Trojaner-Board - Windows gesperrt

Combofix Logfile:
Code:
ComboFix 12-02-17.02 - Frösty 19.02.2012  16:46:18.1.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.12279.9285 [GMT 1:00]

ausgeführt von:: c:\users\Frösty\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\mp3\Incubus - A crow Left of The Murder\track\INCUBUS A Crow Left of the Murder track\_desktop.ini

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-19 bis 2012-02-19  ))))))))))))))))))))))))))))))

.

.

2012-02-19 15:55 . 2012-02-19 15:55        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-19 15:43 . 2012-02-19 15:43        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{387FDC91-B4F0-46DE-B10A-24C2D0BB08B2}\offreg.dll

2012-02-19 15:20 . 2012-02-19 15:36        --------        d-----w-        C:\_OTL

2012-02-19 12:53 . 2012-02-19 12:53        --------        d-----w-        c:\users\Public\Roaming

2012-02-19 09:57 . 2012-02-19 09:58        --------        d-----w-        c:\users\Frösty\AppData\Local\{86E2E20F-62A8-4A81-8427-8DA769760064}

2012-02-19 09:57 . 2012-02-19 09:57        --------        d-----w-        c:\users\Frösty\AppData\Local\{2BE6ECEC-D042-49D9-AF56-1587ECD81AE1}

2012-02-18 16:49 . 2012-02-18 17:06        --------        d-----w-        c:\users\Frösty\AppData\Roaming\Download Manager

2012-02-18 15:22 . 2012-02-18 15:22        --------        d-----w-        c:\users\Frösty\AppData\Local\{D5FAF84B-E6CD-4A0D-AE2B-15E39EAB1901}

2012-02-18 15:22 . 2012-02-18 15:22        --------        d-----w-        c:\users\Frösty\AppData\Local\{402E9578-5691-4110-875E-110C0471811A}

2012-02-17 16:12 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{387FDC91-B4F0-46DE-B10A-24C2D0BB08B2}\mpengine.dll

2012-02-17 16:08 . 2012-02-17 16:08        --------        d-----w-        c:\users\Frösty\AppData\Local\{BF8D1C02-F04B-4A88-80E6-983587F5781F}

2012-02-17 16:08 . 2012-02-17 16:08        --------        d-----w-        c:\users\Frösty\AppData\Local\{51EFD717-6351-414A-90F8-C1FC1BB5F6B5}

2012-02-16 16:35 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-16 16:35 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2012-02-16 16:35 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-16 16:35 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl

2012-02-16 16:35 . 2012-01-14 04:06        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-02-16 16:35 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-02-16 16:35 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-16 16:35 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll

2012-02-16 16:22 . 2012-02-16 16:22        --------        d-----w-        c:\users\Frösty\AppData\Local\{39CD019C-7795-40ED-BCB5-0DDAA1238532}

2012-02-16 16:21 . 2012-02-16 16:22        --------        d-----w-        c:\users\Frösty\AppData\Local\{5847ED29-A5A8-4AC7-A9B0-0D2D7936C220}

2012-02-15 15:24 . 2012-02-15 15:24        --------        d-----w-        c:\users\Frösty\AppData\Local\{EF86628F-9242-4839-B66E-14FEA7114158}

2012-02-15 15:23 . 2012-02-15 15:24        --------        d-----w-        c:\users\Frösty\AppData\Local\{3C45E9E1-F6CD-4BF2-BDD0-7276CC6E666C}

2012-02-14 21:14 . 2012-02-14 22:06        --------        d-----w-        c:\programdata\ASUS OC Profiles

2012-02-14 21:13 . 2010-04-22 18:20        13440        ----a-w-        c:\windows\SysWow64\drivers\AsIO.sys

2012-02-14 21:13 . 2009-09-30 10:33        24576        ----a-w-        c:\windows\SysWow64\AsIO.dll

2012-02-14 21:13 . 2012-02-14 21:13        --------        d-----w-        c:\program files (x86)\ASUS

2012-02-14 21:13 . 2008-01-04 12:34        11832        ----a-w-        c:\windows\SysWow64\drivers\AsInsHelp64.sys

2012-02-14 21:13 . 2008-01-04 12:34        10216        ----a-w-        c:\windows\SysWow64\drivers\AsInsHelp32.sys

2012-02-14 21:12 . 2009-07-16 10:38        15416        ----a-w-        c:\windows\system32\drivers\ASACPI.sys

2012-02-14 16:06 . 2012-02-14 16:06        --------        d-----w-        c:\users\Frösty\AppData\Local\{B723C52C-022C-4E86-92F8-B42FA9146BC4}

2012-02-14 16:05 . 2012-02-14 16:05        --------        d-----w-        c:\users\Frösty\AppData\Local\{36C5477C-B84F-4A72-B3EC-DCF350CCA2CB}

2012-02-13 17:13 . 2012-02-13 17:13        --------        d-----w-        c:\users\Frösty\AppData\Local\{FEA4FB18-9630-4483-BC7C-516EB9BB330D}

