Trojaner-Board - Nur Internet Explorer kann auf Websites zugreifen, Chrome und Mozilla verweigern.

Code:

ComboFix 11-07-11.02 - Manuel 11.07.2011  18:06:24.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.4095.2430 [GMT 2:00]

ausgeführt von:: c:\users\Manuel\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Manuel\League of Legends spielen .lnk

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-11 bis 2011-07-11  ))))))))))))))))))))))))))))))

.

.

2011-07-11 16:13 . 2011-07-11 16:13        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-07-08 17:01 . 2011-07-08 17:01        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Avira

2011-07-08 16:59 . 2011-07-08 16:58        123784        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-07-08 16:59 . 2011-07-08 16:58        131336        ----a-w-        c:\windows\system32\drivers\avfwot.sys

2011-07-08 16:59 . 2011-07-08 16:58        101984        ----a-w-        c:\windows\system32\drivers\avfwim.sys

2011-07-08 16:57 . 2011-07-08 16:58        88288        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-07-08 16:57 . 2011-07-08 16:57        --------        d-----w-        c:\program files (x86)\Avira

2011-07-04 18:23 . 2011-07-04 18:23        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Trillian

2011-07-04 18:22 . 2011-07-10 19:34        --------        d-----w-        c:\program files (x86)\Trillian

2011-07-03 17:59 . 2011-07-03 17:59        --------        d-----w-        c:\users\Manuel\AppData\Roaming\DeadMage

2011-07-01 16:06 . 2011-07-01 16:06        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-06-30 21:57 . 2011-07-02 15:09        --------        d-----w-        c:\users\Manuel\AppData\Local\Bit.Trip Beat

2011-06-30 21:05 . 2011-06-30 22:58        --------        d-----w-        c:\users\Manuel\AppData\Local\BIT.TRIP RUNNER

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Realtime Soft

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\program files (x86)\Common Files\Realtime Soft

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\programdata\Realtime Soft

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\program files\UltraMon

2011-06-25 13:57 . 2011-06-25 14:27        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Bitcoin

2011-06-24 14:44 . 2011-06-24 14:44        --------        d-----w-        c:\program files (x86)\Winamp Detect

2011-06-24 14:44 . 2011-07-08 17:28        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Winamp

2011-06-24 14:44 . 2011-06-24 14:46        --------        d-----w-        c:\program files (x86)\Winamp

2011-06-22 06:55 . 2011-06-22 06:55        --------        d-----w-        c:\programdata\ATI

2011-06-22 06:55 . 2011-06-22 06:55        --------        d-----w-        c:\program files (x86)\AMD APP

2011-06-19 09:07 . 2011-06-19 09:07        --------        d-----w-        c:\program files (x86)\Gamers.IRC

2011-06-18 15:35 . 2011-06-18 15:35        204288        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-06-16 21:18 . 2011-06-16 21:18        --------        d-----w-        c:\users\Manuel\AppData\Local\RiotStats

2011-06-15 13:26 . 2011-04-25 05:33        1923968        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-06-15 13:26 . 2011-04-25 02:34        499200        ----a-w-        c:\windows\system32\drivers\afd.sys

2011-06-15 13:26 . 2011-04-27 02:40        158208        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-06-15 13:26 . 2011-04-27 02:39        289280        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-06-15 13:26 . 2011-04-27 02:39        128000        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-06-15 13:25 . 2011-05-28 03:06        3135488        ----a-w-        c:\windows\system32\win32k.sys

2011-06-15 13:25 . 2011-04-29 03:06        467456        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-06-15 13:25 . 2011-04-29 03:05        410112        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-06-15 13:25 . 2011-04-29 03:05        168448        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-06-15 13:25 . 2011-02-25 06:22        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-06-15 13:25 . 2011-02-25 05:34        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-06-15 13:15 . 2011-06-15 13:15        --------        d-----w-        c:\program files (x86)\PDF Blender

2011-06-15 13:14 . 2011-05-03 05:29        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-06-15 13:14 . 2011-05-03 04:30        741376        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-06-11 22:12 . 2011-06-11 22:12        --------        d-----w-        c:\users\Manuel\AppData\Local\GamersFirst LIVE!

