Trojaner-Board - Computer öffnet unaufgefordert Seiten und komischer Virus gefunden

Es hieß, man soll fragen wenn man etwas nicht versteht.
Report kommt sofort.

So hier der Bericht vom ComboFix.exe (er hat alles gemacht, dann sich selber neugestartet, habe keine Fehlermeldung bekommen): :eek:

[Code]
Combofix Logfile:

Code:

ComboFix 12-10-08.03 - Jonas 09/10/2012  12:19:58.2.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2580 [GMT 2:00]

ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-09 bis 2012-10-09  ))))))))))))))))))))))))))))))

.

.

2012-10-09 11:00 . 2012-10-09 11:00        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-10-09 11:00 . 2012-10-09 11:00        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-10-09 11:00 . 2012-10-09 11:00        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-10-09 10:27 . 2012-10-09 10:27        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E402D616-E512-41FC-9ED5-2009EF9A49B5}\offreg.dll

2012-10-09 08:06 . 2012-10-09 08:06        --------        d-----w-        c:\program files (x86)\Garmin GPS Plugin

2012-10-09 08:06 . 2012-10-09 08:06        --------        d-----w-        c:\program files\Garmin GPS Plugin

2012-10-09 08:06 . 2012-10-09 08:06        --------        d-----w-        c:\program files (x86)\Garmin

2012-10-09 08:05 . 2012-10-09 08:06        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Garmin

2012-10-08 20:49 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E402D616-E512-41FC-9ED5-2009EF9A49B5}\mpengine.dll

2012-10-07 20:05 . 2012-10-07 20:05        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Avira

2012-10-07 19:59 . 2012-09-24 07:58        27800        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-10-07 19:59 . 2012-09-13 13:52        99248        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-10-07 19:59 . 2012-09-13 13:52        129576        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-10-07 19:59 . 2012-10-07 19:59        --------        d-----w-        c:\programdata\Avira

2012-10-07 19:59 . 2012-10-07 19:59        --------        d-----w-        c:\program files (x86)\Avira

2012-10-06 19:42 . 2012-10-06 19:42        --------        d-----w-        c:\users\Jonas\AppData\Local\Logitech

2012-10-06 19:27 . 2012-10-06 19:27        --------        d-----w-        c:\program files\Common Files\Logitech

2012-10-06 19:27 . 2012-10-06 19:27        --------        d-----w-        c:\program files\Logitech

2012-10-06 18:09 . 2012-10-06 18:09        --------        d-----w-        c:\users\Jonas\AppData\Local\Bus Simulator 2012

2012-10-06 17:58 . 2012-10-06 17:58        --------        d-----w-        c:\program files (x86)\astragon

2012-10-06 14:00 . 2012-10-06 14:01        --------        d-----w-        c:\users\Jonas\AppData\Roaming\FreeVideoConverter

2012-10-06 14:00 . 2012-10-06 14:00        --------        d-----w-        c:\program files (x86)\Free Video Converter

2012-10-06 11:57 . 2012-10-06 12:01        --------        d-----w-        C:\NDSCreator

2012-10-05 12:25 . 2012-10-05 12:31        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Unity

2012-10-05 12:23 . 2012-10-05 12:25        --------        d-----w-        c:\programdata\PACE Anti-Piracy

2012-10-05 12:23 . 2012-10-05 12:25        --------        d-----w-        c:\users\Jonas\AppData\Roaming\PACE Anti-Piracy

2012-10-05 12:23 . 2012-10-05 12:23        --------        d-----w-        c:\users\Jonas\AppData\Local\PACE Anti-Piracy

2012-10-05 12:23 . 2012-10-05 12:23        --------        d-----w-        c:\program files (x86)\Common Files\PACE Anti-Piracy

2012-10-05 12:21 . 2012-10-05 12:25        --------        d-----w-        c:\users\Jonas\AppData\Local\Unity

2012-10-05 12:15 . 2012-10-05 12:21        --------        d-----w-        c:\program files (x86)\Unity

2012-10-04 17:54 . 2012-10-04 17:54        --------        d-----w-        c:\users\Jonas\AppData\Local\GameMaker8.1

2012-10-04 17:53 . 2012-10-04 17:53        --------        d-----w-        c:\users\Jonas\AppData\Local\YoYo_Games_Ltd

2012-10-04 17:39 . 2012-10-04 18:10        --------        d-----w-        c:\users\Jonas\AppData\Roaming\GameMaker

