Viren im Temp Ordner Win 7

#0
06.03.2010, 17:34
Member

Beiträge: 16
#1 Ich hoffe mal ich bin hier richtig hab zur zeit probleme mit meinem Temp ordner jedes mal zeigt mein Viren Programm (avast) das im Temp ordner viren sind ich löschte zwar alles im ordner aber die meldung kommt immer wieder (z.B. C:\Windows\Temp\fdts.tmp\svchost.exe)

Dann hab ich noch ein mit mein Firefox es öffnen sich immer wenn der Browser offen ist irgendwelche seiten hab schon viele scans durch laufen lassen aber hat alles nichts gebracht

ich hoffe ihr könnt mir weiter helfen.
Da ich zur zeit keine lust und Zeit habe mein pc neu aufzusetzen

Danke schonmal im vorraus




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:04, on 06.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\amBX\Effects\amBX Event Manager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\amBX\Gaming FXGen\amBXAppMgrHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: amBX Engine - Philips - C:\Program Files\amBX\System\amBX_Engine.exe
O23 - Service: amBX Service - amBX - C:\Program Files\amBX\System\amBX_Service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Philips amBX USB HAL - Philips - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
O23 - Service: Philips HAL Starter - Unknown owner - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6745 bytes
Seitenanfang Seitenende
06.03.2010, 17:58
Member

Beiträge: 3716
#2 bitte abarbeiten, logs posten.
http://board.protecus.de/t39189.htm
Seitenanfang Seitenende
06.03.2010, 18:03
Member

Themenstarter

Beiträge: 16
#3

Zitat

Maxxwood postete
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Maxxwood on 06.03.2010 at 18:01:08.


Processes terminated by Rkill or while it was running:


C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Users\Maxxwood\AppData\Local\Temp\SAS_SelfExtract\program.com
C:\Windows\system32\DllHost.exe
C:\Users\Maxxwood\Desktop\neu\rkill.pif


Rkill completed on 06.03.2010 at 18:01:12.
Ich hoffe das es so richtig ist
Seitenanfang Seitenende
06.03.2010, 18:58
Member

Beiträge: 3716
#4 hab das falsche erwischt.
http://board.protecus.de/t23188.htm
hiermal combofix und gmer, logs posten.
Seitenanfang Seitenende
06.03.2010, 19:39
Member

Themenstarter

Beiträge: 16
#5 Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3829
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.03.2010 19:12:36
mbam-log-2010-03-06 (19-12-33).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 112991
Laufzeit: 3 minute(s), 5 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\file_3.exe (Trojan.Agent) -> No action taken.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-06 19:32:09
Windows 6.1.7600
Running: nsoi1qo8.exe; Driver: C:\Users\Maxxwood\AppData\Local\Temp\kxldqpog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830182D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83017898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830301A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C48579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4C6E300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA4CB6300, 0x1BEE, 0xE8000020]
.text peauth.sys A4CC0C9D 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...]
.text peauth.sys A4CC0CC1 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...]
PAGE peauth.sys A4CC6B9B 72 Bytes [60, CB, D9, 1F, 62, F0, 11, ...]
PAGE peauth.sys A4CC6BEC 111 Bytes [EE, 9A, 9F, CE, 6A, 5A, B1, ...]
PAGE peauth.sys A4CC6E20 101 Bytes [09, 92, 4F, BD, 77, 09, 96, ...]
PAGE ...
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA4D8B000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA4DAE050]
.text kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470
.text kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440
.text kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0
.text kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0
.text kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00012470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00012440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000124A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000124C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000124E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0053000A
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 004D000A
.text C:\Windows\system32\svchost.exe[1036] ole32.dll!CoCreateInstance 75CC57FC 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!GetCursorPos 7755C198 5 Bytes JMP 0058000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00022470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00022440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000224A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000224C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000224E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00332470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00332440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 003324A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 003324C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 003324E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 0037000A
.text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0038000A
.text C:\Windows\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0036000A
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 002D2470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 002D2440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 002D24A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 002D24C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 002D24E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 004F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0046000A

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Disabled 0
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Disabled 0
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote

---- EOF - GMER 1.0.15 ----


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:47, on 06.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\amBX\Effects\amBX Event Manager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\amBX\Gaming FXGen\amBXAppMgrHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: amBX Engine - Philips - C:\Program Files\amBX\System\amBX_Engine.exe
O23 - Service: amBX Service - amBX - C:\Program Files\amBX\System\amBX_Service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Philips amBX USB HAL - Philips - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
O23 - Service: Philips HAL Starter - Unknown owner - C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6607 bytes


Adobe Flash Player 10 Plugin
Adobe Reader 9.3 - Deutsch
Adobe Shockwave Player 11.5
Alice im Wunderland
amBX Control Panel 1.2.2
amBX Effects 1.1.2
amBX FXGen
amBX System
ANNO 1404
AnyDVD
Ashampoo Burning Studio 9.21
Assassin's Creed
Auslogics Disk Defrag
avast! Antivirus
BioShock 2
Borderlands
BurnInTest v6.0 Standard
Call of Duty(R) - World at War(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Canasta for Windows
Carcassonne
Carcassonne Add-On
CCleaner
CDDRV_Installer
Choice Guard
CloneDVD2
C-Media CM108 Like Sound Device
Command & Conquer 3
Command & Conquer™ Alarmstufe Rot 3
Command & Conquer™ Alarmstufe Rot 3 Der Aufstand
CyberLink DVD Menu Template Pack
CyberLink LabelPrint
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Media Suite
CyberLink MediaShow
CyberLink MediaShow
CyberLink PhotoNow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDirector
CyberLink PowerDVD 9
CyberLink PowerDVD 9
CyberLink PowerDVD Copy
CyberLink PowerDVD Copy
CyberLink PowerProducer
CyberLink PowerProducer
CyberLink WaveEditor
CyberLink WaveEditor
DARK VOID
Dead Space™
Die Sims™ 3
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EPSON-Drucker-Software
EVEREST Home Edition v2.20
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.2
FUSSBALL MANAGER 10
GIMP 2.6.7
Google Gears
Google Update Helper
Guitar Pro 5.2
HijackThis 2.0.2
ICQ6.5
James Cameron's AVATAR(tm): DAS SPIEL
Java(TM) 6 Update 15
JDownloader
KhalInstallWrapper
Left 4 Dead
LightScribe System Software
LightScribe Template Labeler
Liveupdate4
Logitech SetPoint
Malwarebytes' Anti-Malware
Mass Effect
Messenger Plus! Live
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (German) 2010 (Beta)
Microsoft Office Excel MUI (German) 2010 (Beta)
Microsoft Office OneNote MUI (German) 2010 (Beta)
Microsoft Office Outlook MUI (German) 2010 (Beta)
Microsoft Office PowerPoint MUI (German) 2010 (Beta)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (German) 2010 (Beta)
Microsoft Office Proof (Italian) 2010 (Beta)
Microsoft Office Proofing (German) 2010 (Beta)
Microsoft Office Publisher MUI (German) 2010 (Beta)
Microsoft Office Shared MUI (German) 2010 (Beta)
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Word MUI (German) 2010 (Beta)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mirror's Edge™
MozBackup 1.4.9
Mozilla Firefox (3.6)
Mp3tag v2.45a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v3 wireless USB 2.0 adapter
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA GAME System Software 2.8.1
NVIDIA PhysX
OpenAL
PDF-Viewer
Philips amBX V1.4
PowerCinema NE for Everio
PunkBuster Services
QuickTime
RealPlayer
Realtek High Definition Audio Driver
redist
Saw Game
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Skype™ 4.1
Spielefieber Kartenspiele für Vista
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
SurfMusik 3.1a
System Requirements Lab
Trillian
TuneUp Utilities
UltraISO Premium V9.33
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 9.0 CRT (x86) WinSXS MSM
VLC media player 1.0.1
Wild Earth - Africa
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool
Windows Media Player Firefox Plugin
WinRAR
WinZip 12.1
Wolfenstein(TM) 1.1 Patch
WORLD IN CONFLICT: SOVIET ASSAULT
XMedia Recode 2.1.9.5
Your Uninstaller! 2010
Seitenanfang Seitenende
06.03.2010, 19:40
Member

Themenstarter

Beiträge: 16
#6 ComboFix 10-03-05.06 - Maxxwood 06.03.2010 18:40:14.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3071.2131 [GMT 1:00]
ausgeführt von:: c:\users\Maxxwood\Desktop\neu\ram\ram.com
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\temp
c:\users\Maxxwood\AppData\Roaming\.#
c:\users\Maxxwood\AppData\Roaming\Desktopicon
c:\users\Maxxwood\AppData\Roaming\onload.exe
c:\windows\file_2.exe
c:\windows\system32\ntSVc.ocx
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((( Dateien erstellt von 2010-02-06 bis 2010-03-06 ))))))))))))))))))))))))))))))
.

