Trojaner-Board - Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!

Combofix Logfile:
Code:
ComboFix 12-01-09.02 - *** 09.01.2012  11:56:37.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.2191 [GMT 1:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xml6C97.tmp

c:\programdata\xml6D73.tmp

c:\programdata\xml6F09.tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-09 bis 2012-01-09  ))))))))))))))))))))))))))))))

.

.

2012-01-09 11:03 . 2012-01-09 11:03        --------        d-----w-        c:\users\***\AppData\Local\temp

2012-01-09 10:47 . 2012-01-09 10:47        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF452A57-FBFD-440F-8410-A8930153CE67}\offreg.dll

2012-01-08 21:14 . 2012-01-08 21:14        --------        d-----w-        C:\_OTL

2012-01-07 16:59 . 2012-01-07 16:59        --------        d-----w-        c:\program files\ESET

2012-01-06 09:42 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF452A57-FBFD-440F-8410-A8930153CE67}\mpengine.dll

2012-01-04 12:35 . 2011-02-19 06:30        805376        ----a-w-        c:\windows\system32\FntCache.dll

2012-01-04 12:35 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\system32\DWrite.dll

2012-01-04 12:35 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\system32\d2d1.dll

2012-01-04 12:27 . 2012-01-04 12:30        --------        d-----w-        c:\programdata\SecTaskMan

2012-01-04 12:27 . 2012-01-04 12:27        --------        d-----w-        c:\program files\Security Task Manager

2012-01-03 20:49 . 2012-01-03 20:49        --------        d-----w-        c:\program files\Free M4a to MP3 Converter

2012-01-02 17:52 . 2012-01-02 17:52        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2012-01-02 17:46 . 2011-02-18 05:39        31232        ----a-w-        c:\windows\system32\prevhost.exe

2012-01-02 17:46 . 2011-03-11 05:39        148864        ----a-w-        c:\windows\system32\drivers\storport.sys

2012-01-02 17:46 . 2011-03-11 05:39        1211264        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2012-01-02 17:46 . 2011-03-11 05:38        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys

2012-01-02 17:46 . 2011-03-11 05:33        1699328        ----a-w-        c:\windows\system32\esent.dll

2012-01-02 17:46 . 2011-03-11 05:39        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys

2012-01-02 17:46 . 2011-03-11 05:39        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys

2012-01-02 17:46 . 2011-03-11 05:38        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys

2012-01-02 17:46 . 2011-03-11 05:38        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys

2012-01-02 17:46 . 2011-03-11 05:31        74240        ----a-w-        c:\windows\system32\fsutil.exe

2012-01-02 17:44 . 2011-04-22 19:14        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2012-01-02 17:42 . 2011-02-03 05:54        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys

2012-01-02 17:34 . 2012-01-02 17:34        --------        d-----w-        c:\users\***\AppData\Local\WindowsUpdate

2011-12-26 11:01 . 2011-12-17 05:09        121816        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-12-26 11:01 . 2011-12-17 05:08        43992        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll

2011-12-26 11:01 . 2011-12-17 01:19        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll

2011-12-26 11:01 . 2011-12-17 01:19        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll

2011-12-26 11:01 . 2011-12-17 01:19        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll

2011-12-18 14:06 . 2011-12-18 14:14        --------        d-----w-        c:\program files\ARIS7.1

2011-12-16 07:26 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys

2011-12-16 07:26 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-16 07:26 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-16 07:26 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-16 07:26 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-16 07:26 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2010-11-05 13:43        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-12 10:25 . 2011-05-15 13:18        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-06 14:26 . 2010-04-25 00:01        443448        ----a-w-        c:\windows\system32\drivers\sptd.sys

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2011-12-17 05:09 . 2011-12-26 11:01        121816        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:58        297808        ----a-w-        c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59        937920        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 06:22        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2010-03-25 01:50        2516296        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33        4910912        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44        31072        ----a-w-        d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-07-22 17:33        150528        ----a-w-        c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2011-04-06 14:12        119608        ----a-w-        c:\program files\ICQ7.4\ICQ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linkury Chrome Smartbar]

2011-10-27 19:14        103224        ----a-w-        c:\program files\Linkury\Linkury.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-12-24 16:50        981680        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]

2011-10-11 09:03        220744        ----a-w-        c:\program files\PDF24\pdf24.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 08:27        17351304        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 136176]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 136176]

R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2010-01-14 841504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-01 172032]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

HPService        REG_MULTI_SZ           HPSLPSVC

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:17]

.

2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:17]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://google.de/

IE: Nach Microsoft E&xel exportieren - d:\progra~1\OFFICE~1\Office12\EXCEL.EXE/3000

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe

TCP: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vn00lvsb.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-nmapp - c:\program files\Pure Networks\Network Magic\nmapp.exe

MSConfigStartUp-nmctxth - c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-09  12:05:34

ComboFix-quarantined-files.txt  2012-01-09 11:05

.

Vor Suchlauf: 8.934.748.160 Bytes frei

Nach Suchlauf: 9.315.696.640 Bytes frei

.

- - End Of File - - 69494037C6011C2BD918B7CBA3C7203D
--- --- ---