2012-10-04 17:39 . 2012-10-04 17:39        --------        d-----w-        c:\users\Jonas\GameMaker 8.1

2012-10-04 15:56 . 2012-10-04 15:56        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%

2012-10-04 15:44 . 2012-10-05 12:04        --------        d-----w-        C:\devkitPro

2012-10-04 15:13 . 2010-08-24 18:39        560128        ----a-w-        c:\windows\SysWow64\ScintillaNet.dll

2012-10-04 15:13 . 2010-08-24 18:39        560128        ----a-w-        c:\windows\ScintillaNet.dll

2012-10-04 15:13 . 2010-08-24 18:39        408576        ----a-w-        c:\windows\SysWow64\SciLexer.dll

2012-10-04 15:13 . 2010-08-24 18:39        408576        ----a-w-        c:\windows\SciLexer.dll

2012-10-04 15:13 . 2012-10-05 11:56        --------        d-----w-        c:\program files (x86)\DS Game Maker

2012-10-04 12:23 . 2012-10-04 12:23        --------        d-----w-        c:\users\Jonas\AppData\Local\European Bus Simulator 2012

2012-10-03 18:40 . 2012-10-03 18:40        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Sinvise Systems

2012-10-03 18:40 . 2012-10-03 18:40        --------        d-----w-        c:\program files (x86)\Sinvise Systems

2012-10-03 14:19 . 2012-10-03 14:19        --------        d-----w-        c:\users\Jonas\AppData\Local\DownTango

2012-10-03 14:19 . 2012-10-03 14:19        --------        d-----w-        c:\program files (x86)\Red Sky

2012-10-03 14:17 . 2012-10-03 14:17        --------        d-----w-        c:\programdata\Browser Manager

2012-10-03 13:13 . 2012-10-03 13:13        --------        d-----w-        c:\program files (x86)\N3V Games

2012-10-01 16:50 . 2012-10-01 16:50        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Fighters

2012-10-01 16:50 . 2012-10-01 16:50        --------        d-----w-        c:\programdata\Fighters

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-09-30 07:53 . 2012-09-30 07:53        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Satmap

2012-09-30 07:52 . 2012-09-30 07:52        --------        d-----w-        c:\users\Jonas\AppData\Local\Satmap_Systems_Ltd

2012-09-29 12:19 . 2012-09-29 12:19        --------        d-----w-        c:\users\Jonas\AppData\Roaming\SF Software

2012-09-29 12:19 . 2012-09-29 12:19        --------        d-----w-        c:\users\Jonas\AppData\Local\SF

2012-09-29 12:10 . 2012-09-29 12:20        --------        d-----w-        c:\programdata\SF

2012-09-29 11:57 . 2012-09-29 11:57        --------        d-----w-        c:\program files (x86)\Sigel

2012-09-26 13:55 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-26 13:54 . 2012-09-26 13:54        --------        d-----w-        c:\program files\iPod

2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\program files\iTunes

2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\program files (x86)\iTunes

2012-09-26 13:38 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe

2012-09-20 16:32 . 2012-09-20 16:32        --------        d-----w-        c:\users\Jonas\AppData\Roaming\PDAppFlex

2012-09-20 14:05 . 2012-09-20 14:55        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe

2012-09-18 18:58 . 2012-09-18 18:58        --------        d-----w-        c:\programdata\Synetic

2012-09-18 18:58 . 2012-09-18 18:58        --------        d-----w-        c:\users\Jonas\AppData\Roaming\ProtectDISC

2012-09-18 18:56 . 2012-09-18 18:56        --------        d--h--w-        c:\windows\msdownld.tmp

2012-09-17 11:48 . 2012-09-17 11:48        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-09-17 11:48 . 2012-09-17 11:48        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-17 11:48 . 2012-09-17 11:48        --------        d-----w-        c:\program files (x86)\Java

2012-09-15 20:26 . 2012-09-15 20:26        --------        d-----w-        c:\users\Jonas\AppData\Local\fontconfig

2012-09-15 20:26 . 2012-09-22 12:55        --------        d-----w-        c:\users\Jonas\.gimp-2.8

2012-09-15 20:26 . 2012-09-15 20:26        --------        d-----w-        c:\users\Jonas\AppData\Local\gegl-0.2

2012-09-15 20:25 . 2012-09-15 20:26        --------        d-----w-        c:\program files\GIMP 2

2012-09-14 15:07 . 2012-09-14 15:07        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-09-14 11:38 . 2012-09-14 11:39        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Steganos