2010-03-06 17:46 . 2010-03-06 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 17:10 . 2010-03-06 17:10 52224 ----a-w- c:\users\Maxxwood\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-06 17:10 . 2010-03-06 17:10 117760 ----a-w- c:\users\Maxxwood\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-06 17:08 . 2010-03-06 17:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-06 16:29 . 2010-03-06 16:29 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\SUPERAntiSpyware.com
2010-03-06 16:29 . 2010-03-06 16:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-03 14:42 . 2010-03-03 14:42 -------- d-----w- c:\programdata\Super X Studios
2010-03-02 15:05 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-02 15:05 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-02 15:05 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-02 15:05 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-02 14:35 . 2010-03-02 14:35 -------- d-----w- c:\users\Maxxwood\AppData\Local\Microsoft Corporation
2010-03-02 10:45 . 2010-03-02 11:36 -------- d-----w- c:\program files\JDownloader
2010-03-02 10:37 . 2010-03-02 10:37 -------- d-----w- c:\windows\Left 4 Dead
2010-02-27 11:30 . 2010-02-27 11:30 381406 ----a-w- c:\windows\file_3.exe
2010-02-26 00:07 . 2010-02-26 00:07 -------- d-----w- c:\users\Maxxwood\AppData\Local\Apps
2010-02-25 19:12 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-25 19:12 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-25 19:12 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-25 08:13 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 15:25 . 2010-02-24 15:28 -------- d-----w- c:\program files\XMedia Recode
2010-02-24 14:47 . 2010-02-24 14:47 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\mkvtoolnix
2010-02-24 14:47 . 2010-02-27 02:31 -------- d-----w- c:\program files\MKVtoolnix
2010-02-20 15:29 . 2010-02-20 15:29 -------- d-----w- c:\users\Maxxwood\AppData\Local\AliensVsPredator
2010-02-20 15:03 . 2010-02-15 11:03 286208 ----a-w- c:\windows\system\binkw32.dll
2010-02-19 20:18 . 2010-02-19 20:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-02-18 20:18 . 2010-02-18 20:18 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-18 20:18 . 2010-02-18 20:18 -------- d-----w- c:\program files\YouTube to MP3 Converter
2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\windows\PCHEALTH
2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\program files\Microsoft.NET
2010-02-18 19:57 . 2010-02-18 19:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-18 19:56 . 2010-02-18 19:56 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-18 19:55 . 2010-02-18 19:55 -------- d-----w- c:\users\Maxxwood\AppData\Local\Microsoft Help
2010-02-18 19:55 . 2010-03-02 15:19 -------- d-----w- c:\programdata\Microsoft Help
2010-02-18 19:55 . 2010-02-18 19:55 -------- d-----r- C:\MSOCache
2010-02-16 20:54 . 2010-02-16 20:54 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-13 12:37 . 2010-02-13 12:37 -------- d-----w- c:\windows\system32\temp
2010-02-13 12:37 . 2010-02-13 12:37 -------- d-----w- c:\programdata\PassMark
2010-02-13 12:37 . 2010-02-13 12:37 -------- d-----w- c:\program files\BurnInTest
2010-02-13 10:54 . 2010-02-13 12:21 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Bioshock2
2010-02-13 10:08 . 2010-02-13 10:08 -------- d--h--w- c:\windows\PIF
2010-02-13 10:01 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-13 10:01 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-13 10:01 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-13 10:01 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-02-13 10:01 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-02-13 10:01 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-13 10:01 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-13 10:01 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-13 10:01 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-13 10:01 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-02-13 10:00 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-13 10:00 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-13 10:00 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-13 10:00 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-13 10:00 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-13 10:00 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-13 10:00 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-13 10:00 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-13 10:00 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-13 10:00 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 06:56 . 2010-02-09 06:56 -------- d-----w- c:\users\Maxxwood\Cyberlink

