Trojaner-Board - werde ständig beim google browsen redirectet. bin ratlos

Soo. Hier ist es :) ja gewinnen KANN schön sein :D

Combofix Logfile:

Code:

ComboFix 11-06-24.01 - *** 24.06.2011  16:28:32.1.6 - x64

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.8190.6388 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\***\AppData\Roaming\.#

c:\users\***\AppData\Roaming\.#\MBX@10B0@E42708.###

c:\users\***\AppData\Roaming\.#\MBX@10B0@E42738.###

c:\users\***\AppData\Roaming\msnsvconfig.txt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-24 bis 2011-06-24  ))))))))))))))))))))))))))))))

.

.

2011-06-24 14:33 . 2011-06-24 14:33        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-06-24 09:25 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-24 09:25 . 2011-06-24 09:25        --------        d-----w-        c:\programdata\Malwarebytes

2011-06-24 09:25 . 2011-06-24 09:25        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-24 09:25 . 2011-05-29 07:11        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-06-23 15:38 . 2011-06-23 15:38        197120        ----a-w-        c:\windows\system32\d3d10_1.dll

2011-06-23 15:38 . 2011-06-23 15:38        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll

2011-06-23 15:38 . 2011-06-23 15:38        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-06-23 15:38 . 2011-06-23 15:38        662528        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-06-23 15:38 . 2011-06-23 15:38        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-06-23 15:37 . 2011-06-23 15:37        31232        ----a-w-        c:\windows\SysWow64\prevhost.exe

2011-06-23 15:37 . 2011-06-23 15:37        31232        ----a-w-        c:\windows\system32\prevhost.exe

2011-06-23 15:37 . 2011-06-23 15:37        2870272        ----a-w-        c:\windows\explorer.exe

2011-06-23 15:37 . 2011-06-23 15:37        2614784        ----a-w-        c:\windows\SysWow64\explorer.exe

2011-06-23 15:37 . 2011-06-23 15:37        476160        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-06-23 15:37 . 2011-06-23 15:37        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2011-06-23 15:37 . 2011-06-23 15:37        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-06-23 15:37 . 2011-06-23 15:37        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-06-23 15:37 . 2011-06-23 15:37        1540608        ----a-w-        c:\windows\system32\DWrite.dll

2011-06-23 15:37 . 2011-06-23 15:37        1135104        ----a-w-        c:\windows\system32\FntCache.dll

2011-06-23 15:37 . 2011-06-23 15:37        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll

2011-06-23 13:38 . 2011-06-23 13:38        367104        ----a-w-        c:\windows\system32\wcncsvc.dll

2011-06-23 13:36 . 2011-06-23 13:36        214016        ----a-w-        c:\windows\system32\winsrv.dll

2011-06-23 13:36 . 2011-06-23 13:36        7680        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

2011-06-23 13:36 . 2011-06-23 13:36        7680        ----a-w-        c:\program files (x86)\Internet Explorer\iecompat.dll

2011-06-23 13:35 . 2011-06-23 13:35        613888        ----a-w-        c:\windows\system32\psisdecd.dll

2011-06-23 13:35 . 2011-06-23 13:35        552960        ----a-w-        c:\windows\system32\msdri.dll

2011-06-23 13:35 . 2011-06-23 13:35        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll

2011-06-23 13:35 . 2011-06-23 13:35        288256        ----a-w-        c:\windows\system32\MSNP.ax

2011-06-23 13:35 . 2011-06-23 13:35        204288        ----a-w-        c:\windows\SysWow64\MSNP.ax

2011-06-23 13:24 . 2011-06-23 13:24        243712        ----a-w-        c:\windows\system32\drivers\ks.sys

2011-06-23 13:24 . 2011-06-23 13:24        14336        ----a-w-        c:\windows\system32\drivers\sffp_sd.sys

2011-06-23 13:24 . 2011-06-23 13:24        223448        ----a-w-        c:\windows\system32\drivers\fvevol.sys

2011-06-23 13:23 . 2011-06-23 13:23        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2011-06-23 13:23 . 2011-06-23 13:23        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2011-06-23 13:23 . 2011-06-23 13:23        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2011-06-23 13:23 . 2011-06-23 13:23        243200        ----a-w-        c:\windows\system32\wow64.dll

