Trojaner-Board - PC nach syscheckrt hinüber?

Hallo zusammen!

Ich habe ein Problem.

Das ganze fing damit an, dass mein PC unheimlich langsam wurde und sämtliche Programme abstürzten. Irgendwann bin ich dann auf den bereits bekannten syscheckrt.exe Virus im Taskmanager aufmerksam geworden.

Den Virus habe ich schließlich entfernt. Nun habe ich aber das Problem, dass sich an der Geschwindigkeit meines PCs nichts verändert hat, im Gegenteil, er ist eher noch langsamer geworden. Auffällig ist dabei, dass Programme ansich normal laufen, aber beim Surfen braucht Firefox teilweise eine Minute um eine Seite zu öffnen. Begleitet wird dies durch ständige Leerlaufprozesse und lautem Gepuste meines Notebooklüfters.

Meine Vermutung ist also, dass ich den Schädling nicht ganz beseitigt bekommen habe. Ich befürchte, dass ich um eine Formatierung meines PCs wahrscheinlich nicht drum herum komme, aber da ich sehr viele wichtige Dateien besitze (u.a. für die Uni ) und im Moment auch für Klausuren lernen muss ( und hierfür vor allem schnelles Internet bräuchte ;) ), kommt mir eine Neuaufsetzung von Windows gerade überhaupt nicht gelegen.

In diversen Foren habe ich von dem Programm HijackThis gelesen, da ich aber davon nicht wirklich Ahnung habe, würde ich einen Experten unter euch bitten, sich mein logfile mal anzuschauen um zu urteilen, ob noch was zu retten ist:

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:15:54, on 05.03.2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Users\Marc\Downloads\HiJackThis204.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKCU\..\Run: [rfxsrvtray] "C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe

O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Radio.fx Server (Radio.fx) - Unknown owner - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8452 bytes

--- --- ---

Vielen Dank im Voraus!

PS: Programme wie CCleaner und Security Task Manager auch bereits versucht, alles nichts geholfen :(

Gruß Marc

Combofix Logfile:

Code:

ComboFix 11-03-04.06 - Marc 05.03.2011  16:48:44.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4061.3043 [GMT 1:00]

ausgeführt von:: c:\users\Marc\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Java

c:\program files (x86)\Java\jre6\lib\ext\QTJava.zip

c:\users\Marc\AppData\Roaming\BITS

c:\users\Marc\AppData\Roaming\BITS\BITS.ini

c:\users\Marc\AppData\Roaming\BITS\UPnP.ini

c:\windows\system32\muzapp.exe

c:\windows\SysWow64\muzapp.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Legacy_NPF

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-05 bis 2011-03-05  ))))))))))))))))))))))))))))))

.

.

2011-03-04 09:47 . 2011-02-11 07:30        7947600        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{33595246-DF22-4781-B4C4-490B55256B78}\mpengine.dll

2011-03-03 22:34 . 2011-03-03 22:34        --------        d-----w-        c:\users\Marc\AppData\Local\Nero

2011-03-03 14:48 . 2011-03-05 15:45        --------        d-----w-        c:\programdata\SecTaskMan

2011-03-03 14:48 . 2011-03-04 09:54        --------        d-----w-        c:\program files (x86)\Security Task Manager

2011-03-03 07:12 . 2011-03-03 07:11        521448        ----a-w-        c:\windows\system32\deployJava1.dll

2011-03-03 07:11 . 2011-03-03 07:11        --------        d-----w-        c:\program files\Java

2011-03-02 12:43 . 2011-03-02 12:43        --------        d-----w-        c:\program files\CCleaner

2011-03-02 12:25 . 2011-03-02 12:25        --------        d-----w-        c:\users\Marc\AppData\Roaming\Uniblue

2011-03-02 12:25 . 2011-03-02 12:25        --------        d-----w-        c:\users\Marc\AppData\Local\PackageAware

2011-03-01 10:49 . 2011-03-01 10:52        --------        d-----w-        c:\users\Marc\AppData\Roaming\Nero

2011-03-01 10:37 . 2011-03-01 10:38        --------        d-----w-        c:\program files (x86)\Common Files\Nero

2011-03-01 10:36 . 2011-03-01 10:48        --------        d-----w-        c:\program files (x86)\Nero

2011-03-01 10:36 . 2011-03-01 10:48        --------        d-----w-        c:\programdata\Nero

2011-03-01 00:36 . 2009-09-04 16:29        1974616        ----a-w-        c:\windows\SysWow64\D3DCompiler_42.dll

2011-03-01 00:35 . 2009-09-04 16:29        1892184        ----a-w-        c:\windows\SysWow64\D3DX9_42.dll

2011-03-01 00:34 . 2008-10-15 05:22        4379984        ----a-w-        c:\windows\SysWow64\D3DX9_40.dll