2011-06-11 22:11 . 2011-06-11 22:11        --------        d-----w-        c:\program files (x86)\GamersFirst

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 17:59 . 2010-08-15 09:39        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-07-03 17:59 . 2010-08-15 09:39        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2011-07-03 17:59 . 2010-08-15 09:39        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-07-03 17:59 . 2010-08-15 09:39        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2011-06-22 14:57 . 2011-05-18 06:14        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-18 15:36 . 2011-05-10 07:59        4017152        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-06-18 15:36 . 2010-07-07 01:15        40960        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-06-18 15:36 . 2010-05-27 16:35        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-06-18 15:36 . 2010-07-07 01:14        29184        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-06-18 15:36 . 2011-05-10 08:01        4330496        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-06-18 15:35 . 2011-05-10 08:01        4219904        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-06-18 15:35 . 2010-05-27 16:46        5008384        ----a-w-        c:\windows\system32\atidxx64.dll

2011-06-18 15:35 . 2011-05-10 08:00        31744        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-06-18 15:35 . 2011-05-10 08:00        688128        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-06-18 15:35 . 2010-05-27 17:02        811008        ----a-w-        c:\windows\system32\aticfx64.dll

2011-06-14 08:37 . 2010-08-14 07:23        281656        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-06-14 08:37 . 2010-08-14 06:56        281656        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-06-14 08:36 . 2010-08-14 06:56        281200        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2011-06-12 17:35 . 2010-08-14 06:56        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2011-05-24 21:44 . 2011-05-24 21:44        61952        ----a-w-        c:\windows\system32\OVDecode64.dll

2011-05-24 21:44 . 2011-05-24 21:44        59904        ----a-w-        c:\windows\SysWow64\OVDecode.dll

2011-05-24 21:44 . 2011-05-24 21:44        16672768        ----a-w-        c:\windows\system32\amdocl64.dll

2011-05-24 21:43 . 2011-05-24 21:43        12798976        ----a-w-        c:\windows\SysWow64\amdocl.dll

2011-05-09 22:00 . 2011-05-24 06:53        8718160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5E1925-4790-418D-8F2B-77543E2705F6}\mpengine.dll

2011-05-04 17:06 . 2009-08-18 10:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-05-04 17:06 . 2009-08-18 09:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-05-04 02:52 . 2010-08-14 13:23        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-04-22 22:15 . 2011-05-25 13:20        27520        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-04-19 20:10 . 2011-04-19 20:10        53760        ----a-w-        c:\windows\system32\OpenCL.dll

2011-04-19 20:10 . 2011-04-19 20:10        51712        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2011-04-14 10:43 . 2010-12-05 19:38        179616        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-07-08 281768]

.

c:\users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-6-29 29310]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

.

R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DVBHRoutingManager;DVBHRoutingManager;c:\program files (x86)\3DataManager\Drivers\ZTE MF635\Drivers\64bit\VISTA\DVBHRoutingVista.exe [2010-10-18 159744]

R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]

R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]

R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [x]

R3 smsndis;SMS Digital Video IP Sink;c:\windows\system32\drivers\smsndis.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [x]

R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-07-08 567464]

S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-07-08 340136]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-08 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-08 428200]

S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2009-03-10 296400]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 10:06        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355249871-177199204-160943406-1001Core.job

- c:\users\Manuel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-09 07:16]

.

2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355249871-177199204-160943406-1001UA.job

- c:\users\Manuel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-09 07:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]

"lxdxamon"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 130.244.127.161 168.95.1.1 168.95.1.1

FF - ProfilePath - c:\users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\jlrw6us6.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3355249871-177199204-160943406-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:52,4c,9a,16,ba,2c,32,90,1b,23,53,c3,e0,9d,07,15,6d,a7,12,83,7f,b8,21,

   7b,6c,ab,55,9e,23,e7,c0,1c,b2,65,3c,12,36,4a,5e,14,d9,ce,95,30,ca,9f,36,e7,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_USERS\S-1-5-21-3355249871-177199204-160943406-1001\Software\SecuROM\License information*]

"datasecu"=hex:dc,d4,e2,31,94,9d,66,92,ae,48,55,76,37,ea,0c,86,ef,2d,d0,1e,a6,

   7e,17,be,70,87,24,36,9c,f4,f9,f1,22,d4,5a,0d,6f,73,71,31,4a,57,cb,64,52,0c,\

"rkeysecu"=hex:a0,44,7c,d6,78,77,f7,6d,d9,1e,e2,4d,95,16,b7,d8

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-07-11  18:16:33

ComboFix-quarantined-files.txt  2011-07-11 16:16

.

Vor Suchlauf: 14 Verzeichnis(se), 223.065.432.064 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 223.208.775.680 Bytes frei

.

- - End Of File - - 1B71F173A4442D5FB04C09A4333B88AD

Code:

ComboFix 11-07-11.02 - Manuel 11.07.2011  20:41:41.2.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.4095.1930 [GMT 2:00]

ausgeführt von:: c:\users\Manuel\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-11 bis 2011-07-11  ))))))))))))))))))))))))))))))

.