2011-06-23 13:23 . 2011-06-23 13:23        2048        ----a-w-        c:\windows\SysWow64\user.exe

2011-06-23 13:23 . 2011-06-23 13:23        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2011-06-23 13:10 . 2010-03-02 10:35        116568        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-06-23 13:10 . 2010-02-16 11:24        81072        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-06-23 13:10 . 2009-05-11 09:49        51992        ----a-w-        c:\windows\SysWow64\drivers\avgntdd.sys

2011-06-23 13:10 . 2009-05-11 09:49        17016        ----a-w-        c:\windows\SysWow64\drivers\avgntmgr.sys

2011-06-23 13:10 . 2011-06-23 13:10        --------        d-----w-        c:\programdata\Avira

2011-06-23 13:10 . 2011-06-23 13:10        --------        d-----w-        c:\program files (x86)\Avira

2011-06-23 12:15 . 2011-06-23 12:15        163840        --sha-r-        c:\windows\SysWow64\odbc323.dll

2011-06-23 10:36 . 2011-06-23 10:36        --------        d-----w-        c:\users\UpdatusUser

2011-06-23 10:36 . 2011-05-25 07:25        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-06-21 23:42 . 2011-06-21 23:42        --------        d-----w-        c:\program files (x86)\Activision

2011-06-21 23:40 . 2011-06-21 23:40        --------        d-sh--w-        c:\windows\ftpcache

2011-06-21 13:16 . 2011-06-07 17:10        8873296        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C76BB9D-B545-4E4A-AA1C-4C9671FBF457}\mpengine.dll

2011-06-17 17:23 . 2011-06-17 17:23        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2011-06-15 23:19 . 2011-04-29 03:13        461312        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-06-15 23:19 . 2011-04-29 03:12        399872        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-06-15 23:19 . 2011-04-29 03:12        161792        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-06-15 23:19 . 2010-12-18 06:13        861184        ----a-w-        c:\windows\system32\oleaut32.dll

2011-06-15 23:19 . 2010-12-18 05:31        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-06-15 23:19 . 2011-05-03 05:21        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-06-15 23:19 . 2011-05-03 04:50        740864        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-06-13 18:09 . 2011-06-21 00:57        --------        d-----w-        c:\users\***

2011-06-13 18:08 . 2011-06-13 18:09        --------        d-----w-        c:\program files (x86)\ICQ7.5

2011-06-08 19:41 . 2011-06-08 19:41        --------        d-----w-        c:\program files (x86)\Stunlock Studios

2011-06-08 19:39 . 2011-06-08 19:39        --------        d-----w-        c:\program files (x86)\Microsoft XNA

2011-05-29 06:34 . 2011-05-29 06:34        --------        d-----w-        c:\program files (x86)\3D-RealityMaps

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-24 14:34 . 2011-04-03 17:31        25640        ----a-w-        c:\windows\gdrv.sys

2011-06-23 13:36 . 2011-06-23 13:36        347648        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-06-23 13:36 . 2011-06-23 13:36        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-06-23 13:23 . 2011-06-23 13:23        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2011-06-23 11:39 . 2011-04-03 17:58        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-06-21 23:52 . 2011-04-03 17:58        682280        ----a-w-        c:\windows\SysWow64\pbsvc.exe

2011-05-25 07:25 . 2011-01-07 18:48        1016936        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-05-25 07:25 . 2011-01-07 18:49        3040872        ----a-w-        c:\windows\system32\nvsvc64.dll

2011-05-25 07:25 . 2011-01-07 18:48        61544        ----a-w-        c:\windows\system32\nvshext.dll

2011-05-25 07:25 . 2011-01-07 18:48        117864        ----a-w-        c:\windows\system32\nvmctray.dll

2011-05-25 07:25 . 2011-01-07 18:49        6300776        ----a-w-        c:\windows\system32\nvcpl.dll

2011-05-25 07:25 . 2011-01-07 18:49        739432        ----a-w-        c:\windows\system32\easyUpdatusAPIU64.dll

2011-05-25 07:25 . 2009-07-13 21:59        8863336        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2011-05-25 07:25 . 2011-05-18 01:24        15223912        ----a-w-        c:\windows\system32\nvd3dumx.dll