2011-03-01 00:33 . 2007-07-19 17:14        3727720        ----a-w-        c:\windows\SysWow64\d3dx9_35.dll

2011-03-01 00:32 . 2007-05-16 15:45        3497832        ----a-w-        c:\windows\SysWow64\d3dx9_34.dll

2011-02-23 18:45 . 2010-09-14 06:45        367104        ----a-w-        c:\windows\system32\wcncsvc.dll

2011-02-23 18:45 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\SysWow64\wcncsvc.dll

2011-02-23 14:10 . 2011-01-07 07:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-02-23 14:10 . 2011-01-07 08:07        662528        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-02-23 14:10 . 2011-01-07 08:07        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-02-23 14:10 . 2011-01-07 07:31        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-22 19:56 . 2011-02-22 19:56        --------        d-----w-        c:\users\Marc\AppData\Roaming\Malwarebytes

2011-02-22 19:55 . 2011-02-22 19:55        --------        d-----w-        c:\programdata\Malwarebytes

2011-02-22 19:55 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-02-22 17:41 . 2011-02-22 17:41        --------        d-----w-        c:\program files (x86)\MSXML 4.0

2011-02-22 14:50 . 2009-09-10 06:28        311808        ----a-w-        c:\windows\system32\msv1_0.dll

2011-02-22 14:50 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\SysWow64\msv1_0.dll

2011-02-22 14:42 . 2009-11-25 11:47        99176        ----a-w-        c:\windows\SysWow64\PresentationHostProxy.dll

2011-02-22 14:42 . 2009-11-25 11:47        49472        ----a-w-        c:\windows\SysWow64\netfxperf.dll

2011-02-22 14:42 . 2009-11-25 11:47        48960        ----a-w-        c:\windows\system32\netfxperf.dll

2011-02-22 14:42 . 2009-11-25 11:47        297808        ----a-w-        c:\windows\SysWow64\mscoree.dll

2011-02-22 14:42 . 2009-11-25 11:47        295264        ----a-w-        c:\windows\SysWow64\PresentationHost.exe

2011-02-22 14:42 . 2009-11-25 11:47        1130824        ----a-w-        c:\windows\SysWow64\dfshim.dll

2011-02-22 14:42 . 2009-11-25 11:47        109912        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2011-02-22 14:42 . 2009-11-25 11:47        444752        ----a-w-        c:\windows\system32\mscoree.dll

2011-02-22 14:42 . 2009-11-25 11:47        320352        ----a-w-        c:\windows\system32\PresentationHost.exe

2011-02-22 14:42 . 2009-11-25 11:47        1942856        ----a-w-        c:\windows\system32\dfshim.dll

2011-02-22 14:42 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe

2011-02-22 14:32 . 2010-03-04 04:40        184832        ----a-w-        c:\windows\system32\drivers\usbvideo.sys

2011-02-22 14:32 . 2010-03-04 04:32        243712        ----a-w-        c:\windows\system32\drivers\ks.sys

2011-02-22 14:03 . 2010-10-27 05:06        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-02-22 14:02 . 2011-01-05 04:00        3127808        ----a-w-        c:\windows\system32\win32k.sys

2011-02-22 14:01 . 2010-12-21 06:16        214016        ----a-w-        c:\windows\system32\winsrv.dll

2011-02-22 13:50 . 2009-12-29 08:03        220672        ----a-w-        c:\windows\system32\wintrust.dll

2011-02-22 13:50 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\SysWow64\wintrust.dll

2011-02-22 13:49 . 2010-01-09 07:19        139264        ----a-w-        c:\windows\system32\cabview.dll

2011-02-22 13:49 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\SysWow64\cabview.dll

2011-02-21 17:36 . 2011-02-21 17:36        --------        d-----w-        c:\programdata\KONAMI

2011-02-19 22:20 . 2011-02-19 22:20        51200        ----a-w-        c:\windows\system32\wlanui32.dll

2011-02-19 10:26 . 2011-02-19 10:26        --------        d-----w-        C:\Temp

2011-02-19 10:25 . 2011-02-19 13:04        --------        d-----w-        c:\users\Marc\AppData\Local\Samsung

2011-02-19 10:24 . 2010-12-30 09:41        82112        ----a-w-        c:\windows\system32\drivers\ssudbus.sys

2011-02-19 10:24 . 2010-12-30 09:41        202560        ----a-w-        c:\windows\system32\drivers\ssudserd.sys

2011-02-19 10:24 . 2010-12-30 09:41        202560        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys

2011-02-19 10:22 . 2011-01-29 16:00        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll

2011-02-19 10:22 . 2011-01-29 16:00        821824        ----a-w-        c:\windows\SysWow64\dgderapi.dll