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 17:25 . 2009-07-03 11:00 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\uTorrent
2010-03-06 17:08 . 2009-07-01 23:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-06 16:29 . 2009-08-16 15:53 -------- d-----w- c:\program files\Trillian
2010-03-06 12:11 . 2009-09-02 17:25 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\vlc
2010-03-06 10:35 . 2009-09-23 15:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-06 10:12 . 2009-07-01 18:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 09:55 . 2009-07-14 08:47 647138 ----a-w- c:\windows\system32\perfh007.dat
2010-03-06 09:55 . 2009-07-14 08:47 127198 ----a-w- c:\windows\system32\perfc007.dat
2010-03-06 09:14 . 2009-07-03 11:18 -------- d-----w- c:\program files\uTorrent
2010-03-03 15:40 . 2009-07-21 15:36 -------- d-----w- c:\program files\CCleaner
2010-03-02 14:34 . 2009-09-06 23:03 -------- d-----w- c:\program files\EVEREST Home Edition
2010-03-02 13:37 . 2010-01-24 19:20 121280 ----a-w- c:\users\Maxxwood\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 17:30 . 2009-08-31 16:41 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\dvdcss
2010-02-27 11:30 . 2010-02-27 11:30 12 ----a-w- c:\windows\system32\DROPPEDFILEOKgfx3.tmp
2010-02-27 02:26 . 2010-01-12 20:44 -------- d-----w- c:\program files\SSC Service Utility
2010-02-27 02:09 . 2009-07-17 11:03 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Ubisoft
2010-02-27 02:02 . 2009-10-07 10:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-27 00:24 . 2009-07-03 14:49 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-27 00:23 . 2009-07-03 14:49 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-26 23:23 . 2009-07-30 13:37 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Skype
2010-02-26 23:23 . 2009-07-30 13:40 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\skypePM
2010-02-26 17:28 . 2009-10-14 00:44 -------- d-----w- c:\program files\MSI Live Update 4
2010-02-20 16:07 . 2010-01-24 18:27 -------- d-----w- c:\programdata\NVIDIA
2010-02-20 16:05 . 2010-01-24 18:27 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-18 20:43 . 2009-07-03 14:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-18 20:18 . 2009-08-29 18:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-16 18:49 . 2009-07-07 17:47 1 ----a-w- c:\users\Maxxwood\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-14 11:09 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-13 12:44 . 2009-08-25 09:51 -------- d-----w- c:\program files\Google
2010-02-09 06:56 . 2009-08-22 12:26 -------- d-----w- c:\programdata\Cyberlink
2010-02-04 13:49 . 2010-02-04 13:36 -------- d-----w- c:\program files\Navilog1
2010-02-04 13:17 . 2010-02-04 13:17 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Malwarebytes
2010-02-04 13:17 . 2010-02-04 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 13:16 . 2010-02-04 13:16 -------- d-----w- c:\programdata\Malwarebytes
2010-02-04 08:26 . 2009-07-03 10:34 -------- d-----w- c:\program files\Avast4
2010-01-30 12:05 . 2010-01-30 12:05 -------- d-----w- c:\program files\Ashampoo Burning Studio 9
2010-01-30 11:47 . 2009-07-03 10:24 -------- d-----w- c:\users\Maxxwood\AppData\Roaming\Ashampoo
2010-01-30 09:53 . 2009-07-03 15:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-29 07:06 . 2009-09-17 14:38 -------- d-----w- c:\program files\Alcohol 120
2010-01-28 08:56 . 2009-07-03 13:28 -------- d-----w- c:\programdata\LogiShrd
2010-01-28 08:56 . 2009-07-03 13:27 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-25 11:45 . 2009-07-03 12:54 -------- d-----w- c:\program files\amBX
2010-01-25 11:10 . 2010-01-25 11:10 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-25 11:10 . 2010-01-25 11:09 -------- d-----w- c:\programdata\TuneUp Software
2010-01-25 11:09 . 2010-01-25 11:09 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-25 10:53 . 2010-01-25 10:53 -------- d-----w- c:\program files\MSXML 4.0
2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Vorlagen
2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Startmenü
2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Favoriten
2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Dokumente
2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\programdata\Anwendungsdaten
2010-01-24 19:13 . 2010-01-24 19:13 -------- d-sh--we c:\program files\Gemeinsame Dateien
2010-01-24 18:52 . 2010-01-24 18:52 21532 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-24 18:37 . 2010-01-19 13:33 -------- d-----w- c:\programdata\Solidshield