2011-05-25 07:25 . 2011-05-18 01:24        11992680        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2011-05-25 07:25 . 2011-04-18 16:52        2644584        ----a-w-        c:\windows\system32\nvapi64.dll

2011-05-24 17:14 . 2010-02-09 22:35        270720        ------w-        c:\windows\system32\MpSigStub.exe

2011-05-20 20:35 . 2011-05-20 20:35        304744        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2011-05-18 00:10 . 2011-05-18 00:11        521448        ----a-w-        c:\windows\system32\deployJava1.dll

2011-05-17 12:27 . 2011-04-03 17:31        30528        ----a-w-        c:\windows\GVTDrv64.sys

2011-04-23 15:58 . 2011-04-23 15:58        419840        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-04-23 15:58 . 2011-04-23 15:58        413696        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2011-04-23 15:58 . 2011-04-23 15:58        133632        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-04-23 15:58 . 2011-04-23 15:58        110592        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2011-04-19 20:51 . 2011-04-19 20:51        25640        ----a-w-        c:\windows\etdrv.sys

2011-04-09 06:58 . 2011-05-24 13:21        142336        ----a-w-        c:\windows\system32\poqexec.exe

2011-04-09 06:45 . 2011-05-11 05:32        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-04-09 06:13 . 2011-05-11 05:32        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 05:32        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-24 13:21        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe

2011-04-05 17:09 . 2011-04-05 17:09        215144        ----a-w-        c:\windows\patchw32.dll

2011-04-05 16:55 . 2011-04-05 16:55        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll

2011-04-03 17:58 . 2011-04-03 17:58        66872        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2011-04-03 17:08 . 2011-04-03 17:08        505128        ----a-w-        c:\windows\SysWow64\msvcp71.dll

2011-04-03 17:08 . 2011-04-03 17:08        353576        ----a-w-        c:\windows\SysWow64\msvcr71.dll

2011-04-03 17:08 . 2011-04-03 17:08        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll

2011-03-30 10:08 . 2008-01-08 09:54        22328        ----a-w-        c:\users\***\AppData\Roaming\PnkBstrK.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft® Windows Update"="c:\users\***\M-1-25-8784-4125-7572\winsvc.exe" [2011-06-23 147456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/04/03 19:09;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-04-19 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-17 30528]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]

S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-04-22 11:09        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2008-12-19 7700480]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cs-manager.com/?l=de

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3656730891-4005576176-226255605-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:7f,e3,de,da,ce,08,1f,f0,6e,dc,2c,ab,74,f6,f6,78,13,4c,e7,af,14,42,9d,

   a9,20,cf,e1,83,d9,7d,e2,7c,22,a9,e6,08,3d,20,5d,96,f8,a9,7a,25,33,b3,94,a9,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-3656730891-4005576176-226255605-1000\Software\SecuROM\License information*]

"datasecu"=hex:84,31,23,12,a3,14,06,1a,03,30,65,d5,2b,13,fc,22,33,2f,73,6f,79,

   a9,73,6f,e4,e5,61,d5,0c,e0,ed,c4,79,1e,45,f5,27,a2,f7,85,0a,ae,da,15,70,ef,\

"rkeysecu"=hex:4d,0a,85,75,2e,53,20,75,f4,f0,c1,6f,b3,f4,3a,ba

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\windows\SysWOW64\rundll32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-06-24  16:38:39 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-06-24 14:38

.

Vor Suchlauf: 15 Verzeichnis(se), 70.115.991.552 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 69.964.496.896 Bytes frei

.

- - End Of File - - DF304231D3FFCEC8C39FA817ED62E01B

--- --- ---

Alle Schritte befolgt :) thats it

Combofix Logfile:

Code:

ComboFix 11-06-24.02 - *** 24.06.2011  17:08:39.2.6 - x64

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.8190.6446 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\***\Desktop\cfscript.txt

SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\***\M-1-25-8784-4125-7572

c:\users\***\M-1-25-8784-4125-7572\winsvc.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-24 bis 2011-06-24  ))))))))))))))))))))))))))))))

.

.