2011-02-19 10:02 . 2011-01-31 01:01        87340080        ----a-w-        c:\users\Marc\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-24 17:23 . 2010-06-06 15:56        3523928        ----a-w-        c:\windows\RXSUnins.exe

2011-02-24 17:23 . 2010-06-06 15:56        3523928        ----a-w-        c:\windows\RXCUnins.exe

2011-02-02 16:11 . 2009-11-01 00:51        270720        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-29 22:16 . 2011-01-29 22:16        30056        ----a-w-        c:\windows\SysWow64\MASetupCleaner.exe

2011-01-29 16:00 . 2011-01-29 16:00        90112        ----a-w-        c:\windows\MAMCityDownload.ocx

2011-01-29 16:00 . 2011-01-29 16:00        325552        ----a-w-        c:\windows\MASetupCaller.dll

2011-01-29 16:00 . 2011-01-29 16:00        30568        ----a-w-        c:\windows\MusiccityDownload.exe

2011-01-29 16:00 . 2011-01-29 16:00        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll

2011-01-29 16:00 . 2011-01-29 16:00        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll

2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll

2011-01-29 16:00 . 2011-01-29 16:00        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax

2011-01-29 16:00 . 2011-01-29 16:00        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll

2011-01-29 16:00 . 2011-01-29 16:00        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll

2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\SysWow64\MaXMLProto.dll

2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\SysWow64\MACXMLProto.dll

2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\SysWow64\MTTELECHIP.dll

2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll

2011-01-29 16:00 . 2011-01-29 16:00        352256        ----a-w-        c:\windows\SysWow64\MSLUR71.dll

2011-01-29 16:00 . 2011-01-29 16:00        258048        ----a-w-        c:\windows\SysWow64\muzoggsp.ax

2011-01-29 16:00 . 2011-01-29 16:00        245760        ----a-w-        c:\windows\SysWow64\MSCLib.dll

2011-01-29 16:00 . 2011-01-29 16:00        200704        ----a-w-        c:\windows\SysWow64\muzwmts.dll

2011-01-29 16:00 . 2011-01-29 16:00        155648        ----a-w-        c:\windows\SysWow64\MSFLib.dll

2011-01-29 16:00 . 2011-01-29 16:00        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax

2011-01-29 16:00 . 2011-01-29 16:00        135168        ----a-w-        c:\windows\SysWow64\muzaf1.dll

2011-01-29 16:00 . 2011-01-29 16:00        131072        ----a-w-        c:\windows\SysWow64\muzmpgsp.ax

2011-01-29 16:00 . 2011-01-29 16:00        122880        ----a-w-        c:\windows\SysWow64\muzeffect.ax

2011-01-29 16:00 . 2011-01-29 16:00        118784        ----a-w-        c:\windows\SysWow64\MaDRM.dll

2011-01-29 16:00 . 2011-01-29 16:00        110592        ----a-w-        c:\windows\SysWow64\muzmp4sp.ax

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"rfxsrvtray"="c:\program files (x86)\Tobit Radio.fx\Client\rfx-tray.exe" [2010-01-13 686344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-10-23 639784]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-06 136176]

R3 ATICDSDr;ATICDSDr;c:\users\Marc\AppData\Local\Temp\ATICDSDr.sys [x]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2009-10-02 154112]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2010-12-30 82112]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-30 20552]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2009-11-03 211968]

R3 HDJMidi;Hercules DJ Console Mk2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-10-02 144896]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2010-12-30 202560]

R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2010-12-30 202560]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-24 16392]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [2011-02-28 3577688]

S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-06 21:38]

.

2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-06 21:38]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF1894.cfxxe" [X]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.icq.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Free YouTube to Mp3 Converter - c:\users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\w4ajdl51.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-NPSStartup - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1122412865-2413838328-8992975-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{221D567C-9DD1-8E04-75FA-1CCECEAB8F82}*]

@Allowed: (Read) (RestrictedCode)

"iabahicmhikccaodci"=hex:6a,61,6e,70,64,62,6d,64,69,6d,62,64,6d,6e,70,61,6b,67,

   64,70,00,00

"halapchlbenffepm"=hex:6a,61,6e,70,64,62,6d,64,65,6d,6e,62,67,66,6b,6b,6f,69,

   66,6c,00,00

"ianbndieillhncmbom"=hex:63,61,67,70,65,61,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-03-05  17:00:50 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-03-05 16:00

.

Vor Suchlauf: 12 Verzeichnis(se), 266.927.325.184 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 268.149.665.792 Bytes frei

.

- - End Of File - - 9BA7FDFEB909252A843A19F5701C9A3C

--- --- ---

Onlinebanking mach ich gelegentlich, ja...