Man danke Firewall funktioniert wieder jetzt noch MSE aber hier erstmal die Logs:
[code]
Combofix Logfile: Code:
ComboFix 12-08-04.02 - Max 04.08.2012 21:25:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2847 [GMT 2:00]
ausgeführt von:: c:\users\Max.Glei¯berg-PC\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20101209.txt
c:\programdata\SPL1C36.tmp
c:\programdata\SPL32C2.tmp
c:\programdata\SPL3B1C.tmp
c:\programdata\SPL446E.tmp
c:\programdata\SPL4B80.tmp
c:\programdata\SPL536C.tmp
c:\programdata\SPL5C23.tmp
c:\programdata\SPL5D8A.tmp
c:\programdata\SPL6122.tmp
c:\programdata\SPL67A7.tmp
c:\programdata\SPL68EF.tmp
c:\programdata\SPL6D81.tmp
c:\programdata\SPL702F.tmp
c:\programdata\SPL7119.tmp
c:\programdata\SPL7242.tmp
c:\programdata\SPL734B.tmp
c:\programdata\SPL7389.tmp
c:\programdata\SPL73A8.tmp
c:\programdata\SPL751F.tmp
c:\programdata\SPL754E.tmp
c:\programdata\SPL75CA.tmp
c:\programdata\SPL7628.tmp
c:\programdata\SPL76C4.tmp
c:\programdata\SPL7935.tmp
c:\programdata\SPL7A2E.tmp
c:\programdata\SPL7AAB.tmp
c:\programdata\SPL7AE9.tmp
c:\programdata\SPL7B47.tmp
c:\programdata\SPL7D0B.tmp
c:\programdata\SPL7D97.tmp
c:\programdata\SPL7DB7.tmp
c:\programdata\SPL7FAA.tmp
c:\programdata\SPL80E2.tmp
c:\programdata\SPL820A.tmp
c:\programdata\SPL821A.tmp
c:\programdata\SPL843C.tmp
c:\programdata\SPL85E1.tmp
c:\programdata\SPL8610.tmp
c:\programdata\SPL9117.tmp
c:\programdata\SPL9339.tmp
c:\programdata\SPL9404.tmp
c:\programdata\SPL94BF.tmp
c:\programdata\SPL95D8.tmp
c:\programdata\SPL9684.tmp
c:\programdata\SPL9685.tmp
c:\programdata\SPL9710.tmp
c:\programdata\SPL978D.tmp
c:\programdata\SPL98C5.tmp
c:\programdata\SPL98F4.tmp
c:\programdata\SPL99FD.tmp
c:\programdata\SPL9C0F.tmp
c:\programdata\SPL9C5D.tmp
c:\programdata\SPL9C6D.tmp
c:\programdata\SPLA302.tmp
c:\programdata\SPLA38E.tmp
c:\programdata\SPLA514.tmp
c:\programdata\SPLA7A3.tmp
c:\programdata\SPLA811.tmp
c:\programdata\SPLA9F4.tmp
c:\programdata\SPLAA23.tmp
c:\programdata\SPLAA52.tmp
c:\programdata\SPLADBB.tmp
c:\programdata\SPLAE96.tmp
c:\programdata\SPLB605.tmp
c:\programdata\SPLB8C4.tmp
c:\programdata\SPLBAE5.tmp
c:\programdata\SPLBD65.tmp
c:\programdata\SPLBE8D.tmp
c:\programdata\SPLC0ED.tmp
c:\programdata\SPLC16A.tmp
c:\programdata\SPLC206.tmp
c:\programdata\SPLC2D1.tmp
c:\programdata\SPLC2E1.tmp
c:\programdata\SPLC522.tmp
c:\programdata\SPLC65A.tmp
c:\programdata\SPLCDB9.tmp
c:\programdata\SPLD603.tmp
c:\programdata\SPLD854.tmp
c:\programdata\SPLD96D.tmp
c:\programdata\SPLDB61.tmp
c:\programdata\SPLE1A7.tmp
c:\programdata\SPLE2CF.tmp
c:\programdata\SPLE780.tmp
c:\users\Gleißberg\AppData\Roaming\PriceGong
c:\users\Gleißberg\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Max.Gleißberg-PC\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-04 bis 2012-08-04 ))))))))))))))))))))))))))))))
.
