Trojaner-Board - Saving Sidekick gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Saving Sidekick gefunden (https://www.trojaner-board.de/127692-saving-sidekick-gefunden.html)

Saving Sidekick gefunden

Hallo,
bei meinem Scan wurden 23 Einträge gefunden (Saving Sidekick) Pub.CrossRider...

Wie kann ich mein System wieder sauber bekommen?

Vielen Dank für die Hilfe

HTML-Code:

Malwarebytes Anti-Malware (Test) 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.11.30.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mike :: MIKE-PC [Administrator]
 

Schutz: Aktiviert
 

30.11.2012 15:42:35

mbam-log-2012-11-30 (17-48-43).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 389333

Laufzeit: 1 Stunde(n), 45 Minute(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 10

HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKCR\Interface\{55555555-5555-5555-5555-550055505560} (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKCR\CrossriderApp0005060.BHO.1 (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 1

HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 2

C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.
 

Infizierte Dateien: 10

C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick\Savings Sidekick-bg.exe (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.exe (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ico (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ini (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.

C:\Users\Mike\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Keine Aktion durchgeführt.
 

(Ende)

:hallo:

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen! :kloppen:

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet. Schreibe mir nur ob der Schritt geklappt hat, das anfallende Logfile brauchen wir nicht.

Schritt 2:
Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
vielen Dank für Deine Hilfe :-)

Schritt 1 --> hat geklappt, diverse Einträge wurde gelöscht

Schritt 2 --> ausgeführt

Log:

Code:

ComboFix 12-11-30.02 - Mike 30.11.2012  18:10:46.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.2432 [GMT 1:00]

ausgeführt von:: c:\users\Mike\Desktop\ComboFix.exe

AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee  Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-30  ))))))))))))))))))))))))))))))

.

.

2012-11-30 17:26 . 2012-11-30 17:26        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-11-30 14:41 . 2012-11-30 14:41        --------        d-----w-        c:\users\Mike\AppData\Roaming\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:40        --------        d-----w-        c:\programdata\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-30 14:40 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-11-25 16:55 . 2012-11-25 16:55        --------        d-----w-        c:\users\Mike\.dvdcss

2012-11-25 16:54 . 2012-11-25 16:54        --------        d-----w-        c:\users\Mike\AppData\Local\MPlayer

2012-11-25 16:53 . 2012-11-25 16:53        --------        d-----w-        c:\program files (x86)\DVDx 4.0 Open Edition

2012-11-25 16:44 . 2012-11-25 16:44        --------        d-----w-        c:\users\Mike\AppData\Roaming\XMedia Recode

2012-11-25 16:40 . 2012-11-25 16:40        --------        d-----w-        c:\program files (x86)\XMedia Recode

2012-11-25 15:22 . 2012-11-25 15:22        --------        d-----w-        c:\program files\Idoswin Pro

2012-11-25 14:31 . 2012-11-25 14:46        --------        d-----w-        c:\programdata\Browser Manager

2012-11-25 14:30 . 2012-11-25 14:30        --------        d-----w-        c:\program files (x86)\Tools&More

2012-11-25 14:28 . 2012-11-25 14:28        --------        d-----w-        c:\windows\Downloaded Installations

2012-11-25 13:30 . 2012-11-25 13:30        --------        d-----w-        c:\users\Public\CyberLink

2012-11-20 18:36 . 2012-11-20 18:36        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2012-11-19 19:23 . 2012-11-19 19:23        --------        d-----w-        c:\users\Mike\AppData\Local\WBFSManager

2012-11-19 19:22 . 2012-11-19 19:22        --------        d-----w-        c:\program files\WBFS

2012-11-18 14:58 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys

2012-11-18 11:43 . 2012-04-20 15:40        196440        ----a-w-        c:\windows\system32\drivers\HipShieldK.sys

2012-11-15 21:54 . 2012-10-18 18:25        3149824        ----a-w-        c:\windows\system32\win32k.sys

2012-11-15 21:54 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll

2012-11-15 21:54 . 2012-10-09 18:17        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 18:17        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll

2012-11-15 21:52 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\SysWow64\netevent.dll

2012-11-15 21:52 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\SysWow64\netcorehc.dll

2012-11-15 21:52 . 2012-01-13 07:12        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:56        1914248        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-11-15 21:52 . 2012-10-03 17:44        70656        ----a-w-        c:\windows\system32\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 17:44        303104        ----a-w-        c:\windows\system32\nlasvc.dll

2012-11-15 21:52 . 2012-10-03 17:44        216576        ----a-w-        c:\windows\system32\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:44        18944        ----a-w-        c:\windows\system32\netevent.dll

2012-11-15 21:51 . 2012-10-03 17:44        246272        ----a-w-        c:\windows\system32\netcorehc.dll

2012-11-15 21:51 . 2012-10-03 16:07        45568        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2012-11-15 21:51 . 2012-10-03 17:42        569344        ----a-w-        c:\windows\system32\iphlpsvc.dll

2012-11-15 19:19 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\SysWow64\synceng.dll

2012-11-15 19:19 . 2012-09-25 22:46        95744        ----a-w-        c:\windows\system32\synceng.dll

2012-11-14 22:16 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui

2012-11-14 22:16 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 22:16 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 22:16 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll

2012-11-14 22:01 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll

2012-11-14 22:01 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 22:01 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 22:01 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe

2012-11-14 22:01 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll

2012-11-14 22:01 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 22:01 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll

2012-11-10 20:33 . 2012-11-10 20:33        --------        d-----w-        c:\programdata\Anwendungsdaten

2012-11-10 20:31 . 2012-11-14 21:47        --------        d-----w-        c:\program files (x86)\MP3Find

2012-11-10 13:05 . 2012-11-23 21:07        --------        d-----w-        c:\users\Mike\AppData\Roaming\iFunbox_UserCache

2012-11-10 13:04 . 2012-11-23 21:04        --------        d-----w-        c:\program files (x86)\i-Funbox DevTeam

2012-11-02 20:27 . 2012-11-02 20:27        --------        d-----w-        c:\users\Mike\AppData\Local\GHISLER

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-24 16:54 . 2012-09-09 08:09        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-24 16:54 . 2012-09-09 08:09        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 22:01 . 2012-09-09 09:26        66395536        ----a-w-        c:\windows\system32\MRT.exe

2012-09-24 21:16 . 2012-10-27 20:13        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-22 20:53 . 2012-09-22 20:53        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2012-09-22 20:53 . 2012-09-22 20:53        289768        ----a-w-        c:\windows\system32\javaws.exe

2012-09-22 20:53 . 2012-09-22 20:53        189416        ----a-w-        c:\windows\system32\javaw.exe

