Trojaner-Board - Computer gesperrt

Combofix Logfile:
Code:
ComboFix 13-08-05.01 - Paul 05.08.2013  13:42:38.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8176.6333 [GMT 2:00]

ausgeführt von:: c:\users\Paul\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Paul\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-07-05 bis 2013-08-05  ))))))))))))))))))))))))))))))

.

.

2013-08-05 11:54 . 2013-08-05 11:54        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-08-05 11:54 . 2013-08-05 11:54        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-08-02 09:44 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{37FB4070-7148-4526-BBF2-5249C5B3C846}\mpengine.dll

2013-07-31 10:36 . 2013-08-05 11:34        --------        d-----w-        c:\program files (x86)\Steam

2013-07-30 09:26 . 2013-07-30 09:26        --------        d-----w-        c:\users\Paul\AppData\Local\Spotify

2013-07-24 21:03 . 2013-07-29 11:47        --------        d-----w-        c:\windows\system32\MRT

2013-07-23 12:47 . 2013-07-30 11:58        --------        d-----w-        c:\program files (x86)\DevPro

2013-07-23 12:22 . 2013-07-23 12:22        --------        d-----w-        c:\programdata\BrowserDefender

2013-07-23 12:18 . 2013-07-30 18:00        --------        d-----w-        c:\users\Paul\AppData\Roaming\Muus

2013-07-23 12:18 . 2013-07-23 12:18        --------        d-----w-        c:\users\Paul\AppData\Roaming\Ekit

2013-07-21 19:29 . 2013-07-21 19:29        --------        d-s---w-        c:\windows\SysWow64\Microsoft

2013-07-21 10:59 . 2013-07-21 10:59        --------        d-----w-        C:\found.001

2013-07-16 09:50 . 2013-07-16 09:50        --------        d-----w-        C:\found.000

2013-07-11 19:06 . 2013-07-11 19:14        --------        d-----w-        c:\users\Paul\AppData\Roaming\PhotoScape

2013-07-11 19:06 . 2013-07-30 09:21        --------        d-----w-        c:\users\Paul\AppData\Local\Pokki

2013-07-11 19:05 . 2013-07-11 19:06        --------        d-----w-        c:\program files (x86)\PhotoScape

2013-07-10 17:05 . 2013-05-27 05:50        1011712        ----a-w-        c:\program files\Windows Defender\MpSvc.dll

2013-07-08 16:46 . 2013-07-30 09:23        --------        d-----w-        c:\program files (x86)\Common Files\BioWare

2013-07-08 16:46 . 2013-07-30 09:18        --------        d-----w-        c:\program files (x86)\Electronic Arts

2013-07-08 16:45 . 2013-07-08 16:45        --------        d-----w-        c:\users\hedev

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-12 11:48 . 2012-10-12 19:57        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-12 11:48 . 2012-10-12 19:57        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-10 22:46 . 2012-08-28 12:00        78185248        ----a-w-        c:\windows\system32\MRT.exe

2013-07-08 14:47 . 2012-09-04 21:21        282104        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-07-08 14:47 . 2012-09-04 21:05        282104        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-07-08 14:46 . 2012-09-04 21:05        234768        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-07-07 20:03 . 2012-09-04 21:05        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2013-07-01 17:08 . 2013-05-10 17:44        83672        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-05-20 20:34 . 2013-05-20 20:34        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-20 20:34 . 2013-05-20 20:34        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2013-05-20 20:34 . 2013-05-20 20:34        81408        ----a-w-        c:\windows\system32\icardie.dll

2013-05-20 20:34 . 2013-05-20 20:34        762368        ----a-w-        c:\windows\system32\ieapfltr.dll

2013-05-20 20:34 . 2013-05-20 20:34        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-20 20:34 . 2013-05-20 20:34        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2013-05-20 20:34 . 2013-05-20 20:34        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx

2013-05-20 20:34 . 2013-05-20 20:34        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll

2013-05-20 20:34 . 2013-05-20 20:34        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2013-05-20 20:34 . 2013-05-20 20:34        452096        ----a-w-        c:\windows\system32\dxtmsft.dll

2013-05-20 20:34 . 2013-05-20 20:34        441856        ----a-w-        c:\windows\system32\html.iec

2013-05-20 20:34 . 2013-05-20 20:34        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll

2013-05-20 20:34 . 2013-05-20 20:34        361984        ----a-w-        c:\windows\SysWow64\html.iec

2013-05-20 20:34 . 2013-05-20 20:34        281600        ----a-w-        c:\windows\system32\dxtrans.dll

2013-05-20 20:34 . 2013-05-20 20:34        235008        ----a-w-        c:\windows\system32\url.dll

2013-05-20 20:34 . 2013-05-20 20:34        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2013-05-20 20:34 . 2013-05-20 20:34        226304        ----a-w-        c:\windows\system32\elshyph.dll

2013-05-20 20:34 . 2013-05-20 20:34        216064        ----a-w-        c:\windows\system32\msls31.dll

2013-05-20 20:34 . 2013-05-20 20:34        197120        ----a-w-        c:\windows\system32\msrating.dll

2013-05-20 20:34 . 2013-05-20 20:34        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll

2013-05-20 20:34 . 2013-05-20 20:34        158720        ----a-w-        c:\windows\SysWow64\msls31.dll

2013-05-20 20:34 . 2013-05-20 20:34        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2013-05-20 20:34 . 2013-05-20 20:34        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2013-05-20 20:34 . 2013-05-20 20:34        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat

2013-05-20 20:34 . 2013-05-20 20:34        138752        ----a-w-        c:\windows\SysWow64\wextract.exe

2013-05-20 20:34 . 2013-05-20 20:34        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2013-05-20 20:34 . 2013-05-20 20:34        12800        ----a-w-        c:\windows\SysWow64\mshta.exe

2013-05-20 20:34 . 2013-05-20 20:34        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2013-05-20 20:34 . 2013-05-20 20:34        97280        ----a-w-        c:\windows\system32\mshtmled.dll

2013-05-20 20:34 . 2013-05-20 20:34        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-05-20 20:34 . 2013-05-20 20:34        77312        ----a-w-        c:\windows\system32\tdc.ocx

2013-05-20 20:34 . 2013-05-20 20:34        62976        ----a-w-        c:\windows\system32\pngfilt.dll

2013-05-20 20:34 . 2013-05-20 20:34        599552        ----a-w-        c:\windows\system32\vbscript.dll

2013-05-20 20:34 . 2013-05-20 20:34        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll

2013-05-20 20:34 . 2013-05-20 20:34        51200        ----a-w-        c:\windows\system32\imgutil.dll

2013-05-20 20:34 . 2013-05-20 20:34        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-05-20 20:34 . 2013-05-20 20:34        27648        ----a-w-        c:\windows\system32\licmgr10.dll

2013-05-20 20:34 . 2013-05-20 20:34        270848        ----a-w-        c:\windows\system32\iedkcs32.dll

2013-05-20 20:34 . 2013-05-20 20:34        247296        ----a-w-        c:\windows\system32\webcheck.dll

2013-05-20 20:34 . 2013-05-20 20:34        173568        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-05-20 20:34 . 2013-05-20 20:34        167424        ----a-w-        c:\windows\system32\iexpress.exe

2013-05-20 20:34 . 2013-05-20 20:34        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-05-20 20:34 . 2013-05-20 20:34        149504        ----a-w-        c:\windows\system32\occache.dll

2013-05-20 20:34 . 2013-05-20 20:34        144896        ----a-w-        c:\windows\system32\wextract.exe

2013-05-20 20:34 . 2013-05-20 20:34        13824        ----a-w-        c:\windows\system32\mshta.exe

2013-05-20 20:34 . 2013-05-20 20:34        136192        ----a-w-        c:\windows\system32\iepeers.dll

2013-05-20 20:34 . 2013-05-20 20:34        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-05-20 20:34 . 2013-05-20 20:34        12800        ----a-w-        c:\windows\system32\msfeedssync.exe

2013-05-20 20:34 . 2013-05-20 20:34        102912        ----a-w-        c:\windows\system32\inseng.dll

2013-05-13 05:51 . 2013-06-11 09:16        184320        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-11 09:16        1464320        ----a-w-        c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-11 09:16        139776        ----a-w-        c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-11 09:16        52224        ----a-w-        c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-11 09:16        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45 . 2013-06-11 09:16        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-11 09:16        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43 . 2013-06-11 09:16        1192448        ----a-w-        c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-11 09:16        903168        ----a-w-        c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-11 09:16        43008        ----a-w-        c:\windows\SysWow64\certenc.dll

2013-05-10 05:49 . 2013-06-11 09:16        30720        ----a-w-        c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-11 09:16        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll

2013-05-09 08:58 . 2013-06-17 17:27        287840        ----a-w-        c:\windows\system32\aswBoot.exe

2013-05-08 06:39 . 2013-06-11 09:16        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:03        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Adobe Driver Update"="c:\users\Paul\AppData" [X]

"Akamai NetSession Interface"="c:\users\Paul\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]

"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-08-19 438272]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]

"Spotify Web Helper"="c:\users\Paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-05 1104384]

"Spotify"="c:\users\Paul\AppData\Roaming\Spotify\spotify.exe" [2013-07-05 4640768]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]

"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-15 124136]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2013-2-14 523264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]

R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]

R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-13 09:30]

.

2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-13 09:30]

.

2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1352958744-153524303-834506534-1000Core.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 09:52]

.

2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1352958744-153524303-834506534-1000UA.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 09:52]

.

2013-08-04 c:\windows\Tasks\SpeedMaxPc Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:06        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-06 21:57        778192        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-06 21:57        778192        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-06 21:57        778192        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-06 21:57        778192        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-06 21:57        778192        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

Trusted Zone: aeriagames.com

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yoxtwhvf.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF - ExtSQL: 2013-06-17 19:27; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: !HIDDEN! 2013-04-28 13:52; happylyrics@hpyproductions.net; c:\program files (x86)\HappyLyrics\FF

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)
 AddRemove-happylyrics@hpyproductions.net - c:\program files (x86)\HappyLyrics\uninstall.exe

AddRemove-DSite - c:\users\Paul\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,

   86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,

   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf

"{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}"=hex:51,66,7a,6c,4c,1d,38,12,d3,c6,d3,

   5d,4b,6b,54,06,c4,ae,ec,bd,5c,3a,6f,bb

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,

   a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,

   c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,

   ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-08-05  14:10:51

ComboFix-quarantined-files.txt  2013-08-05 12:10

ComboFix2.txt  2013-07-30 19:20

.

Vor Suchlauf: 23 Verzeichnis(se), 269.425.680.384 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 269.385.773.056 Bytes frei

.

- - End Of File - - F5548ECCBECED6BBFF235BD6BEA35338
--- --- ---
D41D8CD98F00B204E9800998ECF8427E