.

2011-07-11 18:47 . 2011-07-11 18:47        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-07-11 16:50 . 2011-07-11 16:50        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Capcom

2011-07-11 16:49 . 2011-07-11 16:49        --------        d-----w-        c:\program files (x86)\DivX Pro VFW

2011-07-11 16:49 . 2007-11-29 21:30        3596288        ----a-w-        c:\windows\SysWow64\qt-dx331.dll

2011-07-08 17:01 . 2011-07-08 17:01        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Avira

2011-07-08 16:59 . 2011-07-08 16:58        123784        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-07-08 16:57 . 2011-07-08 16:58        88288        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-07-08 16:57 . 2011-07-08 16:57        --------        d-----w-        c:\program files (x86)\Avira

2011-07-04 18:23 . 2011-07-04 18:23        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Trillian

2011-07-04 18:22 . 2011-07-10 19:34        --------        d-----w-        c:\program files (x86)\Trillian

2011-07-03 17:59 . 2011-07-03 17:59        --------        d-----w-        c:\users\Manuel\AppData\Roaming\DeadMage

2011-07-01 16:06 . 2011-07-01 16:06        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-06-30 21:57 . 2011-07-02 15:09        --------        d-----w-        c:\users\Manuel\AppData\Local\Bit.Trip Beat

2011-06-30 21:05 . 2011-06-30 22:58        --------        d-----w-        c:\users\Manuel\AppData\Local\BIT.TRIP RUNNER

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Realtime Soft

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\program files (x86)\Common Files\Realtime Soft

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\programdata\Realtime Soft

2011-06-29 19:43 . 2011-06-29 19:43        --------        d-----w-        c:\program files\UltraMon

2011-06-25 13:57 . 2011-06-25 14:27        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Bitcoin

2011-06-24 14:44 . 2011-06-24 14:44        --------        d-----w-        c:\program files (x86)\Winamp Detect

2011-06-24 14:44 . 2011-07-08 17:28        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Winamp

2011-06-24 14:44 . 2011-06-24 14:46        --------        d-----w-        c:\program files (x86)\Winamp

2011-06-22 06:55 . 2011-06-22 06:55        --------        d-----w-        c:\programdata\ATI

2011-06-22 06:55 . 2011-06-22 06:55        --------        d-----w-        c:\program files (x86)\AMD APP

2011-06-19 09:07 . 2011-06-19 09:07        --------        d-----w-        c:\program files (x86)\Gamers.IRC

2011-06-18 15:35 . 2011-06-18 15:35        204288        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-06-16 21:18 . 2011-06-16 21:18        --------        d-----w-        c:\users\Manuel\AppData\Local\RiotStats

2011-06-15 13:26 . 2011-04-25 05:33        1923968        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-06-15 13:26 . 2011-04-25 02:34        499200        ----a-w-        c:\windows\system32\drivers\afd.sys

2011-06-15 13:26 . 2011-04-27 02:40        158208        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-06-15 13:26 . 2011-04-27 02:39        289280        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-06-15 13:26 . 2011-04-27 02:39        128000        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-06-15 13:25 . 2011-05-28 03:06        3135488        ----a-w-        c:\windows\system32\win32k.sys

2011-06-15 13:25 . 2011-04-29 03:06        467456        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-06-15 13:25 . 2011-04-29 03:05        410112        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-06-15 13:25 . 2011-04-29 03:05        168448        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-06-15 13:25 . 2011-02-25 06:22        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-06-15 13:25 . 2011-02-25 05:34        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-06-15 13:15 . 2011-06-15 13:15        --------        d-----w-        c:\program files (x86)\PDF Blender

2011-06-15 13:14 . 2011-05-03 05:29        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-06-15 13:14 . 2011-05-03 04:30        741376        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-06-11 22:12 . 2011-06-11 22:12        --------        d-----w-        c:\users\Manuel\AppData\Local\GamersFirst LIVE!