2012-09-22 20:53 . 2012-09-22 20:53        188904        ----a-w-        c:\windows\system32\java.exe

2012-09-22 20:53 . 2012-09-22 20:53        916456        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-22 20:53 . 2012-09-22 20:53        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-09-14 19:19 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-09-09 07:59 . 2012-09-09 07:59        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-09-09 07:59 . 2012-09-09 07:59        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-09-08 15:22 . 2011-07-28 04:19        407040        ----a-w-        c:\windows\HotfixChecker.exe

2012-09-08 15:19 . 2011-07-28 04:19        345600        ----a-w-        c:\windows\SetLCDStretchMode.exe

2012-09-08 15:18 . 2012-09-08 14:44        252712        ----a-w-        c:\windows\ETDUninst.dll

2012-09-08 14:06 . 2010-06-24 02:33        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2012-10-31 479984]

"iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-23 812544]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2462128]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-25 258896]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 16:54]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ebay.de/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\3e9wx3o3.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/sch/Handys-ohne-Vertrag-/9355/i.html?LH_BIN=1&_sop=10&Marke=Apple&_pppn=r1&_dmpt=DE_Handy_s&Modell=iPhone%25203GS%7CiPhone%25204%7CiPhone%25204S|hxxp://www.ebay.de/sch/Konsolen-/139971/i.html?LH_BIN=1&_from=R40&Plattform=Sony%2520PlayStation%25203&_dmpt=DE_Konsolen&_nkw=playstation%203&_sop=10

FF - ExtSQL: !HIDDEN! 2012-09-08 22:39; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-11-30  18:43:10

ComboFix-quarantined-files.txt  2012-11-30 17:43

.

Vor Suchlauf: 8 Verzeichnis(se), 61.801.426.944 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 67.450.286.080 Bytes frei

.

- - End Of File - - 8F3A7037104BD875471E39092982AEFB

Bevor es weiter geht, kannst du mir sagen was das hier ist und von dir installiert wurde?

Zitat:

OXXOGames
i-Funbox DevTeam

Kann ich:

i-Funbox DevTeam ist ein Tool mit welchem ich zugriff auf mein Iphone habe (alternative zu Itunes, aber nichts verbotenes)

OXXOGames ist vermutlich von irgendein Onlinespiel (mein Sohn spielt ab und zu an meinem Rechner) / Aber nicht bewusst von mir installiert wurden

Ich benutze keine Cracks oder ähnliches, falls Du darauf hinaus willst.

Es geht nur darum, dass ich dir nichts entferne, was du eigentlich behalten willst :)

Was deinen Sohnemann angeht ... ihm würde ich nur ein beschränktes Benutzerkonto geben - wir erleben es hier oft dass Kinder den Rechner unwissend schrotten.

Combofix-Skript

Zitat:

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

http://www.trojaner-board.de/127692-saving-sidekick-gefunden.html Collect:: c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll DirLook:: c:\progra~3\BROWSE~1

Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

http://i266.photobucket.com/albums/i.../CFScriptB.gif

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags) ein.

Zitat:

Hinweis:
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Achso, ok.
Von mir aus kann dieses Oxxo Games weg ;-)

Dann geh in die Systemsteuerung und deinstalliere es :)

ok, mach ich ;-)

Anbei das Log, der Upload war erfolgreich.

Code:

ComboFix 12-11-30.02 - Mike 30.11.2012  19:18:09.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.2986 [GMT 1:00]

ausgeführt von:: c:\users\Mike\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Mike\Desktop\CFScript.txt

AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee  Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll . . . . Nicht in der Lage zu löschen

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-30  ))))))))))))))))))))))))))))))

.

.

2012-11-30 18:30 . 2012-11-30 18:30        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-11-30 14:41 . 2012-11-30 14:41        --------        d-----w-        c:\users\Mike\AppData\Roaming\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:40        --------        d-----w-        c:\programdata\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-30 14:40 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-11-25 16:55 . 2012-11-25 16:55        --------        d-----w-        c:\users\Mike\.dvdcss

2012-11-25 16:54 . 2012-11-25 16:54        --------        d-----w-        c:\users\Mike\AppData\Local\MPlayer

2012-11-25 16:53 . 2012-11-25 16:53        --------        d-----w-        c:\program files (x86)\DVDx 4.0 Open Edition

2012-11-25 16:44 . 2012-11-25 16:44        --------        d-----w-        c:\users\Mike\AppData\Roaming\XMedia Recode

2012-11-25 16:40 . 2012-11-25 16:40        --------        d-----w-        c:\program files (x86)\XMedia Recode

2012-11-25 15:22 . 2012-11-25 15:22        --------        d-----w-        c:\program files\Idoswin Pro

2012-11-25 14:31 . 2012-11-25 14:46        --------        d-----w-        c:\programdata\Browser Manager

2012-11-25 14:30 . 2012-11-25 14:30        --------        d-----w-        c:\program files (x86)\Tools&More

2012-11-25 14:28 . 2012-11-25 14:28        --------        d-----w-        c:\windows\Downloaded Installations

2012-11-25 13:30 . 2012-11-25 13:30        --------        d-----w-        c:\users\Public\CyberLink

2012-11-20 18:36 . 2012-11-20 18:36        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2012-11-19 19:23 . 2012-11-19 19:23        --------        d-----w-        c:\users\Mike\AppData\Local\WBFSManager

2012-11-19 19:22 . 2012-11-19 19:22        --------        d-----w-        c:\program files\WBFS

2012-11-18 14:58 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys

2012-11-18 11:43 . 2012-04-20 15:40        196440        ----a-w-        c:\windows\system32\drivers\HipShieldK.sys

2012-11-15 21:54 . 2012-10-18 18:25        3149824        ----a-w-        c:\windows\system32\win32k.sys

2012-11-15 21:54 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll

2012-11-15 21:54 . 2012-10-09 18:17        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 18:17        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll

2012-11-15 21:52 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\SysWow64\netevent.dll

2012-11-15 21:52 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\SysWow64\netcorehc.dll

2012-11-15 21:52 . 2012-01-13 07:12        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:56        1914248        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-11-15 21:52 . 2012-10-03 17:44        70656        ----a-w-        c:\windows\system32\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 17:44        303104        ----a-w-        c:\windows\system32\nlasvc.dll

2012-11-15 21:52 . 2012-10-03 17:44        216576        ----a-w-        c:\windows\system32\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:44        18944        ----a-w-        c:\windows\system32\netevent.dll

2012-11-15 21:51 . 2012-10-03 17:44        246272        ----a-w-        c:\windows\system32\netcorehc.dll