2011-06-24 15:12 . 2011-06-24 15:12        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-06-24 09:25 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-24 09:25 . 2011-06-24 09:25        --------        d-----w-        c:\programdata\Malwarebytes

2011-06-24 09:25 . 2011-06-24 09:25        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-24 09:25 . 2011-05-29 07:11        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-06-23 15:38 . 2011-06-23 15:38        197120        ----a-w-        c:\windows\system32\d3d10_1.dll

2011-06-23 15:38 . 2011-06-23 15:38        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll

2011-06-23 15:38 . 2011-06-23 15:38        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-06-23 15:38 . 2011-06-23 15:38        662528        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-06-23 15:38 . 2011-06-23 15:38        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-06-23 15:37 . 2011-06-23 15:37        31232        ----a-w-        c:\windows\SysWow64\prevhost.exe

2011-06-23 15:37 . 2011-06-23 15:37        31232        ----a-w-        c:\windows\system32\prevhost.exe

2011-06-23 15:37 . 2011-06-23 15:37        2870272        ----a-w-        c:\windows\explorer.exe

2011-06-23 15:37 . 2011-06-23 15:37        2614784        ----a-w-        c:\windows\SysWow64\explorer.exe

2011-06-23 15:37 . 2011-06-23 15:37        476160        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-06-23 15:37 . 2011-06-23 15:37        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2011-06-23 15:37 . 2011-06-23 15:37        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-06-23 15:37 . 2011-06-23 15:37        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-06-23 15:37 . 2011-06-23 15:37        1540608        ----a-w-        c:\windows\system32\DWrite.dll

2011-06-23 15:37 . 2011-06-23 15:37        1135104        ----a-w-        c:\windows\system32\FntCache.dll

2011-06-23 15:37 . 2011-06-23 15:37        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll

2011-06-23 13:38 . 2011-06-23 13:38        367104        ----a-w-        c:\windows\system32\wcncsvc.dll

2011-06-23 13:36 . 2011-06-23 13:36        214016        ----a-w-        c:\windows\system32\winsrv.dll

2011-06-23 13:36 . 2011-06-23 13:36        7680        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

2011-06-23 13:36 . 2011-06-23 13:36        7680        ----a-w-        c:\program files (x86)\Internet Explorer\iecompat.dll

2011-06-23 13:35 . 2011-06-23 13:35        613888        ----a-w-        c:\windows\system32\psisdecd.dll

2011-06-23 13:35 . 2011-06-23 13:35        552960        ----a-w-        c:\windows\system32\msdri.dll

2011-06-23 13:35 . 2011-06-23 13:35        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll

2011-06-23 13:35 . 2011-06-23 13:35        288256        ----a-w-        c:\windows\system32\MSNP.ax

2011-06-23 13:35 . 2011-06-23 13:35        204288        ----a-w-        c:\windows\SysWow64\MSNP.ax

2011-06-23 13:24 . 2011-06-23 13:24        243712        ----a-w-        c:\windows\system32\drivers\ks.sys

2011-06-23 13:24 . 2011-06-23 13:24        14336        ----a-w-        c:\windows\system32\drivers\sffp_sd.sys

2011-06-23 13:24 . 2011-06-23 13:24        223448        ----a-w-        c:\windows\system32\drivers\fvevol.sys

2011-06-23 13:23 . 2011-06-23 13:23        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2011-06-23 13:23 . 2011-06-23 13:23        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2011-06-23 13:23 . 2011-06-23 13:23        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2011-06-23 13:23 . 2011-06-23 13:23        243200        ----a-w-        c:\windows\system32\wow64.dll

2011-06-23 13:23 . 2011-06-23 13:23        2048        ----a-w-        c:\windows\SysWow64\user.exe

2011-06-23 13:23 . 2011-06-23 13:23        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2011-06-23 13:10 . 2010-03-02 10:35        116568        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-06-23 13:10 . 2010-02-16 11:24        81072        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-06-23 13:10 . 2009-05-11 09:49        51992        ----a-w-        c:\windows\SysWow64\drivers\avgntdd.sys

2011-06-23 13:10 . 2009-05-11 09:49        17016        ----a-w-        c:\windows\SysWow64\drivers\avgntmgr.sys

2011-06-23 13:10 . 2011-06-23 13:10        --------        d-----w-        c:\programdata\Avira

