Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"

cosinus · 13.02.2012, 22:53

Ich leider nichts von dir im Upchannel. Wie groß ist die ZIP Datei denn geworden?

ch0ka · 13.02.2012, 23:01

Ganze 4kB

cosinus · 13.02.2012, 23:16

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

ch0ka · 14.02.2012, 12:22

Jetzt scheint alles reibungslos gelaufen zu sein

Code:

ATTFilter

ComboFix 12-02-13.01 - Dennis 14.02.2012  11:42:17.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2657 [GMT 1:00]
ausgeführt von:: c:\users\Dennis\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\users\Dennis\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-14 bis 2012-02-14  ))))))))))))))))))))))))))))))
.
.
2012-02-14 10:53 . 2012-02-14 10:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-14 10:53 . 2012-02-14 10:53	--------	d-----w-	c:\users\cHk\AppData\Local\temp
2012-02-12 17:13 . 2011-05-20 12:49	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2012-02-12 17:13 . 2011-05-20 12:43	25920	----a-w-	c:\windows\system32\authuitu.dll
2012-02-12 17:13 . 2011-05-20 12:43	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2012-02-12 17:13 . 2011-05-20 12:43	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2012-02-12 17:13 . 2011-05-20 12:43	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-02-12 15:47 . 2012-02-12 15:47	--------	d-----w-	c:\users\Dennis\AppData\Roaming\ArcSoft
2012-02-12 15:46 . 2012-02-12 15:46	--------	d-----w-	c:\users\Dennis\AppData\Local\ArcSoft
2012-02-12 15:46 . 2012-02-12 15:46	--------	d-----w-	c:\programdata\ArcSoft
2012-02-12 15:46 . 2012-02-12 15:46	--------	d-----w-	c:\program files (x86)\Common Files\ArcSoft
2012-02-12 15:46 . 2011-11-10 10:14	311872	----a-w-	c:\windows\system32\drivers\ArcSec.sys
2012-02-12 15:46 . 2010-12-30 16:29	80448	----a-w-	c:\windows\system32\MMCEDT5.exe
2012-02-12 15:44 . 2012-02-12 15:44	--------	d-----w-	c:\users\Dennis\AppData\Local\Downloaded Installations
2012-02-12 15:22 . 2012-02-12 15:22	--------	d-----w-	c:\users\Dennis\AppData\Local\AMD
2012-02-12 15:21 . 2012-02-12 15:21	--------	d-----w-	c:\programdata\ATI
2012-02-12 15:13 . 2012-02-12 15:13	--------	d-----w-	c:\program files (x86)\AMD APP
2012-02-12 15:12 . 2012-02-12 15:12	--------	d-----w-	c:\programdata\AMD
2012-02-12 15:12 . 2010-02-18 08:18	46136	----a-w-	c:\windows\system32\drivers\amdiox64.sys
2012-02-12 09:40 . 2012-02-12 09:40	--------	d-----w-	c:\windows\system32\%LOCALAPPDATA%
2012-02-10 11:19 . 2012-02-10 11:19	--------	d-----w-	c:\program files (x86)\ESET
2012-02-10 08:20 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{73B97690-9A8A-484B-9F5A-D364843EC570}\mpengine.dll
2012-02-09 12:43 . 2012-02-09 12:43	--------	d-----w-	c:\windows\system32\SPReview
2012-02-09 12:41 . 2012-02-09 12:41	--------	d-----w-	c:\windows\system32\EventProviders
2012-02-09 11:55 . 2012-02-09 11:55	--------	d-----w-	c:\users\cHk\AppData\Local\LogMeIn
2012-02-08 15:37 . 2012-02-08 15:39	--------	d-----w-	c:\programdata\Protexis
2012-02-08 15:35 . 2010-11-16 15:24	15672	----a-w-	c:\windows\system32\drivers\regi.sys
2012-02-07 14:32 . 2012-02-07 14:32	--------	d-----w-	c:\users\Dennis\AppData\Local\MediaShow
2012-02-07 14:27 . 2012-02-07 14:27	--------	d-----w-	c:\users\Dennis\AppData\Local\MediaServer
2012-02-07 14:26 . 2012-02-08 15:05	--------	d-----w-	c:\programdata\PDVD
2012-02-07 14:26 . 2012-02-12 16:25	--------	d-----w-	c:\users\Public\CyberLink
2012-02-07 14:26 . 2012-02-12 16:25	--------	d-----w-	c:\users\Dennis\AppData\Local\CyberLink
2012-02-07 14:13 . 2012-02-12 16:26	--------	d-----w-	c:\programdata\CyberLink
2012-02-07 14:13 . 2012-02-07 14:31	--------	d-----w-	c:\users\Dennis\AppData\Roaming\CyberLink
2012-02-07 14:07 . 2012-02-07 14:23	--------	d-----w-	c:\programdata\install_clap
2012-01-30 17:33 . 2012-01-30 17:33	5185536	----a-r-	c:\users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2012-01-30 17:33 . 2012-01-30 17:33	28672	----a-r-	c:\users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2012-01-29 18:25 . 2012-01-29 18:25	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Avira
2012-01-29 10:24 . 2012-01-29 10:24	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Mozilla-Cache
2012-01-26 12:19 . 2012-01-26 12:20	--------	d-----w-	c:\users\Dennis\AppData\Local\FullTiltPoker
2012-01-19 22:47 . 2012-01-19 23:10	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
2012-01-19 18:14 . 2012-01-19 18:15	--------	d-----w-	C:\med7net
2012-01-19 18:13 . 2004-12-13 20:16	53248	----a-w-	c:\windows\SysWow64\foxtools.fll
2012-01-16 14:30 . 2012-01-16 14:30	--------	d-----w-	c:\programdata\PassMark
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 12:59 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-02-09 12:59 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-01-26 23:52 . 2011-02-24 15:18	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-15 15:26 . 2011-01-03 00:34	280736	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-01-15 15:26 . 2011-01-03 00:10	280736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-01-15 15:25 . 2011-01-03 00:10	215128	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-12-10 14:24 . 2011-08-22 21:18	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-06 03:45 . 