2012-11-15 21:51 . 2012-10-03 16:07        45568        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2012-11-15 21:51 . 2012-10-03 17:42        569344        ----a-w-        c:\windows\system32\iphlpsvc.dll

2012-11-15 19:19 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\SysWow64\synceng.dll

2012-11-15 19:19 . 2012-09-25 22:46        95744        ----a-w-        c:\windows\system32\synceng.dll

2012-11-14 22:16 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui

2012-11-14 22:16 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 22:16 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 22:16 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll

2012-11-14 22:01 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll

2012-11-14 22:01 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 22:01 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 22:01 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe

2012-11-14 22:01 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll

2012-11-14 22:01 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 22:01 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll

2012-11-10 20:33 . 2012-11-10 20:33        --------        d-----w-        c:\programdata\Anwendungsdaten

2012-11-10 20:31 . 2012-11-14 21:47        --------        d-----w-        c:\program files (x86)\MP3Find

2012-11-10 13:05 . 2012-11-23 21:07        --------        d-----w-        c:\users\Mike\AppData\Roaming\iFunbox_UserCache

2012-11-10 13:04 . 2012-11-23 21:04        --------        d-----w-        c:\program files (x86)\i-Funbox DevTeam

2012-11-02 20:27 . 2012-11-02 20:27        --------        d-----w-        c:\users\Mike\AppData\Local\GHISLER

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-24 16:54 . 2012-09-09 08:09        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-24 16:54 . 2012-09-09 08:09        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 22:01 . 2012-09-09 09:26        66395536        ----a-w-        c:\windows\system32\MRT.exe

2012-09-24 21:16 . 2012-10-27 20:13        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-22 20:53 . 2012-09-22 20:53        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2012-09-22 20:53 . 2012-09-22 20:53        289768        ----a-w-        c:\windows\system32\javaws.exe

2012-09-22 20:53 . 2012-09-22 20:53        189416        ----a-w-        c:\windows\system32\javaw.exe

2012-09-22 20:53 . 2012-09-22 20:53        188904        ----a-w-        c:\windows\system32\java.exe

2012-09-22 20:53 . 2012-09-22 20:53        916456        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-22 20:53 . 2012-09-22 20:53        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-09-14 19:19 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-09-09 07:59 . 2012-09-09 07:59        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-09-09 07:59 . 2012-09-09 07:59        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-09-08 15:22 . 2011-07-28 04:19        407040        ----a-w-        c:\windows\HotfixChecker.exe

2012-09-08 15:19 . 2011-07-28 04:19        345600        ----a-w-        c:\windows\SetLCDStretchMode.exe

2012-09-08 15:18 . 2012-09-08 14:44        252712        ----a-w-        c:\windows\ETDUninst.dll

2012-09-08 14:06 . 2010-06-24 02:33        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\progra~3\BROWSE~1 ----

.

2012-11-25 15:46 . 2012-11-25 15:46        602648        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\mngr-17.0.dll

2012-11-25 14:33 . 2012-11-12 10:05        2402840        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe

2012-11-25 14:33 . 2012-11-06 14:41        34773        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx

2012-11-25 14:33 . 2012-11-12 10:04        537112        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\mngr-16.0.dll

2012-11-25 14:33 . 2012-11-12 10:03        2147352        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll

2012-11-25 14:33 . 2012-11-12 10:05        2402840        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe

2012-11-25 14:33 . 2012-11-30 13:56        2113        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl

2012-11-25 14:33 . 2012-11-30 16:59        34068        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.settings

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02

2012-11-25 14:33 . 2012-11-30 16:58        8        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12

2012-11-12 02:57 . 2012-11-12 02:57        120        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\mngr-3.6.xpt

2012-11-12 02:54 . 2012-11-25 14:33        921        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf

2012-11-06 07:41 . 2012-11-25 14:33        131        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest

2012-11-06 07:41 . 2012-11-06 07:41        286        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\mngr.js

2012-11-06 07:41 . 2012-11-25 14:33        184        ----a-w-        c:\progra~3\BROWSE~1\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2012-10-31 479984]

"iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-23 812544]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2462128]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-25 258896]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 16:54]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ebay.de/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\3e9wx3o3.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/sch/Handys-ohne-Vertrag-/9355/i.html?LH_BIN=1&_sop=10&Marke=Apple&_pppn=r1&_dmpt=DE_Handy_s&Modell=iPhone%25203GS%7CiPhone%25204%7CiPhone%25204S|hxxp://www.ebay.de/sch/Konsolen-/139971/i.html?LH_BIN=1&_from=R40&Plattform=Sony%2520PlayStation%25203&_dmpt=DE_Konsolen&_nkw=playstation%203&_sop=10

FF - ExtSQL: !HIDDEN! 2012-09-08 22:39; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe

c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-11-30  19:49:03 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-11-30 18:48

ComboFix2.txt  2012-11-30 17:43

.

Vor Suchlauf: 12 Verzeichnis(se), 67.338.878.976 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 67.045.994.496 Bytes frei

.

- - End Of File - - E19C25FD368BEC825002C7BAE57724CD

Hochladen war erfolgreich

Das Miststück hat es leider überlebt ... nochmal hiermit bitte:

Combofix-Skript

Zitat:

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

KillAll:: SkipFix:: Rootkit:: c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll

Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

http://i266.photobucket.com/albums/i.../CFScriptB.gif

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags) ein.

Zitat:

Hinweis:
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Hier ist der Code

Code:

ComboFix 12-11-30.02 - Mike 30.11.2012  20:15:42.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.2916 [GMT 1:00]

ausgeführt von:: c:\users\Mike\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Mike\Desktop\CFScript.txt

AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee  Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUZIERTER FUNKTIONALITÄTSMODUS -

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-30  ))))))))))))))))))))))))))))))

.

.

2012-11-30 19:17 . 2012-11-30 19:17        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-11-30 14:41 . 2012-11-30 14:41        --------        d-----w-        c:\users\Mike\AppData\Roaming\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:40        --------        d-----w-        c:\programdata\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-30 14:40 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-11-25 16:55 . 2012-11-25 16:55        --------        d-----w-        c:\users\Mike\.dvdcss

2012-11-25 16:54 . 2012-11-25 16:54        --------        d-----w-        c:\users\Mike\AppData\Local\MPlayer

2012-11-25 16:53 . 2012-11-25 16:53        --------        d-----w-        c:\program files (x86)\DVDx 4.0 Open Edition

2012-11-25 16:44 . 2012-11-25 16:44        --------        d-----w-        c:\users\Mike\AppData\Roaming\XMedia Recode

2012-11-25 16:40 . 2012-11-25 16:40        --------        d-----w-        c:\program files (x86)\XMedia Recode

2012-11-25 15:22 . 2012-11-25 15:22        --------        d-----w-        c:\program files\Idoswin Pro

