C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten

t'john · 07.03.2013, 19:27

OK:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

oguzhan002 · 09.03.2013, 16:08

Hier

Code:

ATTFilter

ComboFix 13-03-07.03 - ***** 09.03.2013  15:49:40.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.1771 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Public\Documents\NTILiveUpdate.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-09 bis 2013-03-09  ))))))))))))))))))))))))))))))
.
.
2013-03-09 15:00 . 2013-03-09 15:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-08 12:42 . 2013-02-19 02:57	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D100A3B3-1179-485B-AC67-0EC4F410D742}\mpengine.dll
2013-03-07 12:58 . 2013-03-07 12:58	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2013-03-06 22:11 . 2013-03-09 14:43	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2013-03-06 22:09 . 2013-03-06 22:09	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-03-06 00:44 . 2013-03-06 00:44	--------	d-----w-	c:\windows\de
2013-03-05 22:06 . 2013-03-05 22:07	--------	d-----w-	c:\program files (x86)\Audacity
2013-03-05 21:06 . 2013-03-05 21:06	--------	d-----w-	c:\programdata\ManyCam
2013-03-05 21:06 . 2013-03-05 21:07	--------	d-----w-	c:\program files (x86)\ManyCam
2013-03-05 21:06 . 2012-10-11 03:08	44928	----a-w-	c:\windows\system32\drivers\mcvidrv_x64.sys
2013-03-05 19:41 . 2013-03-05 19:41	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2013-03-05 19:40 . 2013-03-05 19:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-03-05 19:40 . 2013-03-05 19:40	--------	d-----w-	c:\windows\Sun
2013-03-05 19:40 . 2013-03-05 19:39	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-05 19:39 . 2013-03-05 19:39	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 19:39 . 2013-03-05 19:39	--------	d-----w-	c:\program files (x86)\Java
2013-03-05 17:57 . 2013-03-05 18:03	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2013-03-05 17:57 . 2013-03-05 19:31	--------	d-----w-	c:\program files (x86)\Steam
2013-03-04 21:24 . 2013-03-04 21:23	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-04 21:24 . 2013-03-04 21:23	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-04 21:24 . 2013-03-04 21:23	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-04 21:24 . 2013-03-04 21:23	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-04 21:24 . 2013-03-04 21:23	188320	----a-w-	c:\windows\system32\java.exe
2013-03-04 21:23 . 2013-03-04 21:23	--------	d-----w-	c:\program files\Java
2013-03-03 02:45 . 2013-03-03 02:45	--------	d-----w-	c:\program files\NVIDIA Corporation
2013-03-02 20:35 . 2013-03-02 20:35	--------	d-----w-	c:\programdata\Tarma Installer
2013-02-27 21:34 . 2013-01-04 06:11	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-27 21:34 . 2013-01-13 19:53	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-02-27 21:34 . 2013-01-13 19:24	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-02-27 21:34 . 2013-01-04 06:11	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-02-26 17:24 . 2013-02-26 17:24	--------	d-----w-	C:\_OTL
2013-02-26 12:07 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-02-26 12:07 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-02-26 12:07 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-02-26 12:07 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-02-26 12:07 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-02-26 12:07 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-02-26 12:07 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-02-26 12:07 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-02-26 12:07 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-02-26 12:07 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2013-02-26 12:07 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2013-02-26 12:05 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2013-02-26 12:05 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-02-25 21:45 . 2013-03-07 00:39	--------	d-----w-	c:\program files (x86)\Cheat Engine 6.2
2013-02-25 20:23 . 2013-02-25 20:23	--------	d-----w-	c:\windows\system32\SPReview
2013-02-25 20:17 . 2013-02-25 20:20	--------	d-----w-	C:\bcca0ba609e9c6cee797cd8fd3
2013-02-25 20:01 . 2013-02-25 20:01	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-25 20:01 . 2013-02-25 20:01	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-25 20:01 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-25 19:27 . 2013-02-25 19:27	--------	d-----w-	c:\program files (x86)\PC Tools
2013-02-25 19:26 . 2013-02-25 19:27	--------	d-----w-	c:\program files (x86)\CVBot - DEVIL 1.11 - V3
2013-02-25 19:23 . 2013-02-26 17:26	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2013-02-25 19:23 . 2012-11-01 14:35	253256	----a-w-	c:\windows\system32\drivers\PCTSD64.sys