2010-01-24 18:37 . 2009-08-12 17:08 -------- dc-h--w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2010-01-24 18:37 . 2009-08-12 16:32 -------- dc-h--w- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2010-01-24 18:37 . 2009-07-20 12:28 -------- d-----w- c:\programdata\Tages
2010-01-24 18:37 . 2009-07-17 09:56 -------- d-----w- c:\programdata\Ubisoft
2010-01-24 18:37 . 2009-07-09 18:07 -------- d-----w- c:\programdata\UDL
2010-01-24 18:37 . 2009-07-03 11:07 -------- d-----w- c:\programdata\WinZip
2010-01-24 18:37 . 2009-07-30 13:36 -------- d-----w- c:\programdata\Skype
2010-01-24 18:37 . 2009-07-03 13:08 -------- d-----w- c:\programdata\SlySoft
2010-01-24 18:37 . 2010-01-14 15:05 -------- d-sh--w- c:\programdata\SecuROM
2010-01-24 18:37 . 2009-10-17 17:52 -------- d-----w- c:\programdata\Screaming Bee
2010-01-24 18:37 . 2009-08-16 17:41 -------- d-----w- c:\programdata\Propellerhead Software
2010-01-24 18:35 . 2009-07-03 15:29 -------- d-----w- c:\program files\OpenAL
2010-01-24 18:35 . 2009-07-01 18:20 -------- d-----w- c:\program files\NETGEAR
2010-01-24 18:35 . 2009-07-17 10:33 -------- d-----w- c:\program files\Mp3tag
2010-01-24 18:35 . 2009-07-03 12:17 -------- d-----w- c:\program files\MSI
2010-01-24 18:35 . 2009-08-13 13:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 18:35 . 2009-07-16 13:05 -------- d-----w- c:\program files\Microsoft WSE
2010-01-24 18:35 . 2009-07-16 11:15 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-24 18:35 . 2009-07-03 10:20 -------- d-----w- c:\program files\MozBackup
2010-01-24 18:35 . 2009-07-03 14:40 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-24 18:35 . 2009-07-03 12:05 -------- d-----w- c:\program files\Microsoft
2010-01-24 18:35 . 2009-07-03 13:27 -------- d-----w- c:\program files\Logitech
2010-01-24 18:35 . 2009-11-13 16:38 -------- d-----w- c:\program files\LightScribe Template Labeler
2010-01-24 18:35 . 2009-07-03 14:00 -------- d-----w- c:\program files\Java
2010-01-24 18:34 . 2009-07-03 12:59 -------- d-----w- c:\program files\ICQ6.5
2010-01-24 18:34 . 2009-08-16 19:50 -------- d-----w- c:\program files\Guitar Pro 5
2010-01-24 18:34 . 2009-09-23 15:56 -------- d-----w- c:\program files\GIMP-2.0
2010-01-24 18:34 . 2009-10-22 16:40 -------- d-----w- c:\program files\Futuremark
2010-01-24 18:34 . 2009-09-25 16:40 -------- d-----w- c:\program files\Free YouTube to MP3 Converter
2010-01-24 18:34 . 2009-07-09 17:55 -------- d-----w- c:\program files\epson
2010-01-24 18:34 . 2009-07-03 10:41 -------- d-----w- c:\program files\DivX
2010-01-24 18:34 . 2009-10-22 17:08 -------- d-----w- c:\program files\CyberLink PCM4Everio
2010-01-24 18:33 . 2009-08-22 12:24 -------- d-----w- c:\program files\CyberLink
2010-01-24 18:28 . 2010-01-24 18:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-24 18:28 . 2010-01-24 18:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-24 18:25 . 2010-01-24 18:25 -------- d-----w- c:\program files\Realtek
2010-01-21 10:52 . 2010-01-21 06:29 -------- d-sh--r- c:\users\Maxxwood\AppData\Roaming\Update
2010-01-19 13:42 . 2010-01-19 13:42 723456 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{03DA9430-1FD8-9D73-384A-7AD7DCB5C843}-keygen.exe
2010-01-18 12:59 . 2010-01-18 12:59 7680 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\talk.dll
2010-01-18 12:59 . 2010-01-18 12:59 7168 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\events.dll
2010-01-18 12:59 . 2010-01-18 12:59 2048 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\toolkit.dll
2010-01-18 12:59 . 2010-01-18 12:59 10240 ----a-w- c:\users\Maxxwood\AppData\Roaming\Trillian\languages\de\buddy.dll
2010-01-14 15:14 . 2010-01-14 15:14 7225344 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A7D3EB85-28AF-CB85-B0FC-FD5E1891CC98}-DLCSetup.exe
2010-01-14 15:14 . 2010-01-14 15:14 29352595 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{BBA7D76A-1B39-1605-753A-5900F0894ABD}-Borderlands.exe
2010-01-14 10:12 . 2009-10-03 11:08 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MIF5BA~1\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]
"amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\amBXAppMgr.exe" [2008-10-03 237568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avast!"="c:\program files\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
amBX Effects.lnk - c:\program files\amBX\Effects\amBX Event Manager.exe [2009-7-3 47616]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-3 813584]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DualCoreCenter.lnk]
backup=c:\windows\pss\DualCoreCenter.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DualCoreCenter.lnk