2012-09-12 15:59 . 2012-09-12 16:06        --------        d-----w-        c:\program files (x86)\FIFA 12

2012-09-12 15:17 . 2012-09-12 15:17        --------        d-----w-        c:\users\Jonas\AppData\Local\CrashRpt

2012-09-12 14:01 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-09-12 14:01 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 14:01 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-09-12 14:01 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2012-09-12 14:01 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-09-12 14:01 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-09-12 14:01 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 16:30 . 2012-09-11 16:30        --------        d-----w-        c:\users\Jonas\AppData\Roaming\convert

2012-09-11 14:06 . 2012-09-11 14:06        --------        d-----w-        c:\program files (x86)\pazera-software

2012-09-10 18:48 . 2012-09-10 18:48        --------        d-----w-        c:\programdata\Pinnacle

2012-09-10 18:48 . 2012-09-10 18:48        --------        d-----w-        c:\users\Jonas\AppData\Local\Downloaded Installations

2012-09-09 17:29 . 2012-09-09 17:29        --------        d-----w-        c:\program files (x86)\MSXML 4.0

2012-09-09 17:29 . 2012-09-09 17:29        --------        d-----w-        c:\program files (x86)\Common Files\Microsoft Games

2012-09-09 17:00 . 2012-09-09 17:00        --------        d-----w-        c:\program files (x86)\Microsoft Games

2012-09-09 16:58 . 2012-09-09 16:58        --------        d-----w-        c:\program files (x86)\Common Files\InstallShield

2012-09-09 16:51 . 2012-09-09 16:51        --------        d--h--w-        c:\programdata\Common Files

2012-09-09 16:51 . 2012-08-17 04:41        126944        ----a-w-        c:\windows\system32\drivers\scdemu.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 08:26 . 2012-09-02 14:26        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2012-09-17 11:48 . 2012-06-23 18:50        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-09-17 11:48 . 2012-06-23 18:50        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-09-12 19:03 . 2012-06-23 20:03        64462936        ----a-w-        c:\windows\system32\MRT.exe

2012-08-30 13:22 . 2012-07-09 16:19        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-30 13:22 . 2012-07-09 16:19        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-29 23:15 . 2012-08-29 23:15        3782214        ----a-w-        C:\chatzum_nt.exe

2012-08-24 13:58 . 2012-06-13 18:27        405152        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll

2012-08-21 11:01 . 2012-06-13 18:22        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll

2012-08-21 11:01 . 2012-06-13 18:22        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll

2012-08-18 14:18 . 2012-08-18 14:18        2297552        ----a-w-        c:\windows\SysWow64\d3dx9_26.dll

2012-07-27 09:48 . 2011-03-28 16:36        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-18 18:15 . 2012-08-16 13:27        3148800        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-07 1353080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"GoogleChromeAutoLaunch_7F41DE71C33EFD8EC5D292FBB70B0F95"="c:\users\Jonas\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-04 1239064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]

.

c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

tbhcn.lnk - c:\users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-14 283200]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]

S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 13:22]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000Core.job

- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000UA.job

- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Free YouTube Download - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

AddRemove-loadtbs-3.0 - c:\users\Jonas\AppData\Roaming\loadtbs\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"=hex:51,66,7a,6c,4c,1d,38,12,80,ce,fc,

   db,28,81,a6,0a,f7,bb,51,d8,77,47,c7,66

"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,

   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53

"{00CBB66B-1D3B-46D3-9577-323A336ACB50}"=hex:51,66,7a,6c,4c,1d,38,12,05,b5,d8,

   04,09,53,bd,03,ea,61,71,7a,36,34,8f,44

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,38,12,35,11,28,

   92,13,c5,cc,0c,dc,be,a0,30,97,79,21,25

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,

   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:15,10,d4,ff,7d,9d,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-10-09  13:03:45

ComboFix-quarantined-files.txt  2012-10-09 11:03

ComboFix2.txt  2012-10-08 20:50

.

Vor Suchlauf: 38 Verzeichnis(se), 46.590.230.528 Bytes frei

Nach Suchlauf: 39 Verzeichnis(se), 46.145.179.648 Bytes frei

.

- - End Of File - - 473BD771290A7401AFB41FB9B41A6BFB

--- --- ---

Antwort zu Schritt 1: Wie gewünscht habe ich mich während der Arbeiten vom Laptop enfernt, gaube allerdings, das der PC sich nicht neugestartet hat. Naja, hier der Bericht:

Code:



Combofix Logfile:
 

        Code:


        
ComboFix 12-10-08.03 - Jonas 09/10/2012  13:55:12.3.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2371 [GMT 2:00]

ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Jonas\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-09 bis 2012-10-09  ))))))))))))))))))))))))))))))

.

