL - FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\VLC\npvlc.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-DelReg - c:\program files\MSI DualCoreCenter\DelReg.exe MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe MSConfigStartUp-MSN - c:\windows\svchost.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe ActiveSetup-{49C86EC6-E46D-4D90-92E4-20EB8E3DC74B} - msiexec [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-133387703-4160369434-2984978302-1000\Software\SecuROM\License information*] "datasecu"=hex:3b,20,20,57,01,a6,7b,65,dc,ff,fe,31,46,74,73,97,a3,8e,db,0e,7d, 5e,07,44,a8,19,33,9a,53,71,c9,5f,62,77,c1,b6,a8,21,9d,2c,5c,fb,ce,2d,4a,ed,\ "rkeysecu"=hex:c5,cb,58,00,90,fa,5b,88,86,ae,c0,15,e5,b9,61,2f [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(5216) c:\program files\Logitech\SetPoint\lgscroll.dll . Zeit der Fertigstellung: 2010-03-06 18:48:56 ComboFix-quarantined-files.txt 2010-03-06 17:48 Vor Suchlauf: 9 Verzeichnis(se), 111.897.845.760 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 111.713.697.792 Bytes frei - - End Of File - - 0AFDE51405FDFB30FC6E77DD31250FB9 |
|
|
||
06.03.2010, 20:00
Member
Beiträge: 3716 |
#7
ok, nun gmer und dann malwarebytes.
|
|
|
||
06.03.2010, 20:12
Member
Themenstarter Beiträge: 16 |
#8
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-06 19:32:09 Windows 6.1.7600 Running: nsoi1qo8.exe; Driver: C:\Users\Maxxwood\AppData\Local\Temp\kxldqpog.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830182D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83017898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830301A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C48579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4C6E300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA4CB6300, 0x1BEE, 0xE8000020] .text peauth.sys A4CC0C9D 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...] .text peauth.sys A4CC0CC1 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...] PAGE peauth.sys A4CC6B9B 72 Bytes [60, CB, D9, 1F, 62, F0, 11, ...] PAGE peauth.sys A4CC6BEC 111 Bytes [EE, 9A, 9F, CE, 6A, 5A, B1, ...] PAGE peauth.sys A4CC6E20 101 Bytes [09, 92, 4F, BD, 77, 09, 96, ...] PAGE ... .text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA4D8B000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA4DAE050] .text kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 .text kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 .text kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 .text kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 .text kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00012470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00012440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000124A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000124C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000124E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0053000A .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 004D000A .text C:\Windows\system32\svchost.exe[1036] ole32.dll!CoCreateInstance 75CC57FC 5 Bytes JMP 0056000A .text C:\Windows\system32\svchost.exe[1036] USER32.dll!GetCursorPos 7755C198 5 Bytes JMP 0058000A .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00022470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00022440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000224A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000224C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000224E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00332470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00332440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 003324A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 003324C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 003324E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 0037000A .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0038000A .text C:\Windows\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0036000A .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 002D2470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 002D2440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 002D24A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 002D24C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 002D24E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.) .text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 004F000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0046000A ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Disabled 0 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Disabled 0 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100 Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote ---- EOF - GMER 1.0.15 ---- |
|
|
||
06.03.2010, 20:13
Member
Themenstarter Beiträge: 16 |
#9
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3829 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.03.2010 19:12:36 mbam-log-2010-03-06 (19-12-33).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 112991 Laufzeit: 3 minute(s), 5 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\file_3.exe (Trojan.Agent) -> No action taken. |
|
|
||
06.03.2010, 20:28
Member
Beiträge: 3716 |
#10
bitte lasse malwarebytes den fund löschen, berichte wie der pc läuft.
|
|
|
||
06.03.2010, 20:29
Member
Themenstarter Beiträge: 16 |
#11
Hab ich schon löschen lassen hat sich aber nichts daran geändert es kommen immer noch meldungen mit viren im temp ordner
Die andere Log´s waren die ok oder gab es da was verdächtig klingt? |
|
|
||
06.03.2010, 20:56
Member
Beiträge: 3716 |
#12
1. werden auch google suchanfragen umgeleitet?
2. upgrade mal auf avast 5. http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125180-rootkit-tdss-entfernen-norman-tdss-cleaner.html rechtsklick als admin starten, das oder die logs posten. kommt drauf an ob was gefunden wird und der pc neu startet. |
|
|
||
06.03.2010, 20:59
Member
Themenstarter Beiträge: 16 |
#13
Manchmal werden suchanfragen umgeleitet aber nicht immer
|
|
|
||
06.03.2010, 21:35
Member
Beiträge: 3716 |
#14
ok, versuch mal den tdss cleaner.
|
|
|
||
06.03.2010, 21:41
Member
Themenstarter Beiträge: 16 |
#15
hab ich gerade durch laufen lassen da wurde nichts gefunden
|
|
|
||
Dann hab ich noch ein mit mein Firefox es öffnen sich immer wenn der Browser offen ist irgendwelche seiten hab schon viele scans durch laufen lassen aber hat alles nichts gebracht
ich hoffe ihr könnt mir weiter helfen.
Da ich zur zeit keine lust und Zeit habe mein pc neu aufzusetzen
Danke schonmal im vorraus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:04, on 06.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\amBX\Effects\amBX Event Manager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\amBX\Gaming FXGen\amBXAppMgrHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: amBX Engine - Philips - C:\Program Files\amBX\System\amBX_Engine.exe
O23 - Service: amBX Service - amBX - C:\Program Files\amBX\System\amBX_Service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Philips amBX USB HAL - Philips - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
O23 - Service: Philips HAL Starter - Unknown owner - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 6745 bytes