.
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Thomas\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Sabine\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Ronny\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\MAX~1~GLE\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Gleißberg\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 12:00 . 2012-08-04 12:00 -------- d-----w- C:\_OTL
2012-07-30 19:04 . 2012-07-30 19:04 -------- d-----w- c:\program files (x86)\ESET
2012-07-28 19:46 . 2012-07-28 19:46 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Roaming\Malwarebytes
2012-07-28 19:46 . 2012-07-28 19:46 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 19:46 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 19:46 . 2012-07-28 19:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-27 21:27 . 2012-07-27 21:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 21:18 . 2012-04-14 09:29 2620960 ----a-w- c:\windows\SysWow64\Orbital_Sunset_3D_Screensaver.scr
2012-07-27 21:10 . 2011-11-17 15:07 2646560 ----a-w- c:\windows\SysWow64\Autumn_Forest_3D_Screensaver.scr
2012-07-27 20:59 . 2011-09-01 19:07 2450456 ----a-w- c:\windows\SysWow64\Deep_Space_3D_Screensaver.scr
2012-07-27 20:56 . 2011-11-17 15:24 2468376 ----a-w- c:\windows\SysWow64\Ice_Clock_3D_Screensaver.scr
2012-07-27 10:02 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1A69018-3231-45E2-974F-41EEEAB05768}\mpengine.dll
2012-07-26 12:35 . 2012-07-27 21:31 -------- d-----w- C:\MoTemp
2012-07-26 08:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 11:17 . 2012-07-24 11:20 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Roaming\.techniclauncher
2012-07-23 12:57 . 2012-07-23 12:57 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Local\Download Beast
2012-07-23 10:14 . 2012-07-23 10:15 -------- d-----w- C:\Steam Games
2012-07-22 04:19 . 2012-07-22 04:19 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Roaming\fltk.org
2012-07-22 04:19 . 2012-07-22 04:19 -------- d-----w- c:\programdata\fltk.org
2012-07-12 16:05 . 2012-07-12 16:05 -------- d-----w- c:\program files (x86)\GPLGS
2012-07-12 16:05 . 2011-10-04 20:43 87552 ----a-w- c:\windows\system32\custmon64i.dll
2012-07-12 16:04 . 2012-07-12 16:05 -------- d-----w- c:\program files (x86)\PDFCreator
2012-07-12 15:06 . 2012-07-12 15:06 -------- d-----w- c:\program files (x86)\Audacity
2012-07-12 01:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:36 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 22:29 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 22:29 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 22:29 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 22:29 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 22:29 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 22:29 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 22:29 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 22:29 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 22:29 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 22:29 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 22:29 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 22:29 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 22:29 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-07 17:23 . 2012-07-07 17:23 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Local\Activision
2012-07-07 16:33 . 2012-07-07 16:33 -------- d-----w- c:\program files (x86)\Activision
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 18:24 . 2012-05-28 04:39 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-02 18:24 . 2011-05-16 17:41 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-02 18:23 . 2010-10-22 09:28 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-02 08:53 . 2012-05-28 04:39 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-19 16:18 . 2012-03-31 21:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-19 16:18 . 2011-05-15 06:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:02 . 2010-09-01 17:06 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-06-23 02:29 . 2010-10-22 09:28 2793768 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-06-22 07:52 . 2012-06-22 07:52 376320 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2012-06-22 07:52 . 2012-06-22 07:52 376320 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2012-06-02 22:19 . 2012-06-21 18:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 18:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 18:37 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 18:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 18:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 18:36 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:48 . 