2012-11-25 14:31 . 2012-11-25 14:46        --------        d-----w-        c:\programdata\Browser Manager

2012-11-25 14:30 . 2012-11-25 14:30        --------        d-----w-        c:\program files (x86)\Tools&More

2012-11-25 14:28 . 2012-11-25 14:28        --------        d-----w-        c:\windows\Downloaded Installations

2012-11-25 13:30 . 2012-11-25 13:30        --------        d-----w-        c:\users\Public\CyberLink

2012-11-20 18:36 . 2012-11-20 18:36        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2012-11-19 19:23 . 2012-11-19 19:23        --------        d-----w-        c:\users\Mike\AppData\Local\WBFSManager

2012-11-19 19:22 . 2012-11-19 19:22        --------        d-----w-        c:\program files\WBFS

2012-11-18 14:58 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys

2012-11-18 11:43 . 2012-04-20 15:40        196440        ----a-w-        c:\windows\system32\drivers\HipShieldK.sys

2012-11-15 21:54 . 2012-10-18 18:25        3149824        ----a-w-        c:\windows\system32\win32k.sys

2012-11-15 21:54 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll

2012-11-15 21:54 . 2012-10-09 18:17        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 18:17        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll

2012-11-15 21:52 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\SysWow64\netevent.dll

2012-11-15 21:52 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\SysWow64\netcorehc.dll

2012-11-15 21:52 . 2012-01-13 07:12        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:56        1914248        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-11-15 21:52 . 2012-10-03 17:44        70656        ----a-w-        c:\windows\system32\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 17:44        303104        ----a-w-        c:\windows\system32\nlasvc.dll

2012-11-15 21:52 . 2012-10-03 17:44        216576        ----a-w-        c:\windows\system32\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:44        18944        ----a-w-        c:\windows\system32\netevent.dll

2012-11-15 21:51 . 2012-10-03 17:44        246272        ----a-w-        c:\windows\system32\netcorehc.dll

2012-11-15 21:51 . 2012-10-03 16:07        45568        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2012-11-15 21:51 . 2012-10-03 17:42        569344        ----a-w-        c:\windows\system32\iphlpsvc.dll

2012-11-15 19:19 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\SysWow64\synceng.dll

2012-11-15 19:19 . 2012-09-25 22:46        95744        ----a-w-        c:\windows\system32\synceng.dll

2012-11-14 22:16 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui

2012-11-14 22:16 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 22:16 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 22:16 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll

2012-11-14 22:01 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll

2012-11-14 22:01 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 22:01 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 22:01 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe

2012-11-14 22:01 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll

2012-11-14 22:01 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 22:01 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll

2012-11-10 20:33 . 2012-11-10 20:33        --------        d-----w-        c:\programdata\Anwendungsdaten

2012-11-10 20:31 . 2012-11-14 21:47        --------        d-----w-        c:\program files (x86)\MP3Find

2012-11-10 13:05 . 2012-11-23 21:07        --------        d-----w-        c:\users\Mike\AppData\Roaming\iFunbox_UserCache

2012-11-10 13:04 . 2012-11-23 21:04        --------        d-----w-        c:\program files (x86)\i-Funbox DevTeam

2012-11-02 20:27 . 2012-11-02 20:27        --------        d-----w-        c:\users\Mike\AppData\Local\GHISLER

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-24 16:54 . 2012-09-09 08:09        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-24 16:54 . 2012-09-09 08:09        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 22:01 . 2012-09-09 09:26        66395536        ----a-w-        c:\windows\system32\MRT.exe

2012-09-24 21:16 . 2012-10-27 20:13        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-22 20:53 . 2012-09-22 20:53        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2012-09-22 20:53 . 2012-09-22 20:53        289768        ----a-w-        c:\windows\system32\javaws.exe

2012-09-22 20:53 . 2012-09-22 20:53        189416        ----a-w-        c:\windows\system32\javaw.exe

2012-09-22 20:53 . 2012-09-22 20:53        188904        ----a-w-        c:\windows\system32\java.exe

2012-09-22 20:53 . 2012-09-22 20:53        916456        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-22 20:53 . 2012-09-22 20:53        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-09-14 19:19 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-09-09 07:59 . 2012-09-09 07:59        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-09-09 07:59 . 2012-09-09 07:59        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-09-08 15:22 . 2011-07-28 04:19        407040        ----a-w-        c:\windows\HotfixChecker.exe

2012-09-08 15:19 . 2011-07-28 04:19        345600        ----a-w-        c:\windows\SetLCDStretchMode.exe

2012-09-08 15:18 . 2012-09-08 14:44        252712        ----a-w-        c:\windows\ETDUninst.dll

2012-09-08 14:06 . 2010-06-24 02:33        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2012-10-31 479984]

"iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-23 812544]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2462128]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-25 258896]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 16:54]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ebay.de/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\3e9wx3o3.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/sch/Handys-ohne-Vertrag-/9355/i.html?LH_BIN=1&_sop=10&Marke=Apple&_pppn=r1&_dmpt=DE_Handy_s&Modell=iPhone%25203GS%7CiPhone%25204%7CiPhone%25204S|hxxp://www.ebay.de/sch/Konsolen-/139971/i.html?LH_BIN=1&_from=R40&Plattform=Sony%2520PlayStation%25203&_dmpt=DE_Konsolen&_nkw=playstation%203&_sop=10

FF - ExtSQL: !HIDDEN! 2012-09-08 22:39; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-11-30  20:26:42 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-11-30 19:26

ComboFix2.txt  2012-11-30 18:50

ComboFix3.txt  2012-11-30 17:43

.

Vor Suchlauf: 12 Verzeichnis(se), 67.006.726.144 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 66.962.591.744 Bytes frei

.

- - End Of File - - E49353F79ACCF4B7834DCF1A008138B8

Hm, tut mir leid, probiere es bitte nochmal mit diesem Skript:

Code:

KillAll::

Rootkit::

c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll

und zum dritten :-)

Code:

ComboFix 12-11-30.02 - Mike 30.11.2012  20:41:27.4.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.3029 [GMT 1:00]

ausgeführt von:: c:\users\Mike\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Mike\Desktop\CFScript.txt

AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee  Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-30  ))))))))))))))))))))))))))))))

.

.