[HKLM\~\startupfolder\C:^Users^Maxxwood^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Maxxwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amBX Daemon]
2009-09-28 14:27 229376 ----a-w- c:\program files\amBX\Control Panel\amBXDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-01 16:00 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 13:21 103720 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-04-03 08:45 151552 ----a-w- c:\program files\CyberLink PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-08-09 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 16:50 50472 ----a-w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 13:22 87336 ----a-w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-27 00:29 1217872 ----a-w- e:\games\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 15:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-03 10:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

R1 SASDIFSV;SASDIFSV;c:\users\Maxxwood\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Maxxwood\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
R2 Philips HAL Starter;Philips HAL Starter;c:\program files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe [2008-06-09 10752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SASENUM;SASENUM;c:\users\Maxxwood\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 133104]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-30 691696]
S1 aswSP;avast! Self Protection; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/05 11:39];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 87536]
S2 amBX Engine;amBX Engine;c:\program files\amBX\System\amBX_Engine.exe [2008-04-17 434176]
S2 amBX Service;amBX Service;c:\program files\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [2008-06-09 540672]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 09:51]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 09:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Maxxwood\AppData\Roaming\Mozilla\Firefox\Profiles\myz2xq1b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL -
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-DelReg - c:\program files\MSI DualCoreCenter\DelReg.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-MSN - c:\windows\svchost.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
ActiveSetup-{49C86EC6-E46D-4D90-92E4-20EB8E3DC74B} - msiexec



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-133387703-4160369434-2984978302-1000\Software\SecuROM\License information*]
"datasecu"=hex:3b,20,20,57,01,a6,7b,65,dc,ff,fe,31,46,74,73,97,a3,8e,db,0e,7d,
5e,07,44,a8,19,33,9a,53,71,c9,5f,62,77,c1,b6,a8,21,9d,2c,5c,fb,ce,2d,4a,ed,\
"rkeysecu"=hex:c5,cb,58,00,90,fa,5b,88,86,ae,c0,15,e5,b9,61,2f

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5216)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2010-03-06 18:48:56
ComboFix-quarantined-files.txt 2010-03-06 17:48

Vor Suchlauf: 9 Verzeichnis(se), 111.897.845.760 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 111.713.697.792 Bytes frei

- - End Of File - - 0AFDE51405FDFB30FC6E77DD31250FB9
Seitenanfang Seitenende
06.03.2010, 20:00
Member

Beiträge: 3716
#7 ok, nun gmer und dann malwarebytes.
Seitenanfang Seitenende
06.03.2010, 20:12
Member