2013-02-25 19:23 . 2013-02-26 17:14	--------	d-----w-	c:\programdata\PC Tools
2013-02-25 00:30 . 2013-02-25 00:30	--------	d-----w-	c:\windows\symbols
2013-02-25 00:25 . 2013-02-25 00:25	--------	d-----w-	c:\programdata\VS
2013-02-24 23:54 . 2013-02-24 23:54	--------	d-----w-	c:\windows\system32\EventProviders
2013-02-24 23:51 . 2011-09-22 20:07	105832	----a-w-	c:\windows\system32\SQSRVRES.DLL
2013-02-24 23:51 . 2011-09-22 20:06	109416	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-02-24 23:51 . 2011-09-22 16:18	73064	----a-w-	c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-02-24 23:50 . 2013-02-24 23:50	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 9.0
2013-02-24 21:57 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 21:57 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 18:33 . 2013-02-24 18:33	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-02-24 18:33 . 2012-07-28 01:15	57280	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2013-02-24 18:32 . 2013-03-06 00:38	--------	d-----w-	c:\program files\Windows Live
2013-02-24 17:05 . 2013-02-24 17:05	--------	d-----w-	c:\program files (x86)\Common Files\Ulead Systems
2013-02-24 17:04 . 2013-02-24 17:04	--------	d-----w-	c:\program files (x86)\Ulead Systems
2013-02-24 17:03 . 2013-02-24 17:06	--------	d-----w-	c:\programdata\Ulead Systems
2013-02-24 16:52 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2013-02-24 16:52 . 2010-11-05 01:57	1942856	----a-w-	c:\windows\system32\dfshim.dll
2013-02-24 16:52 . 2010-11-05 01:58	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2013-02-24 16:50 . 2010-11-20 13:27	577536	----a-w-	c:\windows\system32\WSDApi.dll
2013-02-24 16:49 . 2010-11-20 13:27	448000	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2013-02-24 16:48 . 2010-11-20 13:27	93184	----a-w-	c:\program files\Windows Mail\oeimport.dll
2013-02-24 16:47 . 2010-11-20 12:21	363008	----a-w-	c:\windows\SysWow64\wbemcomn.dll
2013-02-24 16:47 . 2010-11-20 12:21	189952	----a-w-	c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-02-24 16:47 . 2010-11-20 12:19	606208	----a-w-	c:\windows\SysWow64\wbem\fastprox.dll
2013-02-24 16:44 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2013-02-24 16:44 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2013-02-24 16:43 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2013-02-24 15:21 . 2011-03-11 06:33	2565632	----a-w-	c:\windows\system32\esent.dll
2013-02-24 15:21 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\SysWow64\esent.dll
2013-02-24 15:21 . 2011-03-11 06:41	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2013-02-24 15:21 . 2011-03-11 06:41	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2013-02-24 15:21 . 2011-03-11 06:41	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2013-02-24 15:21 . 2011-03-11 06:41	189824	----a-w-	c:\windows\system32\drivers\storport.sys
2013-02-24 15:21 . 2011-03-11 06:41	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2013-02-24 15:21 . 2011-03-11 06:41	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2013-02-24 15:21 . 2011-03-11 04:37	91648	----a-w-	c:\windows\system32\drivers\USBSTOR.SYS
2013-02-24 15:21 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2013-02-24 15:21 . 2011-03-11 05:31	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2013-02-24 15:10 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-02-24 15:10 . 2011-03-25 03:29	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-02-24 15:10 . 2011-03-25 03:29	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-02-24 15:10 . 2011-03-25 03:29	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-02-24 15:10 . 2011-03-25 03:29	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-02-24 15:10 . 2011-03-25 03:29	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-02-24 15:10 . 2011-03-25 03:28	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-02-24 15:02 . 2013-02-24 15:02	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2013-02-24 13:23 . 2013-02-24 13:23	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-02-24 13:23 . 2013-02-24 13:23	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-02-24 06:18 . 2013-02-04 21:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-24 06:08 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-02-24 06:08 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-02-24 06:08 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-02-24 05:44 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-02-24 04:17 . 2013-02-24 04:17	--------	d-----w-	C:\MyWinLockerData