2012-11-30 19:53 . 2012-11-30 19:53        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-11-30 14:41 . 2012-11-30 14:41        --------        d-----w-        c:\users\Mike\AppData\Roaming\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:40        --------        d-----w-        c:\programdata\Malwarebytes

2012-11-30 14:40 . 2012-11-30 14:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-30 14:40 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-11-25 16:55 . 2012-11-25 16:55        --------        d-----w-        c:\users\Mike\.dvdcss

2012-11-25 16:54 . 2012-11-25 16:54        --------        d-----w-        c:\users\Mike\AppData\Local\MPlayer

2012-11-25 16:53 . 2012-11-25 16:53        --------        d-----w-        c:\program files (x86)\DVDx 4.0 Open Edition

2012-11-25 16:44 . 2012-11-25 16:44        --------        d-----w-        c:\users\Mike\AppData\Roaming\XMedia Recode

2012-11-25 16:40 . 2012-11-25 16:40        --------        d-----w-        c:\program files (x86)\XMedia Recode

2012-11-25 15:22 . 2012-11-25 15:22        --------        d-----w-        c:\program files\Idoswin Pro

2012-11-25 14:31 . 2012-11-25 14:46        --------        d-----w-        c:\programdata\Browser Manager

2012-11-25 14:30 . 2012-11-25 14:30        --------        d-----w-        c:\program files (x86)\Tools&More

2012-11-25 14:28 . 2012-11-25 14:28        --------        d-----w-        c:\windows\Downloaded Installations

2012-11-25 13:30 . 2012-11-25 13:30        --------        d-----w-        c:\users\Public\CyberLink

2012-11-20 18:36 . 2012-11-20 18:36        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2012-11-19 19:23 . 2012-11-19 19:23        --------        d-----w-        c:\users\Mike\AppData\Local\WBFSManager

2012-11-19 19:22 . 2012-11-19 19:22        --------        d-----w-        c:\program files\WBFS

2012-11-18 14:58 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys

2012-11-18 11:43 . 2012-04-20 15:40        196440        ----a-w-        c:\windows\system32\drivers\HipShieldK.sys

2012-11-15 21:54 . 2012-10-18 18:25        3149824        ----a-w-        c:\windows\system32\win32k.sys

2012-11-15 21:54 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll

2012-11-15 21:54 . 2012-10-09 18:17        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll

2012-11-15 21:54 . 2012-10-09 18:17        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll

2012-11-15 21:52 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\SysWow64\netevent.dll

2012-11-15 21:52 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\SysWow64\netcorehc.dll

2012-11-15 21:52 . 2012-01-13 07:12        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:56        1914248        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-11-15 21:52 . 2012-10-03 17:44        70656        ----a-w-        c:\windows\system32\nlaapi.dll

2012-11-15 21:52 . 2012-10-03 17:44        303104        ----a-w-        c:\windows\system32\nlasvc.dll

2012-11-15 21:52 . 2012-10-03 17:44        216576        ----a-w-        c:\windows\system32\ncsi.dll

2012-11-15 21:52 . 2012-10-03 17:44        18944        ----a-w-        c:\windows\system32\netevent.dll

2012-11-15 21:51 . 2012-10-03 17:44        246272        ----a-w-        c:\windows\system32\netcorehc.dll

2012-11-15 21:51 . 2012-10-03 16:07        45568        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2012-11-15 21:51 . 2012-10-03 17:42        569344        ----a-w-        c:\windows\system32\iphlpsvc.dll

2012-11-15 19:19 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\SysWow64\synceng.dll

2012-11-15 19:19 . 2012-09-25 22:46        95744        ----a-w-        c:\windows\system32\synceng.dll

2012-11-14 22:16 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui

2012-11-14 22:16 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 22:16 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 22:16 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll

2012-11-14 22:01 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll

2012-11-14 22:01 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 22:01 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 22:01 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe

2012-11-14 22:01 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll

2012-11-14 22:01 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 22:01 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll

2012-11-10 20:33 . 2012-11-10 20:33        --------        d-----w-        c:\programdata\Anwendungsdaten

2012-11-10 20:31 . 2012-11-14 21:47        --------        d-----w-        c:\program files (x86)\MP3Find

2012-11-10 13:05 . 2012-11-23 21:07        --------        d-----w-        c:\users\Mike\AppData\Roaming\iFunbox_UserCache

2012-11-10 13:04 . 2012-11-23 21:04        --------        d-----w-        c:\program files (x86)\i-Funbox DevTeam

2012-11-02 20:27 . 2012-11-02 20:27        --------        d-----w-        c:\users\Mike\AppData\Local\GHISLER

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-24 16:54 . 2012-09-09 08:09        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-24 16:54 . 2012-09-09 08:09        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 22:01 . 2012-09-09 09:26        66395536        ----a-w-        c:\windows\system32\MRT.exe

2012-09-24 21:16 . 2012-10-27 20:13        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-22 20:53 . 2012-09-22 20:53        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2012-09-22 20:53 . 2012-09-22 20:53        289768        ----a-w-        c:\windows\system32\javaws.exe

2012-09-22 20:53 . 2012-09-22 20:53        189416        ----a-w-        c:\windows\system32\javaw.exe

2012-09-22 20:53 . 2012-09-22 20:53        188904        ----a-w-        c:\windows\system32\java.exe

2012-09-22 20:53 . 2012-09-22 20:53        916456        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-22 20:53 . 2012-09-22 20:53        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-09-14 19:19 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 12:51        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-09-09 07:59 . 2012-09-09 07:59        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-09-09 07:59 . 2012-09-09 07:59        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-09-08 15:22 . 2011-07-28 04:19        407040        ----a-w-        c:\windows\HotfixChecker.exe

2012-09-08 15:19 . 2011-07-28 04:19        345600        ----a-w-        c:\windows\SetLCDStretchMode.exe

2012-09-08 15:18 . 2012-09-08 14:44        252712        ----a-w-        c:\windows\ETDUninst.dll

2012-09-08 14:06 . 2010-06-24 02:33        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2012-10-31 479984]

"iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-23 812544]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2462128]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-25 258896]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 16:54]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 20:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ebay.de/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\3e9wx3o3.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/sch/Handys-ohne-Vertrag-/9355/i.html?LH_BIN=1&_sop=10&Marke=Apple&_pppn=r1&_dmpt=DE_Handy_s&Modell=iPhone%25203GS%7CiPhone%25204%7CiPhone%25204S|hxxp://www.ebay.de/sch/Konsolen-/139971/i.html?LH_BIN=1&_from=R40&Plattform=Sony%2520PlayStation%25203&_dmpt=DE_Konsolen&_nkw=playstation%203&_sop=10

FF - ExtSQL: !HIDDEN! 2012-09-08 22:39; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe

c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-11-30  21:03:02 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-11-30 20:03

ComboFix2.txt  2012-11-30 19:26

ComboFix3.txt  2012-11-30 18:50

ComboFix4.txt  2012-11-30 17:43

.

Vor Suchlauf: 12 Verzeichnis(se), 66.770.321.408 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 66.717.954.048 Bytes frei

.