Themenstarter

Beiträge: 16
#8 GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-06 19:32:09
Windows 6.1.7600
Running: nsoi1qo8.exe; Driver: C:\Users\Maxxwood\AppData\Local\Temp\kxldqpog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830182D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83017898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830301A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C48579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4C6E300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA4CB6300, 0x1BEE, 0xE8000020]
.text peauth.sys A4CC0C9D 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...]
.text peauth.sys A4CC0CC1 28 Bytes [04, 9B, E3, CF, DE, A9, F7, ...]
PAGE peauth.sys A4CC6B9B 72 Bytes [60, CB, D9, 1F, 62, F0, 11, ...]
PAGE peauth.sys A4CC6BEC 111 Bytes [EE, 9A, 9F, CE, 6A, 5A, B1, ...]
PAGE peauth.sys A4CC6E20 101 Bytes [09, 92, 4F, BD, 77, 09, 96, ...]
PAGE ...
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA4D8B000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA4DAE050]
.text kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470
.text kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440
.text kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0
.text kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0
.text kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Avast4\ashDisp.exe[120] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[540] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00012470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00012440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000124A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000124C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[860] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000124E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0053000A
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 004D000A
.text C:\Windows\system32\svchost.exe[1036] ole32.dll!CoCreateInstance 75CC57FC 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!GetCursorPos 7755C198 5 Bytes JMP 0058000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00022470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00022440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 000224A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 000224C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1296] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 000224E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 00332470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 00332440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 003324A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 003324C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[1560] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 003324E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 0037000A
.text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 0038000A
.text C:\Windows\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0036000A
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 002D2470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 002D2440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 002D24A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 002D24C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2532] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 002D24E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2688] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExW 7627B6BF 5 Bytes JMP 10002470 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryExA 7627BC8B 5 Bytes JMP 10002440 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryA 76282864 5 Bytes JMP 100024A0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!LoadLibraryW 762828B2 5 Bytes JMP 100024C0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Users\Maxxwood\Desktop\neu\nsoi1qo8.exe[5208] kernel32.dll!ExitProcess 76282ACF 5 Bytes JMP 100024E0 C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll (amBX LoadLibInterceptor Dynamic Link Library/Koninklijke Philips N.V.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtProtectVirtualMemory 77865360 5 Bytes JMP 004E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!NtWriteVirtualMemory 77865EE0 5 Bytes JMP 004F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6008] ntdll.dll!KiUserExceptionDispatcher 77866448 5 Bytes JMP 0046000A

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Disabled 0
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\PocketPC04\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@ Microsoft Office OneNote Mobile ActiveSync Provider for Desktop
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Store OneNoteMobile.SpnSync.1
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Disabled 0
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@DefaultIcon C:\PROGRA~1\MIF5BA~1\Office14\ONENOT~2.DLL,-100
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Display Name Microsoft Office OneNote
Reg HKLM\SOFTWARE\Microsoft\Windows CE Services\SpecialDefaults\SmartPhone\Services\Synchronization\Objects\OneNote Note@Plural Name Microsoft Office OneNote

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
06.03.2010, 20:13
Member

Themenstarter

Beiträge: 16
#9 Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3829
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.03.2010 19:12:36
mbam-log-2010-03-06 (19-12-33).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 112991
Laufzeit: 3 minute(s), 5 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\file_3.exe (Trojan.Agent) -> No action taken.
Seitenanfang Seitenende
06.03.2010, 20:28
Member

Beiträge: 3716
#10 bitte lasse malwarebytes den fund löschen, berichte wie der pc läuft.
Seitenanfang Seitenende
06.03.2010, 20:29
Member

Themenstarter

Beiträge: 16
#11 Hab ich schon löschen lassen hat sich aber nichts daran geändert es kommen immer noch meldungen mit viren im temp ordner

Die andere Log´s waren die ok oder gab es da was verdächtig klingt?
Seitenanfang Seitenende
06.03.2010, 20:56
Member

Beiträge: 3716
#12 1. werden auch google suchanfragen umgeleitet?
2. upgrade mal auf avast 5.
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125180-rootkit-tdss-entfernen-norman-tdss-cleaner.html
rechtsklick als admin starten, das oder die logs posten.
kommt drauf an ob was gefunden wird und der pc neu startet.
Seitenanfang Seitenende
06.03.2010, 20:59
Member

Themenstarter

Beiträge: 16
#13 Manchmal werden suchanfragen umgeleitet aber nicht immer
Seitenanfang Seitenende
06.03.2010, 21:35
Member

Beiträge: 3716
#14 ok, versuch mal den tdss cleaner.
Seitenanfang Seitenende
06.03.2010, 21:41
Member

Themenstarter

Beiträge: 16
#15 hab ich gerade durch laufen lassen da wurde nichts gefunden
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: