Virus Trojan.Generic.* und Exe.Corrupted Infektion

ComboFix 10-07-03.06 - Hansi 04.07.2010  21:54:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1210 [GMT 2:00]
ausgeführt von:: c:\users\Hansi\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081215-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081215-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-06-04 bis 2010-07-04  ))))))))))))))))))))))))))))))
.

2010-07-04 20:01 . 2010-07-04 20:01	--------	d-----w-	c:\users\Hansi\AppData\Local\temp
2010-07-04 20:01 . 2010-07-04 20:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-04 10:09 . 2010-07-04 10:09	--------	d-----w-	C:\escan
2010-07-03 21:47 . 2010-07-03 21:47	--------	d---a-w-	c:\windows\rundll16.exe
2010-07-03 21:47 . 2010-07-03 21:47	--------	d---a-w-	c:\windows\logo1_.exe
2010-07-03 21:45 . 2010-07-03 21:45	--------	d---a-w-	c:\windows\VDLL.DLL
2010-07-03 21:45 . 2010-07-03 21:45	--------	d---a-w-	c:\windows\system32\runouce.exe
2010-07-03 21:45 . 2010-07-03 21:45	--------	d---a-w-	c:\windows\RUNDL132.EXE
2010-07-03 21:45 . 2010-07-03 21:45	--------	d---a-w-	c:\windows\logo_1.exe
2010-07-03 21:42 . 2010-07-03 21:42	554240	----a-w-	c:\windows\system32\msvcp80.dll
2010-07-03 21:42 . 2010-07-03 21:42	34048	----a-w-	c:\windows\system32\eEmpty.exe
2010-07-03 21:42 . 2010-07-03 21:42	--------	d-----w-	c:\program files\Common Files\MicroWorld
2010-07-03 21:42 . 2010-07-03 21:42	--------	d-----w-	c:\programdata\MicroWorld
2010-07-03 21:12 . 2010-07-03 21:12	--------	d-----w-	c:\program files\Trend Micro
2010-07-03 20:54 . 2010-07-03 20:54	--------	d-----w-	c:\program files\CCleaner
2010-07-03 20:40 . 2010-06-28 20:57	38848	----a-w-	c:\windows\avastSS.scr
2010-06-13 19:07 . 2010-06-13 19:07	--------	d-----w-	c:\program files\uTorrent
2010-06-13 19:05 . 2010-07-04 19:58	--------	d-----w-	c:\users\Hansi\AppData\Roaming\uTorrent
2010-06-13 11:42 . 2010-06-13 12:06	--------	d-----w-	c:\users\Hansi\AppData\Roaming\vlc
2010-06-13 11:41 . 2010-06-13 11:41	--------	d-----w-	c:\program files\VideoLAN
2010-06-13 11:18 . 2010-06-13 11:18	--------	d-----w-	c:\users\Hansi\AppData\Local\Apple Computer
2010-06-13 11:12 . 2010-06-13 11:12	--------	d-----w-	c:\users\Hansi\AppData\Roaming\Apple Computer
2010-06-06 20:12 . 2009-12-14 10:33	53248	----a-w-	c:\windows\system32\CSVer.dll
2010-06-06 20:10 . 2010-06-06 20:10	--------	d-----w-	C:\Intel
2010-06-06 19:36 . 2010-06-06 19:36	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-06-06 19:24 . 2010-06-06 19:24	--------	d-----w-	c:\programdata\UAB
2010-06-06 19:24 . 2010-06-06 19:24	--------	d-----w-	c:\users\Hansi\AppData\Local\PC_Drivers_Headquarters
2010-06-06 19:24 . 2010-06-06 19:24	--------	d-----w-	c:\programdata\PC Drivers HeadQuarters
2010-06-06 19:22 . 2010-06-06 19:22	--------	d-----w-	c:\program files\PC Drivers HeadQuarters

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-04 20:02 . 2010-04-30 20:36	--------	d-----w-	c:\users\Hansi\AppData\Roaming\Skype
2010-07-03 20:35 . 2006-11-02 15:33	675412	----a-w-	c:\windows\system32\perfh007.dat
2010-07-03 20:35 . 2006-11-02 15:33	146234	----a-w-	c:\windows\system32\perfc007.dat
2010-07-03 20:28 . 2008-08-16 21:18	--------	d-----w-	c:\programdata\Google Updater
2010-06-28 20:57 . 2007-10-20 14:54	165032	----a-w-	c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2007-10-20 14:54	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-08-03 17:12	165456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2007-10-20 14:54	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2007-10-20 14:54	50256	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-08-03 17:12	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-06-20 10:13 . 2007-03-26 11:03	--------	d-----r-	c:\program files\Skype
2010-06-20 10:13 . 2007-03-26 11:04	--------	d-----w-	c:\programdata\Skype
2010-06-12 19:15 . 2008-07-23 20:39	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-06-12 19:13 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-05-28 17:34 . 2010-05-28 17:34	--------	d-----w-	c:\program files\sequoiaview
2010-05-28 16:58 . 2009-01-31 17:02	--------	d-----w-	c:\program files\Microsoft
2010-05-28 16:32 . 2010-05-28 16:32	--------	d-----w-	c:\program files\Secunia
2010-05-28 11:04 . 2010-05-28 11:04	14896	----a-w-	c:\windows\system32\drivers\psi_mf.sys
2010-05-26 17:06 . 2010-06-12 18:29	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 18:29	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-24 15:33 . 2007-10-20 16:23	--------	d-----w-	c:\program files\QuickTime
2010-05-24 15:32 . 2010-05-24 15:32	--------	d-----w-	c:\programdata\Apple Computer
2010-05-24 15:31 . 2010-05-24 15:31	--------	d-----w-	c:\program files\Common Files\Apple
2010-05-24 15:30 . 2010-05-24 15:30	--------	d-----w-	c:\program files\Apple Software Update
2010-05-24 15:30 . 2010-05-24 15:30	--------	d-----w-	c:\programdata\Apple
2010-05-21 12:14 . 2009-11-06 18:33	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-12 18:29	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-12 18:29	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-12 18:29	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-12 18:29	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-12 18:29	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-30 20:54 . 2010-04-30 20:54	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2010-04-30 19:04 . 2010-04-30 19:04	0	----a-w-	c:\windows\nsreg.dat
2010-04-30 18:58 . 2007-10-16 10:34	113536	----a-w-	c:\users\Hansi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 14:13 . 2010-05-28 16:32	2048	----a-w-	c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"\\MEDIONLT\EPSON Stylus D78 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE" [2006-09-22 139264]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-13 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26194728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-24 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-24 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-24 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19	98304	----a-w-	c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,a6,00,78,32,8b,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-600995965-2057509812-2277749265-1003]
"EnableNotificationsRef"=dword:00000001

R3 AVMUNET;Eumex 300 IP;c:\windows\system32\DRIVERS\avmunet.sys [2005-04-18 15104]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
R3 VUAgent;VUAgent;c:\program files\sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2001-01-08 15576]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-26 08:52]

2010-07-04 c:\windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job
- c:\windows\system32\msfeedssync.exe [2010-06-12 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = eumex.ip
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Hansi\AppData\Roaming\Mozilla\Firefox\Profiles\40ywxk84.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-04 22:01
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-07-04  22:06:03
ComboFix-quarantined-files.txt  2010-07-04 20:06

Vor Suchlauf: 13 Verzeichnis(se), 86.461.714.432 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 86.916.907.008 Bytes frei

- - End Of File - - 0B03617C6DAE70DDAC93CA4B2AC123D5