2012-06-17 06:32 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-17 06:32 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-17 06:32 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-17 06:32 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-17 06:32 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-17 06:32 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-17 06:32 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-17 06:32 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-17 06:32 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-17 06:32 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-17 06:32 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-17 06:32 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-17 06:32 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-17 06:32 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-17 06:32 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-06-17 06:32 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2010-04-03 20:55 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2010-04-03 20:55 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2010-04-03 20:55 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-04-03 20:55 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2010-04-03 20:55 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-04-03 16:42 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-06-17 06:35 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-04-03 16:42 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-04-03 16:42 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-04-03 16:42 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-04-03 16:42 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-13 06:16 . 2012-05-12 12:33 8107 ----a-w- c:\windows\w7dsd.reg
2012-05-13 06:16 . 2012-05-12 12:33 8089 ----a-w- c:\windows\w7dse.reg
2012-05-12 12:33 . 2012-05-12 12:33 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-05-12 07:26 . 2012-05-12 07:27 268744 ----a-w- c:\windows\system32\javaws.exe
2012-05-12 07:26 . 2012-05-12 07:26 189384 ----a-w- c:\windows\system32\javaw.exe
2012-05-12 07:26 . 2012-05-12 07:26 188872 ----a-w- c:\windows\system32\java.exe
2012-05-12 07:26 . 2012-02-06 09:02 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-12 07:26 . 2011-10-30 08:54 839112 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 6E016DDC7D512E0C306472F91B6D618D . 2862592 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2011-02-25 . 6E016DDC7D512E0C306472F91B6D618D . 2862592 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Max.Gleißberg-PC\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ZMatrix.lnk - c:\program files (x86)\ZMatrix\matrix.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2011-07-30 45176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 116648]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-05 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-05-18 625832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-10-31 20:16]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 08:05]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 08:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-07-26 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Max.Gleißberg-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Max.Gleißberg-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RocketDock - c:\program files (x86)\RocketDock\RocketDock.exe
Wow6432Node-HKCU-Run-3PlanesoftAnimatedWallpaper - c:\program files (x86)\Ice Clock 3D Screensaver\Ice Clock 3D Screensaver.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Autumn Forest 3D Screensaver and Animated Wallpaper_is1 - c:\program files (x86)\Autumn Forest 3D Screensaver\unins000.exe
AddRemove-AVS Update Manager_is1 - c:\program files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-Deep Space 3D Screensaver_is1 - c:\program files (x86)\Deep Space 3D Screensaver\unins000.exe
AddRemove-Hurrican_is1 - c:\program files (x86)\Hurrican\unins000.exe
AddRemove-Ice Clock 3D Screensaver and Animated Wallpaper_is1 - c:\program files (x86)\Ice Clock 3D Screensaver\unins000.exe
AddRemove-Orbital Sunset 3D Screensaver and Animated Wallpaper_is1 - c:\program files (x86)\Orbital Sunset 3D Screensaver\unins000.exe
AddRemove-SearchCore for Browsers - c:\program files (x86)\SearchCore for Browsers\uninstall.exe
AddRemove-Searchqu 417 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1 - c:\program files (x86)\Reviversoft\Registry Reviver\unins000.exe
AddRemove-FoxTab PDF Converter - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
AddRemove-Uncompressor - c:\program files (x86)\Uncompressor\Uninstall\Uninstall.exe
AddRemove-YourFileDownloader - c:\program files (x86)\YourFileDownloader\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:de,a5,a9,13,81,29,16,c6,fe,dd,ad,10,4a,89,43,64,a8,e2,77,35,1c,b8,d6,
56,82,11,a1,8b,48,20,8f,15,77,92,9a,e0,e6,6d,e4,86,c8,f7,f6,aa,98,7e,8c,2e,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
[HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\SecuROM\License information*]
"datasecu"=hex:8f,f2,c0,77,d0,2c,91,0d,55,0f,c5,a0,6c,d8,1c,43,61,6d,54,8a,54,
97,5e,7a,99,83,70,fe,79,02,48,49,1e,7a,8b,a7,09,b3,c5,9d,69,f0,41,73,43,31,\
"rkeysecu"=hex:ea,29,15,8e,dd,6d,31,bd,ff,3a,73,3b,fb,1c,88,0b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-04 21:48:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-04 19:48
.
Vor Suchlauf: 41 Verzeichnis(se), 311.143.968.768 Bytes frei
Nach Suchlauf: 45 Verzeichnis(se), 310.972.891.136 Bytes frei
.
- - End Of File - - 5C12EF919D9EEBB9DC99EED15409F352
--- --- --- |