- - End Of File - - 737B86241EE817EA67B0807384908D37

So jetzt ist Schluss ... :aufsmaul:

Scan mit Farbar's Recovery Scan Tool (FRST 64bit)

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
Starte den Rechner neu auf.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu auf und starte von der CD

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !!

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung
Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Tata
So jetzt aber:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 8 days old)

Ran by SYSTEM at 01-12-2012 12:14:09

Running from I:\

Windows 7 Home Premium  Service Pack 1 (X64) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11895400 2011-06-24] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [x]

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM-x32\...\Run: []  [x]

HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.)

HKU\Mike\...\Run: [iFunBoxConnector] "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe" [812544 2012-11-23] ()

HKU\Mike\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-08] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 

==================== Services (Whitelisted) ===================
 

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)

2 mfevtp; "C:\windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] ()
 

==================== Drivers (Whitelisted) =====================
 

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 mfeavfk01;  [x]
 

==================== NetSvcs (Whitelisted) ====================
 
 

==================== One Month Created Files and Folders ========
 

2012-11-30 12:03 - 2012-11-30 12:03 - 00021486 ____A C:\ComboFix.txt

2012-11-30 11:11 - 2012-11-30 11:11 - 05009213 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe

2012-11-30 09:08 - 2012-11-30 12:03 - 00000000 ____D C:\Qoobox

2012-11-30 09:08 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-11-30 09:08 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-11-30 09:08 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-11-30 09:08 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-11-30 09:08 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-11-30 09:08 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-11-30 09:08 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-11-30 09:08 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-11-30 09:07 - 2012-11-30 10:31 - 00000000 ____D C:\Windows\erdnt

2012-11-30 08:58 - 2012-11-30 08:58 - 00026145 ____A C:\AdwCleaner[S1].txt

2012-11-30 08:57 - 2012-11-30 08:57 - 00026227 ____A C:\AdwCleaner[R1].txt

2012-11-30 08:55 - 2012-11-30 08:56 - 00533705 ____A C:\Users\Mike\Desktop\adwcleaner.exe

2012-11-30 06:41 - 2012-11-30 06:41 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-30 06:41 - 2012-11-30 06:41 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes

2012-11-30 06:40 - 2012-11-30 06:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-30 06:40 - 2012-11-30 06:40 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-11-30 06:40 - 2012-09-29 10:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-11-30 06:39 - 2012-11-30 06:40 - 10669952 ____A (Malwarebytes Corporation                                    ) C:\Users\Mike\Downloads\mbam-setup-1.65.1.1000.exe

2012-11-25 08:55 - 2012-11-25 08:55 - 00000000 ____D C:\Users\Mike\.dvdcss

2012-11-25 08:54 - 2012-11-25 08:54 - 00000000 ____D C:\Users\Mike\AppData\Local\MPlayer

2012-11-25 08:53 - 2012-11-25 08:53 - 00001085 ____A C:\Users\Mike\Desktop\DVDx 4.0 Open Edition.lnk

2012-11-25 08:53 - 2012-11-25 08:53 - 00000000 ____D C:\Program Files (x86)\DVDx 4.0 Open Edition

2012-11-25 08:44 - 2012-11-25 08:44 - 00000000 ____D C:\Users\Mike\AppData\Roaming\XMedia Recode

2012-11-25 08:40 - 2012-11-25 08:40 - 00001071 ____A C:\Users\Public\Desktop\XMedia Recode.lnk

2012-11-25 08:40 - 2012-11-25 08:40 - 00000000 ____D C:\Program Files (x86)\XMedia Recode

2012-11-25 07:22 - 2012-11-25 07:22 - 00000843 ____A C:\Users\Public\Desktop\Idoswin Pro.lnk

2012-11-25 07:22 - 2012-11-25 07:22 - 00000000 ____D C:\Program Files\Idoswin Pro

2012-11-25 06:59 - 2012-11-25 06:59 - 02315027 ____A (Ingo Eckel                                                  ) C:\Users\Mike\Downloads\idwpro5.exe

2012-11-25 06:31 - 2012-11-25 06:46 - 00000000 ____D C:\Users\All Users\Browser Manager

2012-11-25 06:30 - 2012-11-25 06:30 - 00000000 ____D C:\Program Files (x86)\Tools&More

2012-11-25 06:28 - 2012-11-25 06:28 - 00000000 ____D C:\Windows\Downloaded Installations

2012-11-25 05:30 - 2012-11-25 05:30 - 00000000 ____D C:\Users\Public\CyberLink

2012-11-20 10:36 - 2012-11-20 10:36 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 11:23 - 2012-11-19 11:23 - 00000000 ____D C:\Users\Mike\AppData\Local\WBFSManager

2012-11-19 11:22 - 2012-11-19 11:23 - 00000000 ____D C:\Users\Mike\Documents\WBFS Manager Covers

2012-11-19 11:22 - 2012-11-19 11:22 - 00000950 ____A C:\Users\Mike\Desktop\WBFS Manager 3.0.lnk

2012-11-19 11:22 - 2012-11-19 11:22 - 00000000 ____D C:\Program Files\WBFS

2012-11-19 10:55 - 2007-11-26 06:18 - 00397312 ____A (TOKIWA) C:\Users\Mike\Desktop\Fat32Formatter.exe

2012-11-18 06:58 - 2009-03-18 07:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys

2012-11-18 03:43 - 2012-04-20 07:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

2012-11-17 14:57 - 2012-11-17 15:09 - 00000000 ____D C:\Users\Mike\Desktop\Witze

2012-11-15 13:54 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-11-15 13:54 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll

2012-11-15 13:54 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll

2012-11-15 13:54 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll

2012-11-15 13:54 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll

2012-11-15 13:52 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-11-15 13:52 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll

2012-11-15 13:52 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll

2012-11-15 13:52 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll

2012-11-15 13:52 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll

2012-11-15 13:52 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll

2012-11-15 13:52 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2012-11-15 13:52 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll

2012-11-15 13:52 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2012-11-15 13:51 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll

2012-11-15 13:51 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll

2012-11-15 13:51 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2012-11-15 13:14 - 2012-11-15 13:14 - 00001060 ____A C:\Users\Public\Desktop\iFunbox.lnk

2012-11-15 11:19 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2012-11-15 11:19 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

2012-11-14 14:16 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2012-11-14 14:16 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