2011-12-06 03:45	10720256	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18	25371136	----a-w-	c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-12-06 03:17	778752	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-12-06 03:16	933888	----a-w-	c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12	494080	----a-w-	c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11	235520	----a-w-	c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10	360448	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06	6159872	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56	19125760	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2011-12-06 02:51	7520768	----a-w-	c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39	4072960	----a-w-	c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34	13738496	----a-w-	c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33	5919232	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29	11484672	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28	4206592	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24	7511040	----a-w-	c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-12-06 02:18	58880	----a-w-	c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2010-09-16 10:55	509952	----a-w-	c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	356352	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	14336	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	14336	----a-w-	c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	327168	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2010-11-26 02:16	42496	----a-w-	c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11	33280	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11	39936	----a-w-	c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11	29696	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10	54784	----a-w-	c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04	69632	----a-w-	c:\windows\system32\OpenVideo64.dll
2011-12-05 21:04 . 2011-12-05 21:04	59904	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03	61952	----a-w-	c:\windows\system32\OVDecode64.dll
2011-12-05 21:03 . 2011-12-05 21:03	54784	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03	17580544	----a-w-	c:\windows\system32\amdocl64.dll
2011-12-05 21:03 . 2011-12-05 21:03	14499328	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-12-05 21:02 . 2011-12-05 21:02	51200	----a-w-	c:\windows\system32\OpenCL.dll
2011-12-05 21:02 . 2011-12-05 21:02	44032	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-12-05 19:47 . 2011-12-05 19:47	95248	----a-w-	c:\windows\system32\drivers\AtihdW76.sys
2011-11-24 04:52 . 2011-12-14 13:48	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 13:51	77312	----a-w-	c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 13:51	67072	----a-w-	c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-11 13:51	1731920	----a-w-	c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-11 13:51	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"RemoteControl11"="e:\powerdvd11\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - e:\totalmediatheatre\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\adaware\KernExplorer64.sys [2011-08-22 17152]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-02-12 60064]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;e:\powerdvd11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;e:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;e:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R4 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
R4 LMIGuardianSvc;LMIGuardianSvc;e:\logmein\x64\LMIGuardianSvc.exe [2011-09-26 375176]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/12 18:01];e:\powerdvd11\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\adaware\AAWService.exe [2011-09-02 2152152]
S2 LMIInfo;LogMeIn Kernel Information Provider;e:\logmein\x64\RaInfo.sys [2011-01-11 15928]
S2 ntk_PowerDVD;ntk_PowerDVD;e:\powerdvd11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\tuneup2011\TuneUpUtilitiesService64.exe [2011-05-20 2026304]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\tuneup2011\TuneUpUtilitiesDriver64.sys [2011-04-26 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 08:04]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 08:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"LogMeIn GUI"="e:\logmein\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\e:\powerdvd11\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1999676654-2780985729-305467352-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*b*e*p*âúa6\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1999676654-2780985729-305467352-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,ac,12,05,ff,75,55,0a,44,9f,bb,3b,68,b3,dc,e2,77,86,2d,ac,f9,
   e8,d2,21,18,2a,07,a1,6c,34,cd,25,43,2a,67,11,c1,7b,87,d6,fe,c9,bc,84,bc,d4,\
"rkeysecu"=hex:5e,0a,d0,11,c3,be,4c,10,a6,af,e6,39,8c,21,63,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
e:\adaware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-14  12:13:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-14 11:13
.
Vor Suchlauf: 18 Verzeichnis(se), 17.848.139.776 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 17.739.137.024 Bytes frei
.
- - End Of File - - EF5204550655D3E0401F2C6697501DD9

Die Qoobox-Quarantäne hab ich im Upload-Channel hochgeladen

cosinus · 14.02.2012, 15:04

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

13.02.2012, 22:53	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Ich leider nichts von dir im Upchannel. Wie groß ist die ZIP Datei denn geworden? __________________ Logfiles bitte immer in CODE-Tags posten

13.02.2012, 23:16	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ __________________

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"

Plagegeister aller Art und deren Bekämpfung: Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"