.

2012-10-09 12:02 . 2012-10-09 12:02        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-10-09 12:02 . 2012-10-09 12:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-10-09 12:02 . 2012-10-09 12:02        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-10-09 10:27 . 2012-10-09 10:27        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E402D616-E512-41FC-9ED5-2009EF9A49B5}\offreg.dll

2012-10-09 08:06 . 2012-10-09 08:06        --------        d-----w-        c:\program files (x86)\Garmin GPS Plugin

2012-10-09 08:06 . 2012-10-09 08:06        --------        d-----w-        c:\program files\Garmin GPS Plugin

2012-10-09 08:06 . 2012-10-09 08:06        --------        d-----w-        c:\program files (x86)\Garmin

2012-10-09 08:05 . 2012-10-09 08:06        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Garmin

2012-10-08 20:49 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E402D616-E512-41FC-9ED5-2009EF9A49B5}\mpengine.dll

2012-10-07 20:05 . 2012-10-07 20:05        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Avira

2012-10-07 19:59 . 2012-09-24 07:58        27800        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-10-07 19:59 . 2012-09-13 13:52        99248        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-10-07 19:59 . 2012-09-13 13:52        129576        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-10-07 19:59 . 2012-10-07 19:59        --------        d-----w-        c:\programdata\Avira

2012-10-07 19:59 . 2012-10-07 19:59        --------        d-----w-        c:\program files (x86)\Avira

2012-10-06 19:42 . 2012-10-06 19:42        --------        d-----w-        c:\users\Jonas\AppData\Local\Logitech

2012-10-06 19:27 . 2012-10-06 19:27        --------        d-----w-        c:\program files\Common Files\Logitech

2012-10-06 19:27 . 2012-10-06 19:27        --------        d-----w-        c:\program files\Logitech

2012-10-06 18:09 . 2012-10-06 18:09        --------        d-----w-        c:\users\Jonas\AppData\Local\Bus Simulator 2012

2012-10-06 17:58 . 2012-10-06 17:58        --------        d-----w-        c:\program files (x86)\astragon

2012-10-06 14:00 . 2012-10-06 14:01        --------        d-----w-        c:\users\Jonas\AppData\Roaming\FreeVideoConverter

2012-10-06 14:00 . 2012-10-06 14:00        --------        d-----w-        c:\program files (x86)\Free Video Converter

2012-10-06 11:57 . 2012-10-06 12:01        --------        d-----w-        C:\NDSCreator

2012-10-05 12:25 . 2012-10-05 12:31        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Unity

2012-10-05 12:23 . 2012-10-05 12:25        --------        d-----w-        c:\programdata\PACE Anti-Piracy

2012-10-05 12:23 . 2012-10-05 12:25        --------        d-----w-        c:\users\Jonas\AppData\Roaming\PACE Anti-Piracy

2012-10-05 12:23 . 2012-10-05 12:23        --------        d-----w-        c:\users\Jonas\AppData\Local\PACE Anti-Piracy

2012-10-05 12:23 . 2012-10-05 12:23        --------        d-----w-        c:\program files (x86)\Common Files\PACE Anti-Piracy

2012-10-05 12:21 . 2012-10-05 12:25        --------        d-----w-        c:\users\Jonas\AppData\Local\Unity

2012-10-05 12:15 . 2012-10-05 12:21        --------        d-----w-        c:\program files (x86)\Unity

2012-10-04 17:54 . 2012-10-04 17:54        --------        d-----w-        c:\users\Jonas\AppData\Local\GameMaker8.1

2012-10-04 17:53 . 2012-10-04 17:53        --------        d-----w-        c:\users\Jonas\AppData\Local\YoYo_Games_Ltd

2012-10-04 17:39 . 2012-10-04 18:10        --------        d-----w-        c:\users\Jonas\AppData\Roaming\GameMaker

2012-10-04 17:39 . 2012-10-04 17:39        --------        d-----w-        c:\users\Jonas\GameMaker 8.1

2012-10-04 15:56 . 2012-10-04 15:56        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%

2012-10-04 15:44 . 2012-10-05 12:04        --------        d-----w-        C:\devkitPro