2013-02-24 01:44 . 2013-02-24 01:44	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-24 01:44 . 2013-02-24 01:44	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2013-02-24 01:43 . 2013-02-24 01:46	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2013-02-24 01:39 . 2013-02-24 01:41	--------	d-----w-	c:\programdata\DAEMON Tools USB
2013-02-23 21:58 . 2013-02-23 21:58	--------	d-----w-	c:\users\Abdullah
2013-02-23 19:30 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2013-02-23 19:30 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2013-02-23 18:35 . 2013-02-23 18:35	--------	d-----w-	c:\windows\Multihack .United
2013-02-23 15:50 . 2013-02-23 15:50	--------	d-----w-	c:\programdata\NtiDvdCopy
2013-02-23 13:00 . 2013-03-08 03:24	--------	d-----w-	C:\SkyDriveTemp
2013-02-23 12:59 . 2013-02-23 12:59	--------	d-----w-	c:\program files (x86)\Microsoft SkyDrive
2013-02-23 12:59 . 2013-02-23 12:59	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2013-02-23 11:37 . 2009-07-21 00:42	78872	----a-w-	c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-02-23 11:37 . 2009-07-21 00:42	50200	----a-w-	c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-02-23 11:36 . 2013-02-23 11:36	--------	d-----w-	c:\windows\system32\RsFx
2013-02-23 11:34 . 2013-02-23 11:34	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-25 20:43 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-02-25 20:43 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-02-19 20:43 . 2013-02-19 20:43	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2013-02-19 20:43 . 2013-02-19 20:43	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2013-02-19 20:43 . 2013-02-19 20:43	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2013-02-19 20:43 . 2013-02-19 20:43	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2013-02-19 20:43 . 2013-02-19 20:43	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2013-02-19 20:43 . 2013-02-19 20:43	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2013-01-31 09:50 . 2013-01-31 09:50	28160	----a-w-	c:\windows\system32\drivers\mcaudrv_x64.sys
2013-01-04 04:43 . 2013-02-22 23:43	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-23 12:59	222712	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-23 12:59	222712	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-23 12:59	222712	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-10 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"AVMUSBFernanschluss"="c:\users\*****\AppData\Local\Apps\2.0\E3E0GG4D.3NP\DJLKRBJ3.ETX\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [2013-02-22 139264]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2013-02-12 5402960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-01-23 385248]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-01-30 3365288]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-01-30 3089320]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-01-28 86752]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2013-02-22 116480]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-24 283200]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2013-01-31 28160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 16:06	1630672	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-09 c:\windows\Tasks\Acer Registration Reminder.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2009-08-28 09:40]
.
2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-22 14:56]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 17:54]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-23 12:59	261624	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-23 12:59	261624	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-23 12:59	261624	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2013-02-19 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.iminent.com/?appId=63AEABB1-2A6C-40ED-8CB1-4B90B473E49A
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360213g016l0498z195t6501a666
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5eqsuz0o.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF- 8&oe=utf-8&q=
FF - ExtSQL: 2013-02-22 19:37; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Metin2_is1 - c:\skydrivetemp\Metin2\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-09  16:06:50
ComboFix-quarantined-files.txt  2013-03-09 15:06
.
Vor Suchlauf: 11 Verzeichnis(se), 423.118.475.264 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 422.885.822.464 Bytes frei
.
- - End Of File - - 6BB601CAF53B89BC2055DFD3671CEECF

C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten

Log-Analyse und Auswertung: C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten

C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten

C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten

Ähnliche Themen: C:\WINDOWS\system32 Ordner öffnet sich automatisch beim Starten