2012-02-13 17:12 . 2012-02-13 17:13        --------        d-----w-        c:\users\Frösty\AppData\Local\{354B0A13-B75B-4D2F-8D89-C6B4D596FE8E}

2012-02-12 22:43 . 2012-02-12 22:43        --------        d-----w-        c:\users\Frösty\AppData\Local\{898118F1-4404-43DE-B26E-FF55D4DC2486}

2012-02-12 22:42 . 2012-02-12 22:42        --------        d-----w-        c:\users\Frösty\AppData\Local\{E5823AD6-FD0E-42F0-91A0-8BBF6459518D}

2012-02-04 10:21 . 2012-02-04 10:22        --------        d-----w-        c:\users\Frösty\AppData\Local\{585E9DAA-7233-43CC-8D21-C81549DA7FD2}

2012-02-04 10:21 . 2012-02-04 10:21        --------        d-----w-        c:\users\Frösty\AppData\Local\{DAD83C2B-A4BF-4F72-8A63-CF1F0FE95F49}

2012-02-02 19:10 . 2012-02-02 19:10        --------        d-----w-        c:\users\Frösty\AppData\Local\{88901DE3-F021-4542-9AE2-47FC9D721F48}

2012-02-02 19:10 . 2012-02-02 19:10        --------        d-----w-        c:\users\Frösty\AppData\Local\{C3307914-E76E-4C24-B59C-F0DB550C05AB}

2012-01-31 16:52 . 2012-01-31 16:52        --------        d-----w-        c:\users\Frösty\AppData\Local\{7D4484C3-8CD4-4CCD-8562-62B9806D2E6E}

2012-01-31 16:51 . 2012-01-31 16:52        --------        d-----w-        c:\users\Frösty\AppData\Local\{85239B86-0E06-4FBC-B775-E6801FEFD99B}

2012-01-30 18:39 . 2012-01-30 18:39        --------        d-----w-        c:\program files\iPod

2012-01-30 18:39 . 2012-01-30 18:40        --------        d-----w-        c:\program files\iTunes

2012-01-30 16:13 . 2012-01-30 16:13        --------        d-----w-        c:\programdata\ATI

2012-01-30 16:12 . 2012-01-30 16:12        --------        d-----w-        c:\program files (x86)\AMD APP

2012-01-30 16:08 . 2012-01-30 16:08        --------        d-----w-        C:\AMD

2012-01-30 15:59 . 2012-01-30 16:00        --------        d-----w-        c:\users\Frösty\AppData\Local\{F6E29CE0-9F41-4A05-A1EC-80D6E6F53FAD}

2012-01-30 15:59 . 2012-01-30 15:59        --------        d-----w-        c:\users\Frösty\AppData\Local\{49108276-277D-4192-8878-FE3696D087DB}

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-15 22:08 . 2010-05-22 23:51        282864        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2012-02-15 22:08 . 2010-05-12 22:06        282864        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2012-02-15 22:07 . 2010-05-22 23:51        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2012-02-14 22:33 . 2010-05-12 21:50        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2012-01-29 04:10 . 2010-05-11 20:48        279656        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-06 03:45 . 2011-12-06 03:45        10720256        ----a-w-        c:\windows\system32\drivers\atikmdag.sys

2011-12-06 03:18 . 2011-12-06 03:18        25371136        ----a-w-        c:\windows\system32\atio6axx.dll

2011-12-06 03:17 . 2011-12-06 03:17        159744        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-12-06 03:17 . 2010-04-07 02:16        778752        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-12-06 03:16 . 2010-04-07 02:15        933888        ----a-w-        c:\windows\system32\aticfx64.dll

2011-12-06 03:12 . 2011-12-06 03:12        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-12-06 03:12 . 2011-12-06 03:12        494080        ----a-w-        c:\windows\system32\atieclxx.exe

2011-12-06 03:11 . 2011-12-06 03:11        235520        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-12-06 03:10 . 2011-12-06 03:10        120320        ----a-w-        c:\windows\system32\atitmm64.dll

2011-12-06 03:10 . 2011-12-06 03:10        423424        ----a-w-        c:\windows\system32\atipdl64.dll

2011-12-06 03:10 . 2011-12-06 03:10        360448        ----a-w-        c:\windows\SysWow64\atipdlxx.dll

2011-12-06 03:10 . 2011-12-06 03:10        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll

2011-12-06 03:09 . 2011-12-06 03:09        21504        ----a-w-        c:\windows\system32\atimuixx.dll

2011-12-06 03:09 . 2011-12-06 03:09        59392        ----a-w-        c:\windows\system32\atiedu64.dll

2011-12-06 03:09 . 2011-12-06 03:09        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll

2011-12-06 03:06 . 2010-04-07 02:06        6159872        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-12-06 02:56 . 2011-12-06 02:56        19125760        ----a-w-        c:\windows\SysWow64\atioglxx.dll

2011-12-06 02:51 . 2009-07-13 21:59        7520768        ----a-w-        c:\windows\system32\atidxx64.dll

2011-12-06 02:39 . 2011-12-06 02:39        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll

2011-12-06 02:39 . 2011-12-06 02:39        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll

2011-12-06 02:39 . 2011-12-06 02:39        4072960        ----a-w-        c:\windows\system32\atiumd6a.dll

2011-12-06 02:34 . 2011-12-06 02:34        51200        ----a-w-        c:\windows\system32\aticalrt64.dll

2011-12-06 02:34 . 2011-12-06 02:34        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll

2011-12-06 02:34 . 2011-12-06 02:34        44544        ----a-w-        c:\windows\system32\aticalcl64.dll

2011-12-06 02:34 . 2011-12-06 02:34        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll

2011-12-06 02:34 . 2011-12-06 02:34        13738496        ----a-w-        c:\windows\system32\aticaldd64.dll

2011-12-06 02:33 . 2009-08-18 00:20        5919232        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-12-06 02:29 . 2011-12-06 02:29        11484672        ----a-w-        c:\windows\SysWow64\aticaldd.dll

2011-12-06 02:28 . 2009-08-18 00:05        4206592        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-12-06 02:24 . 2011-12-06 02:24        7511040        ----a-w-        c:\windows\system32\atiumd64.dll

2011-12-06 02:18 . 2010-04-07 01:46        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-12-06 02:13 . 2011-12-06 02:13        509952        ----a-w-        c:\windows\system32\atiadlxx.dll

2011-12-06 02:12 . 2011-12-06 02:12        356352        ----a-w-        c:\windows\SysWow64\atiadlxy.dll

2011-12-06 02:12 . 2011-12-06 02:12        17408        ----a-w-        c:\windows\system32\atig6pxx.dll

2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\SysWow64\atiglpxx.dll

2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\system32\atiglpxx.dll

2011-12-06 02:12 . 2011-12-06 02:12        39936        ----a-w-        c:\windows\system32\atig6txx.dll

2011-12-06 02:12 . 2011-12-06 02:12        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll

2011-12-06 02:12 . 2011-12-06 02:12        327168        ----a-w-        c:\windows\system32\drivers\atikmpag.sys

2011-12-06 02:11 . 2010-04-07 01:22        42496        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-12-06 02:11 . 2010-04-07 01:22        33280        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-12-06 02:11 . 2011-12-06 02:11        39936        ----a-w-        c:\windows\system32\atiu9p64.dll

2011-12-06 02:11 . 2010-04-07 01:22        29696        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-12-06 02:10 . 2011-12-06 02:10        54784        ----a-w-        c:\windows\system32\atimpc64.dll

2011-12-06 02:10 . 2011-12-06 02:10        54784        ----a-w-        c:\windows\system32\amdpcom64.dll

2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll

2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll

2011-12-06 02:10 . 2011-12-06 02:10        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-12-05 21:04 . 2011-12-05 21:04        69632        ----a-w-        c:\windows\system32\OpenVideo64.dll

2011-12-05 21:04 . 2011-12-05 21:04        59904        ----a-w-        c:\windows\SysWow64\OpenVideo.dll

2011-12-05 21:03 . 2011-12-05 21:03        61952        ----a-w-        c:\windows\system32\OVDecode64.dll

2011-12-05 21:03 . 2011-12-05 21:03        54784        ----a-w-        c:\windows\SysWow64\OVDecode.dll

2011-12-05 21:03 . 2011-12-05 21:03        17580544        ----a-w-        c:\windows\system32\amdocl64.dll

2011-12-05 21:03 . 2011-12-05 21:03        14499328        ----a-w-        c:\windows\SysWow64\amdocl.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]

"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"SAFE12 HotKeys"="c:\program files (x86)\Steganos Safe 12\SteganosHotKeyService.exe" [2010-10-15 83456]

"SAFE12 File Redirection Starter"="c:\program files (x86)\Steganos Safe 12\fredirstarter.exe" [2010-10-15 17408]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2011-02-18 1666560]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-12-16 220744]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-10 110592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]

R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]

R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]

R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2010-02-17 12:21 108256]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 23:41]

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 23:41]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-04-28 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Free YouTube to Mp3 Converter - c:\users\Frösty\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Frösty\AppData\Roaming\Mozilla\Firefox\Profiles\a0lmhczc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=

.

.

------- Dateityp-Verknüpfung -------

.

.txt=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-Spotify - c:\users\Frösty\AppData\Roaming\Spotify\Spotify.exe

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1674649092-1940377548-3848722654-1001\Software\SecuROM\License information*]

"datasecu"=hex:63,f1,bc,e7,10,9c,03,d2,28,4f,90,d2,9d,2f,09,d1,68,eb,e6,47,2a,

   79,5e,d3,01,7b,30,29,28,c9,0b,5e,be,27,84,1b,67,30,4a,35,c2,75,c1,3d,51,12,\

"rkeysecu"=hex:56,55,55,4c,b2,13,e3,88,8f,07,a7,a2,4e,df,22,66

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-02-19  16:56:37

ComboFix-quarantined-files.txt  2012-02-19 15:56

.

Vor Suchlauf: 20 Verzeichnis(se), 587.158.626.304 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 586.641.960.960 Bytes frei

.

- - End Of File - - 6FB8AFF53726C1A277599903572CA567
--- --- ---