2012-10-04 15:13 . 2010-08-24 18:39        560128        ----a-w-        c:\windows\SysWow64\ScintillaNet.dll

2012-10-04 15:13 . 2010-08-24 18:39        560128        ----a-w-        c:\windows\ScintillaNet.dll

2012-10-04 15:13 . 2010-08-24 18:39        408576        ----a-w-        c:\windows\SysWow64\SciLexer.dll

2012-10-04 15:13 . 2010-08-24 18:39        408576        ----a-w-        c:\windows\SciLexer.dll

2012-10-04 15:13 . 2012-10-05 11:56        --------        d-----w-        c:\program files (x86)\DS Game Maker

2012-10-04 12:23 . 2012-10-04 12:23        --------        d-----w-        c:\users\Jonas\AppData\Local\European Bus Simulator 2012

2012-10-03 18:40 . 2012-10-03 18:40        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Sinvise Systems

2012-10-03 18:40 . 2012-10-03 18:40        --------        d-----w-        c:\program files (x86)\Sinvise Systems

2012-10-03 14:19 . 2012-10-03 14:19        --------        d-----w-        c:\users\Jonas\AppData\Local\DownTango

2012-10-03 14:19 . 2012-10-03 14:19        --------        d-----w-        c:\program files (x86)\Red Sky

2012-10-03 14:17 . 2012-10-03 14:17        --------        d-----w-        c:\programdata\Browser Manager

2012-10-03 13:13 . 2012-10-03 13:13        --------        d-----w-        c:\program files (x86)\N3V Games

2012-10-01 16:50 . 2012-10-01 16:50        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Fighters

2012-10-01 16:50 . 2012-10-01 16:50        --------        d-----w-        c:\programdata\Fighters

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-09-30 07:53 . 2012-09-30 07:53        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Satmap

2012-09-30 07:52 . 2012-09-30 07:52        --------        d-----w-        c:\users\Jonas\AppData\Local\Satmap_Systems_Ltd

2012-09-29 12:19 . 2012-09-29 12:19        --------        d-----w-        c:\users\Jonas\AppData\Roaming\SF Software

2012-09-29 12:19 . 2012-09-29 12:19        --------        d-----w-        c:\users\Jonas\AppData\Local\SF

2012-09-29 12:10 . 2012-09-29 12:20        --------        d-----w-        c:\programdata\SF

2012-09-29 11:57 . 2012-09-29 11:57        --------        d-----w-        c:\program files (x86)\Sigel

2012-09-26 13:55 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-26 13:54 . 2012-09-26 13:54        --------        d-----w-        c:\program files\iPod

2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\program files\iTunes

2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\program files (x86)\iTunes

2012-09-26 13:38 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe

2012-09-20 16:32 . 2012-09-20 16:32        --------        d-----w-        c:\users\Jonas\AppData\Roaming\PDAppFlex

2012-09-20 14:05 . 2012-09-20 14:55        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe

2012-09-18 18:58 . 2012-09-18 18:58        --------        d-----w-        c:\programdata\Synetic

2012-09-18 18:58 . 2012-09-18 18:58        --------        d-----w-        c:\users\Jonas\AppData\Roaming\ProtectDISC

2012-09-18 18:56 . 2012-09-18 18:56        --------        d--h--w-        c:\windows\msdownld.tmp

2012-09-17 11:48 . 2012-09-17 11:48        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-09-17 11:48 . 2012-09-17 11:48        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-17 11:48 . 2012-09-17 11:48        --------        d-----w-        c:\program files (x86)\Java

2012-09-15 20:26 . 2012-09-15 20:26        --------        d-----w-        c:\users\Jonas\AppData\Local\fontconfig

2012-09-15 20:26 . 2012-09-22 12:55        --------        d-----w-        c:\users\Jonas\.gimp-2.8

2012-09-15 20:26 . 2012-09-15 20:26        --------        d-----w-        c:\users\Jonas\AppData\Local\gegl-0.2

2012-09-15 20:25 . 2012-09-15 20:26        --------        d-----w-        c:\program files\GIMP 2

2012-09-14 15:07 . 2012-09-14 15:07        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-09-14 11:38 . 2012-09-14 11:39        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Steganos

2012-09-12 15:59 . 2012-09-12 16:06        --------        d-----w-        c:\program files (x86)\FIFA 12

2012-09-12 15:17 . 2012-09-12 15:17        --------        d-----w-        c:\users\Jonas\AppData\Local\CrashRpt