2012-11-14 14:16 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

2012-11-14 14:16 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2012-11-14 14:06 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-11-14 14:06 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-11-14 14:06 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-11-14 14:06 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-11-14 14:06 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-11-14 14:06 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-11-14 14:06 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-11-14 14:06 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-11-14 14:06 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-11-14 14:06 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-11-14 14:06 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-11-14 14:06 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-11-14 14:06 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-11-14 14:06 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-11-14 14:06 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-11-14 14:06 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-11-14 14:06 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-11-14 14:06 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-11-14 14:06 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-11-14 14:06 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-11-14 14:06 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-11-14 14:06 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-11-14 14:06 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-11-14 14:06 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-11-14 14:06 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-11-14 14:06 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-11-14 14:06 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-11-14 14:06 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-11-14 14:06 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-11-14 14:06 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-11-14 14:06 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-11-14 14:06 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-11-14 14:01 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll

2012-11-14 14:01 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe

2012-11-14 14:01 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll

2012-11-14 14:01 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll

2012-11-14 14:01 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 14:01 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys

2012-11-14 14:01 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys

2012-11-14 14:01 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2012-11-11 01:56 - 2012-11-11 02:30 - 930637985 ____A C:\Users\Mike\Downloads\iPhone3,1_6.0_10A403_Restore.zip

2012-11-10 12:33 - 2012-11-10 12:33 - 00000000 ____D C:\Users\All Users\Anwendungsdaten

2012-11-10 12:31 - 2012-11-14 13:47 - 00000000 ____D C:\Program Files (x86)\MP3Find

2012-11-10 05:05 - 2012-11-23 13:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\iFunbox_UserCache

2012-11-10 05:04 - 2012-11-23 13:04 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam

2012-11-09 10:58 - 2012-11-15 13:14 - 00000000 ____D C:\Users\Mike\Desktop\redsn0w_win_0.9.15b3

2012-11-02 12:27 - 2012-11-02 12:27 - 00000000 ____D C:\Users\Mike\AppData\Local\GHISLER
 
 

==================== One Month Modified Files and Folders =======
 

2012-12-01 11:48 - 2012-12-01 11:48 - 00000000 ____D C:\FRST

2012-12-01 03:12 - 2012-09-08 14:35 - 00000000 ____D C:\Users\Mike\Documents\Outlook-Dateien

2012-12-01 03:12 - 2011-07-28 11:31 - 01321874 ____A C:\Windows\WindowsUpdate.log

2012-12-01 03:03 - 2011-07-28 11:05 - 00654166 ____A C:\Windows\System32\perfh007.dat

2012-12-01 03:03 - 2011-07-28 11:05 - 00130006 ____A C:\Windows\System32\perfc007.dat

2012-12-01 03:03 - 2009-07-13 21:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-01 02:58 - 2009-07-13 20:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-01 02:58 - 2009-07-13 20:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-01 02:56 - 2012-09-08 13:05 - 00001828 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk

2012-12-01 02:56 - 2012-09-08 12:46 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-01 02:52 - 2012-10-15 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\LogMeIn Hamachi

2012-12-01 02:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-01 02:51 - 2009-07-13 20:51 - 00010646 ____A C:\Windows\setupact.log

2012-12-01 02:32 - 2012-09-08 12:46 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-01 02:32 - 2010-11-20 19:47 - 00259966 ____A C:\Windows\PFRO.log

2012-11-30 12:03 - 2012-11-30 12:03 - 00021486 ____A C:\ComboFix.txt

2012-11-30 12:03 - 2012-11-30 09:08 - 00000000 ____D C:\Qoobox

2012-11-30 11:55 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-11-30 11:49 - 2012-09-09 00:09 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-11-30 11:11 - 2012-11-30 11:11 - 05009213 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe

2012-11-30 10:59 - 2012-09-09 00:10 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-11-30 10:31 - 2012-11-30 09:07 - 00000000 ____D C:\Windows\erdnt

2012-11-30 08:58 - 2012-11-30 08:58 - 00026145 ____A C:\AdwCleaner[S1].txt

2012-11-30 08:57 - 2012-11-30 08:57 - 00026227 ____A C:\AdwCleaner[R1].txt

2012-11-30 08:56 - 2012-11-30 08:55 - 00533705 ____A C:\Users\Mike\Desktop\adwcleaner.exe

2012-11-30 06:41 - 2012-11-30 06:41 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-30 06:41 - 2012-11-30 06:41 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes

2012-11-30 06:41 - 2012-11-30 06:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-30 06:40 - 2012-11-30 06:40 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-11-30 06:40 - 2012-11-30 06:39 - 10669952 ____A (Malwarebytes Corporation                                    ) C:\Users\Mike\Downloads\mbam-setup-1.65.1.1000.exe

2012-11-27 11:25 - 2012-09-26 05:38 - 00000000 ____D C:\Program Files (x86)\JDownloader

2012-11-27 08:51 - 2012-10-10 14:04 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps

2012-11-25 08:55 - 2012-11-25 08:55 - 00000000 ____D C:\Users\Mike\.dvdcss

2012-11-25 08:55 - 2012-09-08 06:06 - 00000000 ____D C:\users\Mike

2012-11-25 08:54 - 2012-11-25 08:54 - 00000000 ____D C:\Users\Mike\AppData\Local\MPlayer

2012-11-25 08:53 - 2012-11-25 08:53 - 00001085 ____A C:\Users\Mike\Desktop\DVDx 4.0 Open Edition.lnk

2012-11-25 08:53 - 2012-11-25 08:53 - 00000000 ____D C:\Program Files (x86)\DVDx 4.0 Open Edition

2012-11-25 08:44 - 2012-11-25 08:44 - 00000000 ____D C:\Users\Mike\AppData\Roaming\XMedia Recode

2012-11-25 08:40 - 2012-11-25 08:40 - 00001071 ____A C:\Users\Public\Desktop\XMedia Recode.lnk

2012-11-25 08:40 - 2012-11-25 08:40 - 00000000 ____D C:\Program Files (x86)\XMedia Recode

2012-11-25 07:22 - 2012-11-25 07:22 - 00000843 ____A C:\Users\Public\Desktop\Idoswin Pro.lnk

2012-11-25 07:22 - 2012-11-25 07:22 - 00000000 ____D C:\Program Files\Idoswin Pro

2012-11-25 07:22 - 2012-09-08 06:13 - 00000000 ____D C:\Users\Mike\AppData\Local\VirtualStore

2012-11-25 06:59 - 2012-11-25 06:59 - 02315027 ____A (Ingo Eckel                                                  ) C:\Users\Mike\Downloads\idwpro5.exe

2012-11-25 06:46 - 2012-11-25 06:31 - 00000000 ____D C:\Users\All Users\Browser Manager

2012-11-25 06:30 - 2012-11-25 06:30 - 00000000 ____D C:\Program Files (x86)\Tools&More

2012-11-25 06:28 - 2012-11-25 06:28 - 00000000 ____D C:\Windows\Downloaded Installations