2011-06-23 13:10 . 2011-06-23 13:10        --------        d-----w-        c:\program files (x86)\Avira

2011-06-23 12:15 . 2011-06-23 12:15        163840        --sha-r-        c:\windows\SysWow64\odbc323.dll

2011-06-23 10:36 . 2011-06-23 10:36        --------        d-----w-        c:\users\UpdatusUser

2011-06-23 10:36 . 2011-05-25 07:25        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-06-21 23:42 . 2011-06-21 23:42        --------        d-----w-        c:\program files (x86)\Activision

2011-06-21 23:40 . 2011-06-21 23:40        --------        d-sh--w-        c:\windows\ftpcache

2011-06-21 13:16 . 2011-06-07 17:10        8873296        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C76BB9D-B545-4E4A-AA1C-4C9671FBF457}\mpengine.dll

2011-06-17 17:23 . 2011-06-17 17:23        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2011-06-15 23:19 . 2011-04-29 03:13        461312        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-06-15 23:19 . 2011-04-29 03:12        399872        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-06-15 23:19 . 2011-04-29 03:12        161792        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-06-15 23:19 . 2010-12-18 06:13        861184        ----a-w-        c:\windows\system32\oleaut32.dll

2011-06-15 23:19 . 2010-12-18 05:31        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-06-15 23:19 . 2011-05-03 05:21        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-06-15 23:19 . 2011-05-03 04:50        740864        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-06-13 18:09 . 2011-06-21 00:57        --------        d-----w-        c:\users\***

2011-06-13 18:08 . 2011-06-13 18:09        --------        d-----w-        c:\program files (x86)\ICQ7.5

2011-06-08 19:41 . 2011-06-08 19:41        --------        d-----w-        c:\program files (x86)\Stunlock Studios

2011-06-08 19:39 . 2011-06-08 19:39        --------        d-----w-        c:\program files (x86)\Microsoft XNA

2011-05-29 06:34 . 2011-05-29 06:34        --------        d-----w-        c:\program files (x86)\3D-RealityMaps

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-24 15:18 . 2011-04-03 17:31        25640        ----a-w-        c:\windows\gdrv.sys

2011-06-23 13:36 . 2011-06-23 13:36        347648        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-06-23 13:36 . 2011-06-23 13:36        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-06-23 13:23 . 2011-06-23 13:23        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2011-06-23 11:39 . 2011-04-03 17:58        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-06-21 23:52 . 2011-04-03 17:58        682280        ----a-w-        c:\windows\SysWow64\pbsvc.exe

2011-05-25 07:25 . 2011-01-07 18:48        1016936        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-05-25 07:25 . 2011-01-07 18:49        3040872        ----a-w-        c:\windows\system32\nvsvc64.dll

2011-05-25 07:25 . 2011-01-07 18:48        61544        ----a-w-        c:\windows\system32\nvshext.dll

2011-05-25 07:25 . 2011-01-07 18:48        117864        ----a-w-        c:\windows\system32\nvmctray.dll

2011-05-25 07:25 . 2011-01-07 18:49        6300776        ----a-w-        c:\windows\system32\nvcpl.dll

2011-05-25 07:25 . 2011-01-07 18:49        739432        ----a-w-        c:\windows\system32\easyUpdatusAPIU64.dll

2011-05-25 07:25 . 2009-07-13 21:59        8863336        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2011-05-25 07:25 . 2011-05-18 01:24        15223912        ----a-w-        c:\windows\system32\nvd3dumx.dll

2011-05-25 07:25 . 2011-05-18 01:24        11992680        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2011-05-25 07:25 . 2011-04-18 16:52        2644584        ----a-w-        c:\windows\system32\nvapi64.dll

2011-05-24 17:14 . 2010-02-09 22:35        270720        ------w-        c:\windows\system32\MpSigStub.exe

2011-05-20 20:35 . 2011-05-20 20:35        304744        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2011-05-18 00:10 . 2011-05-18 00:11        521448        ----a-w-        c:\windows\system32\deployJava1.dll

2011-05-17 12:27 . 2011-04-03 17:31        30528        ----a-w-        c:\windows\GVTDrv64.sys