2012-09-12 14:01 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-09-12 14:01 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 14:01 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-09-12 14:01 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2012-09-12 14:01 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-09-12 14:01 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-09-12 14:01 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 16:30 . 2012-09-11 16:30        --------        d-----w-        c:\users\Jonas\AppData\Roaming\convert

2012-09-11 14:06 . 2012-09-11 14:06        --------        d-----w-        c:\program files (x86)\pazera-software

2012-09-10 18:48 . 2012-09-10 18:48        --------        d-----w-        c:\programdata\Pinnacle

2012-09-10 18:48 . 2012-09-10 18:48        --------        d-----w-        c:\users\Jonas\AppData\Local\Downloaded Installations

2012-09-09 17:29 . 2012-09-09 17:29        --------        d-----w-        c:\program files (x86)\MSXML 4.0

2012-09-09 17:29 . 2012-09-09 17:29        --------        d-----w-        c:\program files (x86)\Common Files\Microsoft Games

2012-09-09 17:00 . 2012-09-09 17:00        --------        d-----w-        c:\program files (x86)\Microsoft Games

2012-09-09 16:58 . 2012-09-09 16:58        --------        d-----w-        c:\program files (x86)\Common Files\InstallShield

2012-09-09 16:51 . 2012-09-09 16:51        --------        d--h--w-        c:\programdata\Common Files

2012-09-09 16:51 . 2012-08-17 04:41        126944        ----a-w-        c:\windows\system32\drivers\scdemu.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 08:26 . 2012-09-02 14:26        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2012-09-17 11:48 . 2012-06-23 18:50        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-09-17 11:48 . 2012-06-23 18:50        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-09-12 19:03 . 2012-06-23 20:03        64462936        ----a-w-        c:\windows\system32\MRT.exe

2012-08-30 13:22 . 2012-07-09 16:19        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-30 13:22 . 2012-07-09 16:19        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-29 23:15 . 2012-08-29 23:15        3782214        ----a-w-        C:\chatzum_nt.exe

2012-08-24 13:58 . 2012-06-13 18:27        405152        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll

2012-08-21 11:01 . 2012-06-13 18:22        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll

2012-08-21 11:01 . 2012-06-13 18:22        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll

2012-08-18 14:18 . 2012-08-18 14:18        2297552        ----a-w-        c:\windows\SysWow64\d3dx9_26.dll

2012-07-27 09:48 . 2011-03-28 16:36        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-18 18:15 . 2012-08-16 13:27        3148800        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-07 1353080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"GoogleChromeAutoLaunch_7F41DE71C33EFD8EC5D292FBB70B0F95"="c:\users\Jonas\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-04 1239064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]

.

c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

tbhcn.lnk - c:\users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-14 283200]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]

S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 13:22]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000Core.job

- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000UA.job

- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Free YouTube Download - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

AddRemove-loadtbs-3.0 - c:\users\Jonas\AppData\Roaming\loadtbs\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"=hex:51,66,7a,6c,4c,1d,38,12,80,ce,fc,

   db,28,81,a6,0a,f7,bb,51,d8,77,47,c7,66

"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,

   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53

"{00CBB66B-1D3B-46D3-9577-323A336ACB50}"=hex:51,66,7a,6c,4c,1d,38,12,05,b5,d8,

   04,09,53,bd,03,ea,61,71,7a,36,34,8f,44

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,38,12,35,11,28,

   92,13,c5,cc,0c,dc,be,a0,30,97,79,21,25

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,

   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:15,10,d4,ff,7d,9d,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-10-09  14:05:01

ComboFix-quarantined-files.txt  2012-10-09 12:05

ComboFix2.txt  2012-10-09 11:03

ComboFix3.txt  2012-10-08 20:50

.

Vor Suchlauf: 38 Verzeichnis(se), 40.138.493.952 Bytes frei

Nach Suchlauf: 39 Verzeichnis(se), 40.071.909.376 Bytes frei

.

- - End Of File - - C732FE995AD36F11362A4CCFED6DACC3

 
--- --- ---

Sooo .... es wurde bei dem Programm aus Schritt 2 eine infizierte Datei gefunden ... war aber nicht die, die Avira immer meldete. Egal, hier der Bericht:

Code:



Malwarebytes Anti-Malware (Test) 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.10.09.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jonas :: JONAS-PC [Administrator]
 

Schutz: Aktiviert
 

09/10/2012 14:13:59

mbam-log-2012-10-09 (14-13-59).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 232045

Laufzeit: 2 Minute(n), 48 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)