2012-11-25 05:31 - 2012-09-19 03:45 - 00000000 ____D C:\Users\Mike\AppData\Roaming\CyberLink

2012-11-25 05:31 - 2011-07-27 19:41 - 00000000 ____D C:\Users\All Users\CyberLink

2012-11-25 05:30 - 2012-11-25 05:30 - 00000000 ____D C:\Users\Public\CyberLink

2012-11-25 05:30 - 2012-09-19 03:45 - 00000000 ____D C:\Users\Mike\AppData\Local\CyberLink

2012-11-24 11:35 - 2012-09-08 06:07 - 00000000 ____D C:\Users\All Users\Adobe

2012-11-24 08:54 - 2012-09-09 00:09 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-11-24 08:54 - 2012-09-09 00:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-11-23 13:07 - 2012-11-10 05:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\iFunbox_UserCache

2012-11-23 13:04 - 2012-11-10 05:04 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam

2012-11-20 10:36 - 2012-11-20 10:36 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 11:23 - 2012-11-19 11:23 - 00000000 ____D C:\Users\Mike\AppData\Local\WBFSManager

2012-11-19 11:23 - 2012-11-19 11:22 - 00000000 ____D C:\Users\Mike\Documents\WBFS Manager Covers

2012-11-19 11:22 - 2012-11-19 11:22 - 00000950 ____A C:\Users\Mike\Desktop\WBFS Manager 3.0.lnk

2012-11-19 11:22 - 2012-11-19 11:22 - 00000000 ____D C:\Program Files\WBFS

2012-11-18 08:15 - 2012-09-08 13:03 - 00000000 ____D C:\Program Files (x86)\McAfee

2012-11-18 06:55 - 2012-09-08 13:03 - 00000000 ____D C:\Program Files\Common Files\McAfee

2012-11-18 03:44 - 2012-09-08 12:54 - 00000000 ____D C:\Users\All Users\McAfee

2012-11-18 03:43 - 2012-09-08 13:03 - 00000000 ____D C:\Program Files\McAfee

2012-11-18 03:36 - 2012-10-28 12:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-11-17 15:09 - 2012-11-17 14:57 - 00000000 ____D C:\Users\Mike\Desktop\Witze

2012-11-17 09:18 - 2012-10-21 12:00 - 00000000 ____D C:\Users\Mike\Desktop\Torjubel FIFA 13

2012-11-16 14:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-11-16 12:49 - 2012-09-08 09:16 - 00114752 ____A C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-16 12:48 - 2009-07-13 20:45 - 00427800 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-15 14:09 - 2012-10-07 04:20 - 00000055 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella

2012-11-15 14:02 - 2012-10-07 04:20 - 00393462 ____A C:\Users\Mike\umbrella0.log

2012-11-15 13:14 - 2012-11-15 13:14 - 00001060 ____A C:\Users\Public\Desktop\iFunbox.lnk

2012-11-15 13:14 - 2012-11-09 10:58 - 00000000 ____D C:\Users\Mike\Desktop\redsn0w_win_0.9.15b3

2012-11-15 13:10 - 2012-10-07 03:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\redsn0w

2012-11-14 14:21 - 2012-09-08 11:57 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-14 14:01 - 2012-09-09 01:26 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-11-14 13:58 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System

2012-11-14 13:58 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini

2012-11-14 13:47 - 2012-11-10 12:31 - 00000000 ____D C:\Program Files (x86)\MP3Find

2012-11-14 13:47 - 2012-09-29 04:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\GHISLER

2012-11-14 13:47 - 2012-09-08 16:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-11-14 13:47 - 2011-07-27 19:58 - 00000000 ____D C:\Users\All Users\WinClon

2012-11-14 13:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-11-14 13:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-11-14 13:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2012-11-14 13:45 - 2012-09-08 11:57 - 00000000 ___RD C:\MSOCache

2012-11-11 02:30 - 2012-11-11 01:56 - 930637985 ____A C:\Users\Mike\Downloads\iPhone3,1_6.0_10A403_Restore.zip

2012-11-10 12:33 - 2012-11-10 12:33 - 00000000 ____D C:\Users\All Users\Anwendungsdaten

2012-11-02 12:27 - 2012-11-02 12:27 - 00000000 ____D C:\Users\Mike\AppData\Local\GHISLER
 
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-11-23 10:44:43

Restore point made on: 2012-11-25 06:29:37

Restore point made on: 2012-11-25 06:41:30

Restore point made on: 2012-11-30 09:08:52

Restore point made on: 2012-12-01 02:37:09
 

==================== Memory info =========================== 
 

Percentage of memory in use: 15%

Total physical RAM: 4075.55 MB

Available physical RAM: 3442.26 MB

Total Pagefile: 4073.75 MB

Available Pagefile: 3429.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB
 

==================== Partitions =============================
 

1 Drive c: () (Fixed) (Total:111 GB) (Free:62.51 GB) NTFS

2 Drive d: () (Fixed) (Total:163.19 GB) (Free:119.58 GB) NTFS

3 Drive f: (SAMSUNG_REC) (Fixed) (Total:23.8 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]

5 Drive h: (MIKE_SD) (Removable) (Total:7.4 GB) (Free:0.91 GB) FAT32

6 Drive i: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

8 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

  Disk ###  Status         Size     Free     Dyn  Gpt

  --------  -------------  -------  -------  ---  ---

  Disk 0    Online          298 GB  1024 KB         

  Disk 1    Online         7590 MB      0 B         

  Disk 2    Online         3827 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary            100 MB  1024 KB

  Partition 2    Primary            111 GB   101 MB

  Partition 0    Extended           163 GB   111 GB

  Partition 4    Logical            163 GB   111 GB

  Partition 3    Recovery            23 GB   274 GB
 

==================================================================================
 

Disk: 0

Partition 1

Type  : 07

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 1     Y   SYSTEM       NTFS   Partition    100 MB  Healthy            
 

=========================================================
 

Disk: 0

Partition 2

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 2     C                NTFS   Partition    111 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 4

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     D                NTFS   Partition    163 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 4     F   SAMSUNG_REC  NTFS   Partition     23 GB  Healthy    Hidden  
 

=========================================================
 

Partitions of Disk 1:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7586 MB  4096 KB
 

==================================================================================
 

Disk: 1

Partition 1

Type  : 0B

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 5     H   MIKE_SD      FAT32  Removable   7586 MB  Healthy            
 

=========================================================
 

Partitions of Disk 2:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           3826 MB    16 KB
 

==================================================================================
 

Disk: 2

Partition 1

Type  : 0B

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 6     I                FAT32  Removable   3826 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-11-25 03:06
 

==================== End Of Log =============================