2011-04-23 15:58 . 2011-04-23 15:58        419840        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-04-23 15:58 . 2011-04-23 15:58        413696        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2011-04-23 15:58 . 2011-04-23 15:58        133632        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-04-23 15:58 . 2011-04-23 15:58        110592        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2011-04-19 20:51 . 2011-04-19 20:51        25640        ----a-w-        c:\windows\etdrv.sys

2011-04-09 06:58 . 2011-05-24 13:21        142336        ----a-w-        c:\windows\system32\poqexec.exe

2011-04-09 06:45 . 2011-05-11 05:32        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-04-09 06:13 . 2011-05-11 05:32        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 05:32        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-24 13:21        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe

2011-04-05 17:09 . 2011-04-05 17:09        215144        ----a-w-        c:\windows\patchw32.dll

2011-04-05 16:55 . 2011-04-05 16:55        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll

2011-04-03 17:58 . 2011-04-03 17:58        66872        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2011-04-03 17:08 . 2011-04-03 17:08        505128        ----a-w-        c:\windows\SysWow64\msvcp71.dll

2011-04-03 17:08 . 2011-04-03 17:08        353576        ----a-w-        c:\windows\SysWow64\msvcr71.dll

2011-04-03 17:08 . 2011-04-03 17:08        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll

2011-03-30 10:08 . 2008-01-08 09:54        22328        ----a-w-        c:\users\***\AppData\Roaming\PnkBstrK.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-06-24_14.34.33   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-09 22:39 . 2011-06-24 14:37        40128              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-24 14:37        33688              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-04-03 15:25 . 2011-06-24 14:37        10972              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3656730891-4005576176-226255605-1000_UserData.bin

+ 2011-04-03 21:19 . 2011-06-24 15:18        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-04-03 21:19 . 2011-06-24 14:34        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-03 21:19 . 2011-06-24 15:18        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-04-03 21:19 . 2011-06-24 14:34        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-24 15:18        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-06-24 14:34        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-04 08:57 . 2011-06-24 14:11        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-04 08:57 . 2011-06-24 15:19        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-04-04 08:57 . 2011-06-24 14:11        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-04-04 08:57 . 2011-06-24 15:19        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-04-04 08:57 . 2011-06-24 15:19        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-04 08:57 . 2011-06-24 14:11        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-03 16:42 . 2011-06-24 14:17        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-03 16:42 . 2011-06-24 15:19        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-03 16:42 . 2011-06-24 15:19        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-03 16:42 . 2011-06-24 14:17        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-24 15:18 . 2011-06-24 15:18        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-24 15:18 . 2011-06-24 15:18        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-24 14:34 . 2011-06-24 14:34        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2011-06-24 15:17        236420              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-06-24 14:33        236420              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 02:34 . 2011-06-24 10:50        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-06-24 14:48        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/04/03 19:09;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-04-19 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-17 30528]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]

S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-04-22 11:09        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2008-12-19 7700480]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cs-manager.com/?l=de

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3656730891-4005576176-226255605-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:7f,e3,de,da,ce,08,1f,f0,6e,dc,2c,ab,74,f6,f6,78,13,4c,e7,af,14,42,9d,

   a9,20,cf,e1,83,d9,7d,e2,7c,22,a9,e6,08,3d,20,5d,96,f8,a9,7a,25,33,b3,94,a9,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-3656730891-4005576176-226255605-1000\Software\SecuROM\License information*]

"datasecu"=hex:84,31,23,12,a3,14,06,1a,03,30,65,d5,2b,13,fc,22,33,2f,73,6f,79,

   a9,73,6f,e4,e5,61,d5,0c,e0,ed,c4,79,1e,45,f5,27,a2,f7,85,0a,ae,da,15,70,ef,\

"rkeysecu"=hex:4d,0a,85,75,2e,53,20,75,f4,f0,c1,6f,b3,f4,3a,ba

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-06-24  17:23:34 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-06-24 15:23

ComboFix2.txt  2011-06-24 14:38

.

Vor Suchlauf: 18 Verzeichnis(se), 69.953.323.008 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 69.908.172.800 Bytes frei

.

- - End Of File - - 13F2BEE13DA2C4C0F1F8A5977EE1BE79

--- --- ---