2011-06-11 22:11 . 2011-06-11 22:11        --------        d-----w-        c:\program files (x86)\GamersFirst

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 17:59 . 2010-08-15 09:39        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-07-03 17:59 . 2010-08-15 09:39        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2011-07-03 17:59 . 2010-08-15 09:39        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-07-03 17:59 . 2010-08-15 09:39        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2011-06-22 14:57 . 2011-05-18 06:14        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-18 15:36 . 2011-05-10 07:59        4017152        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-06-18 15:36 . 2010-07-07 01:15        40960        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-06-18 15:36 . 2010-05-27 16:35        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-06-18 15:36 . 2010-07-07 01:14        29184        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-06-18 15:36 . 2011-05-10 08:01        4330496        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-06-18 15:35 . 2011-05-10 08:01        4219904        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-06-18 15:35 . 2010-05-27 16:46        5008384        ----a-w-        c:\windows\system32\atidxx64.dll

2011-06-18 15:35 . 2011-05-10 08:00        31744        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-06-18 15:35 . 2011-05-10 08:00        688128        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-06-18 15:35 . 2010-05-27 17:02        811008        ----a-w-        c:\windows\system32\aticfx64.dll

2011-06-14 08:37 . 2010-08-14 07:23        281656        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-06-14 08:37 . 2010-08-14 06:56        281656        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-06-14 08:36 . 2010-08-14 06:56        281200        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2011-06-12 17:35 . 2010-08-14 06:56        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2011-05-24 21:44 . 2011-05-24 21:44        61952        ----a-w-        c:\windows\system32\OVDecode64.dll

2011-05-24 21:44 . 2011-05-24 21:44        59904        ----a-w-        c:\windows\SysWow64\OVDecode.dll

2011-05-24 21:44 . 2011-05-24 21:44        16672768        ----a-w-        c:\windows\system32\amdocl64.dll

2011-05-24 21:43 . 2011-05-24 21:43        12798976        ----a-w-        c:\windows\SysWow64\amdocl.dll

2011-05-09 22:00 . 2011-05-24 06:53        8718160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5E1925-4790-418D-8F2B-77543E2705F6}\mpengine.dll

2011-05-04 17:06 . 2009-08-18 10:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-05-04 17:06 . 2009-08-18 09:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-05-04 02:52 . 2010-08-14 13:23        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-04-22 22:15 . 2011-05-25 13:20        27520        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-04-19 20:10 . 2011-04-19 20:10        53760        ----a-w-        c:\windows\system32\OpenCL.dll

2011-04-19 20:10 . 2011-04-19 20:10        51712        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2011-04-14 10:43 . 2010-12-05 19:38        179616        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-07-11_16.13.52   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-12 00:44 . 2007-11-29 21:28        81920              c:\windows\SysWOW64\dpl100.dll

- 2009-07-14 04:54 . 2011-07-11 15:58        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-07-11 17:56        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-07-11 15:58        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-07-11 17:56        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-11 15:58        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-07-11 17:56        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:30 . 2011-07-11 18:40        86016              c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2011-07-08 16:59        86016              c:\windows\system32\DriverStore\infpub.dat

+ 2010-02-19 19:27 . 2007-12-04 00:33        682496              c:\windows\SysWOW64\divx.dll

+ 2009-07-14 05:30 . 2011-07-11 18:40        143360              c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-07-08 16:59        143360              c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-07-08 16:59        143360              c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2011-07-11 18:40        143360              c:\windows\system32\DriverStore\infstor.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-07-08 281768]

.

c:\users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-6-29 29310]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

.

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-07-08 340136]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-08 428200]

R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-08 136360]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 10:06        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355249871-177199204-160943406-1001Core.job

- c:\users\Manuel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-09 07:16]

.

2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355249871-177199204-160943406-1001UA.job

- c:\users\Manuel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-09 07:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]

"lxdxamon"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - c:\users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\jlrw6us6.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3355249871-177199204-160943406-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:52,4c,9a,16,ba,2c,32,90,1b,23,53,c3,e0,9d,07,15,6d,a7,12,83,7f,b8,21,

   7b,6c,ab,55,9e,23,e7,c0,1c,b2,65,3c,12,36,4a,5e,14,d9,ce,95,30,ca,9f,36,e7,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_USERS\S-1-5-21-3355249871-177199204-160943406-1001\Software\SecuROM\License information*]

"datasecu"=hex:88,d3,47,89,9f,8d,bf,76,c2,d8,1a,9c,ba,3f,7f,68,04,b6,bb,6c,6b,

   17,99,aa,76,4c,0e,d1,76,67,dc,9c,88,17,42,b7,96,83,7e,29,12,9e,64,1d,a1,13,\

"rkeysecu"=hex:3c,87,e3,c7,1d,46,be,2f,41,0b,21,31,f8,f2,85,f8

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-07-11  20:49:47

ComboFix-quarantined-files.txt  2011-07-11 18:49

.

Vor Suchlauf: 16 Verzeichnis(se), 223.837.286.400 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 223.832.981.504 Bytes frei

.

- - End Of File - - 8721BF01019E0391007F74648A61AD9C

Hier mit deinstallierter avira firewall und windows firewall ausgeschaltet