Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe

ComboFix 11-11-26.04 - Gerd 27.11.2011  12:51:47.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.2448 [GMT 1:00]
ausgeführt von:: c:\users\Gerd\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gerd\AppData\Roaming\.#
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-27 bis 2011-11-27  ))))))))))))))))))))))))))))))
.
.
2011-11-27 12:06 . 2011-11-27 12:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-27 11:08 . 2011-11-27 11:08	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B96C2C7-F320-44A0-9607-24CE4F9E919E}\offreg.dll
2011-11-26 08:27 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B96C2C7-F320-44A0-9607-24CE4F9E919E}\mpengine.dll
2011-11-26 03:59 . 2011-11-26 03:59	--------	d-----w-	c:\program files (x86)\Zone Labs
2011-11-26 03:59 . 2011-11-26 03:59	--------	d-----w-	c:\windows\SysWow64\Zonelabs
2011-11-25 21:41 . 2011-11-26 05:10	--------	d-----w-	c:\programdata\SecTaskMan
2011-11-25 21:41 . 2011-11-25 21:41	--------	d-----w-	c:\program files (x86)\Security Task Manager
2011-11-22 04:39 . 2011-11-22 04:39	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-18 15:33 . 2011-11-18 15:33	--------	d-----w-	c:\users\Gerd\AppData\Roaming\ASCOMP Software
2011-11-18 15:33 . 2011-11-18 15:33	--------	d-----w-	c:\program files (x86)\ASCOMP Software
2011-11-16 20:45 . 2011-11-26 09:25	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2011-11-16 12:01 . 2011-11-23 20:35	--------	d-----w-	c:\users\Gerd\Alte Daten
2011-11-16 06:28 . 2011-11-16 06:28	--------	d-----w-	c:\users\Gerd\AppData\Local\DDMSettings
2011-11-15 06:57 . 2011-11-27 10:05	--------	d-----w-	c:\windows\Internet Logs
2011-11-15 06:57 . 2011-11-15 06:57	--------	d-----w-	c:\users\Gerd\AppData\Local\Conduit
2011-11-15 06:44 . 2011-11-15 06:56	--------	d-----w-	c:\program files (x86)\CheckPoint
2011-11-11 05:57 . 2011-11-11 05:57	--------	d-----w-	c:\program files (x86)\IEAdblock
2011-11-09 18:37 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 18:37 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:37 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:37 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-09 15:46 . 2011-11-09 15:46	--------	d-----w-	c:\program files\Agnitum
2011-11-09 15:42 . 2011-11-09 15:42	--------	d-----w-	c:\programdata\Agnitum
2011-11-07 06:01 . 2011-11-07 06:01	--------	d-----w-	c:\users\Gerd\AppData\Local\adaware
2011-11-07 06:01 . 2011-11-27 11:09	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2011-11-07 06:01 . 2011-11-07 06:01	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2011-11-07 06:01 . 2011-11-07 06:01	--------	d-----w-	c:\program files (x86)\adawaretb
2011-11-05 13:54 . 2011-11-26 02:59	--------	d-----w-	c:\users\Gerd\Tracing
2011-11-03 17:45 . 2011-11-03 17:45	--------	d-----w-	c:\users\Gerd\AppData\Roaming\Avira
2011-11-03 17:45 . 2011-10-11 14:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-03 17:45 . 2011-10-11 14:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-11-03 17:45 . 2011-10-11 14:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-03 17:45 . 2011-11-03 17:45	--------	d-----w-	c:\programdata\Avira
2011-11-03 17:45 . 2011-11-03 17:45	--------	d-----w-	c:\program files (x86)\Avira
2011-11-03 11:31 . 2011-11-09 19:03	--------	d-----w-	c:\users\Gerd\Logox für alle Anwendungen
2011-11-02 14:46 . 2011-11-02 14:46	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-11-02 14:45 . 2011-11-02 14:45	--------	d-----w-	c:\program files (x86)\Java
2011-10-28 12:26 . 2011-10-28 12:26	--------	d-----w-	c:\windows\system32\Macromed
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 09:01 . 2011-05-21 08:54	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-07 06:02 . 2011-09-10 23:25	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-11-03 11:06 . 2011-08-30 23:56	69376	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-11-02 14:45 . 2010-08-20 14:55	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-10-20 23:26 . 2011-10-20 23:26	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2011-10-13 20:29 . 2011-10-13 20:29	42392	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:29 . 2011-10-13 20:29	28056	----a-w-	c:\windows\system32\xfcodec64.dll
2011-10-01 06:24 . 2011-10-01 06:24	73728	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut5_D216F3B2761946D6B253BD0528BFB287.exe
2011-10-01 06:24 . 2011-10-01 06:24	69632	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut7_D216F3B2761946D6B253BD0528BFB287.exe
2011-10-01 06:24 . 2011-10-01 06:24	65536	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut1_D216F3B2761946D6B253BD0528BFB287.exe
2011-10-01 06:24 . 2011-10-01 06:24	65536	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\ARPPRODUCTICON.exe
2011-10-01 06:24 . 2011-10-01 06:24	335872	----a-r-	c:\users\Gerd\AppData\Roaming\Microsoft\Installer\{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}\NewShortcut2_D216F3B2761946D6B253BD0528BFB287.exe
2011-09-10 15:18 . 2010-08-29 05:26	230864	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-09-08 20:57 . 2010-08-21 09:34	163840	----a-w-	c:\windows\LgxSetup.exe
2011-09-06 18:14 . 2011-04-21 19:30	253952	------w-	c:\windows\Setup1.exe
2011-09-06 18:14 . 2011-04-21 19:30	74752	----a-w-	c:\windows\ST6UNST.EXE
2011-09-01 05:24 . 2011-10-12 20:31	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 20:31	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 20:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 20:31	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 20:31	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 20:31	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10	87440	----a-w-	c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08	2393184	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 20:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Microsoft Works Update Detection"=c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"TrayServer"=c:\program files (x86)\MAGIX\Video_deluxe_16_Premium\TrayServer.exe
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [x]
R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CPen;C-Pen;c:\windows\system32\Drivers\CPen.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [x]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 bc_hash_f;BC_HASH_Filter; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 bcfsrm;Jetico Personal Firewall filesystem filter;c:\windows\system32\drivers\bcfsrm.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-09 1394504]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{07e84f41-11d5-4615-aaf6-368df0762b41}]
2011-07-01 09:38	153232	---ha-w-	c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 14:38]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 14:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-06 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.tagesschau.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ 7.5\ICQ7.5\ICQ.exe
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\progra~2\COMMON~1\WEBSPE~1.0\LgxIEBar.dll
Trusted Zone: matheboard.de\www
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\uxc6fp4v.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/|hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite|hxxp://www.youtube.com/|hxxp://www.allmystery.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
HKLM-Run-ISW - (no file)
AddRemove-Blair Witch Volume One - Rustin Parr - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn-Sushi - c:\windows\system32\MOORHU~1.SCR
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-27  13:12:59
ComboFix-quarantined-files.txt  2011-11-27 12:12
.
Vor Suchlauf: 7 Verzeichnis(se), 215.172.706.304 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 214.645.305.344 Bytes frei
.
- - End Of File - - 709E53DE972059EBA5EE3834A99E3694