Trojaner Virus??? In chatbox wurde automatisch geschrieben

#1 Einen wunderschönen guten abend wünsch ich euch

ich würde gleich zu sache kommen folgendes. Als ich heut in einem chat war auf einer website war mein cursor in schreib feld ich habe nix geschrieben aut einmal kam ne ganze zeile TestTestTest....
Also machte ich Kaspersky Rescue Disk 10 rein und ließ mein laptop gleich mal gründlich scannen es wurde aber nix gefunden
dannach scannte ich im abgesicherten modus noch mal mit kaspersky und wieder nix gefunden.
schließlich ließ ich combifix mal durchlaufen und auch hijackthis.
Ich würde euch gern mal bitten die 2 log datein anzusehen denn wirklich entfernt hat mein av ja nix^^



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:05, on 03.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ICQ7.0\ICQ.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\IDM\IEMonitor.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Zattoo4\Zattoo.exe
C:\Program Files (x86)\Auslogics Disk Defrag\DiskDefrag.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\IDM\IDMan.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\IDM\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\IDM\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\IDM\IEGetAll.htm
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\IDM\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\IDM\IEExt.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7509 bytes






ComboFix 11-01-16.04 - 17.01.2011 17:10:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.4095.2633 [GMT 1:00]
ausgeführt von:: c:\users\Navyseal\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\N...\AppData\Roaming\Dyyno
c:\users\N...\AppData\Roaming\Dyyno\dyyno.xml
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((( Dateien erstellt von 2010-12-17 bis 2011-01-17 ))))))))))))))))))))))))))))))
.

2011-01-17 16:25 . 2011-01-17 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 12:36 . 2011-01-17 15:45 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-01-17 11:20 . 2011-01-17 11:20 -------- d-----w- c:\users\N...\AppData\Roaming\Ashampoo
2011-01-17 11:17 . 2011-01-17 11:17 -------- d-----w- c:\users\N...\AppData\Local\ashampoo
2011-01-17 11:17 . 2011-01-17 11:17 -------- d-----w- c:\programdata\ashampoo
2011-01-17 11:17 . 2011-01-17 11:17 -------- d-----w- c:\program files (x86)\Ashampoo Burning Studio 6 FREE
2011-01-17 11:06 . 2011-01-17 16:32 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-01-17 10:58 . 2011-01-17 10:58 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-01-16 19:09 . 2011-01-16 19:09 -------- d-----w- c:\users\N...\AppData\Roaming\Uniblue
2011-01-16 19:08 . 2011-01-16 19:08 -------- d-----w- c:\users\N...\AppData\Local\PackageAware
2011-01-16 06:11 . 2011-01-16 06:11 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2011-01-16 06:11 . 2011-01-16 06:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-01-16 06:11 . 2011-01-16 06:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-16 06:10 . 2011-01-16 06:10 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-01-16 06:09 . 2011-01-16 06:14 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2011-01-16 06:03 . 2011-01-16 06:13 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2011-01-16 05:59 . 2011-01-16 05:59 -------- d-----w- c:\windows\symbols
2011-01-16 05:59 . 2011-01-16 05:59 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-01-16 05:59 . 2011-01-16 05:59 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-01-16 05:59 . 2011-01-16 05:59 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-01-16 04:55 . 2011-01-16 04:55 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 9
2011-01-16 01:20 . 2011-01-16 01:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-15 11:44 . 2011-01-15 11:44 -------- d-----w- c:\programdata\F-Secure
2011-01-15 11:21 . 2011-01-15 11:22 -------- d--h--w- c:\windows\AxInstSV
2011-01-15 02:40 . 2011-01-15 02:53 -------- d-----w- c:\users\N...\VirtualBox VMs
2011-01-15 02:39 . 2011-01-15 05:25 -------- d-----w- c:\users\N...\.VirtualBox
2011-01-15 02:38 . 2010-12-22 14:08 226448 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-01-15 02:38 . 2010-12-22 14:08 54864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-01-15 02:38 . 2011-01-15 02:45 -------- d-----w- c:\program files (x86)\Virtualbox
2011-01-14 22:12 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-01-14 22:12 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-01-14 22:09 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2011-01-14 22:04 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51A59BA8-4673-489E-93EA-652A5AE4E5E0}\mpengine.dll
2011-01-14 21:47 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-14 20:00 . 2011-01-14 20:00 -------- d-----w- c:\program files (x86)\DiskDirector
2011-01-14 20:00 . 2011-01-14 20:00 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2011-01-14 16:51 . 2011-01-14 16:51 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-01-14 02:18 . 2011-01-14 02:18 -------- d-----w- c:\programdata\createpart
2011-01-14 02:18 . 2011-01-14 02:18 -------- d-----w- c:\programdata\mergeparts
2011-01-14 02:17 . 2011-01-14 02:17 -------- d-----w- c:\programdata\redistpart
2011-01-14 02:17 . 2011-01-14 02:17 -------- d-----w- c:\programdata\explauncher
2011-01-14 02:17 . 2011-01-14 02:17 -------- d-----w- c:\programdata\launcher
2011-01-14 01:32 . 2011-01-14 01:32 -------- d-----w- C:\Neuer Ordner
2011-01-14 01:30 . 2011-01-14 20:00 276576 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-01-13 02:44 . 2011-01-13 02:44 -------- d-----w- c:\programdata\ATI
2011-01-13 02:44 . 2011-01-13 02:44 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-01-13 02:44 . 2011-01-13 02:44 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-01-13 02:44 . 2011-01-13 02:44 -------- d-----w- c:\program files (x86)\ATI Stream
2011-01-13 02:35 . 2011-01-13 02:35 -------- d-----w- C:\AMD
2011-01-12 20:59 . 2011-01-12 21:00 -------- d-----w- c:\users\N...\AppData\Roaming\Juce VST Host
2011-01-11 20:28 . 2011-01-11 20:28 -------- d-----w- c:\program files (x86)\VstPlugins
2011-01-11 20:28 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2011-01-11 20:28 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\SysWow64\vorbis.acm
2011-01-11 20:27 . 2011-01-12 21:00 -------- d-----w- c:\program files (x86)\Image-Line
2011-01-11 20:25 . 2011-01-12 20:37 -------- d-----w- c:\program files (x86)\FL Studio 8
2011-01-09 14:18 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-01-09 14:18 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-01-09 14:18 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-01-08 13:13 . 2011-01-08 13:13 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-01-08 13:13 . 2011-01-08 13:13 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-01-08 13:13 . 2011-01-17 09:30 -------- d-----w- c:\users\N...\AppData\Roaming\Winamp
2011-01-08 13:13 . 2011-01-08 13:14 -------- d-----w- c:\program files (x86)\Winamp
2011-01-07 21:32 . 2011-01-09 16:54 -------- d-----w- c:\users\N...\AppData\Roaming\RIFT
2010-12-28 23:10 . 2011-01-11 18:54 -------- d-----w- c:\program files (x86)\JDownloader
2010-12-24 04:44 . 2010-12-24 04:44 -------- d-----w- c:\program files\Eraser
2010-12-22 20:26 . 2010-12-28 18:10 -------- d-----w- c:\users\N...\AppData\Local\PokerStars.NET
2010-12-22 20:25 . 2010-12-22 20:26 -------- d-----w- c:\program files (x86)\PokerStars.NET
2010-12-22 14:08 . 2010-12-22 14:08 173840 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-12-22 14:08 . 2010-12-22 14:08 154256 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-22 14:08 . 2010-12-22 14:08 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-22 13:59 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-22 13:59 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 03:50 . 2010-05-15 17:21 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-13 03:50 . 2010-05-15 17:20 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-01-13 03:11 . 2010-04-28 13:12 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-13 02:20 . 2010-08-10 15:48 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-19 20:51 . 2010-03-16 10:53 270720 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-2 156880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisplayLastLogonInfo"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 dump_wmimmc;dump_wmimmc;d:\spiele\KarosOnline\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-20 1038088]
R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-06-30 98528]
R3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [2010-06-30 98528]
R3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [2010-06-30 98528]
R3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [2010-06-30 98528]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-03 359040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-27 834544]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 54864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2155848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 173840]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]

.
Inhalt des "geplante Tasks" Ordners

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 17:29]

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 17:29]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF15682.cfxxe" [X]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download aller Links mit IDM - c:\program files (x86)\IDM\IEGetAll.htm
IE: Download FLV-Videoinhalt mit IDM - c:\program files (x86)\IDM\IEGetVL.htm
IE: Download mit IDM - c:\program files (x86)\IDM\IEExt.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files (x86)\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\N...\AppData\Roaming\Mozilla\Firefox\Profiles\hti0e1rl.default\
FF - prefs.js: browser.startup.homepage - file://localhost/C:/Users/N.../Desktop/Suche/google.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox 4.0 Beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\N...\AppData\Roaming\IDM\idmmzcc3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Wow6432Node-HKCU-Run-Samsung_AppInst - i:\samsungsoftware\AppInst.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1833170771-2961884924-2979029459-1001\Software\SecuROM\!CAUTION!
NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0c,18,b2,18,91,93,c9,39,2e,e7,99,06,f7,56,bd,a0,43,dd,ab,e9,13,48,7b,
c4,8b,8f,92,ca,e1,3b,41,a1,41,d8,18,e6,bb,a0,50,cd,a5,24,c6,71,fd,d8,64,6c,\
"??"=hex:64,4d,d6,1b,a0,46,1f,e3,9e,88,e7,22,59,2f,a9,fa

[HKEY_USERS\S-1-5-21-1833170771-2961884924-2979029459-1001\Software\SecuROM\License information*]
"datasecu"=hex:39,d2,84,f7,ad,1e,6b,96,e2,f6,50,f4,fb,cd,5a,9c,59,ab,df,47,80,
74,d8,07,e6,af,7b,26,a3,c5,07,0a,c7,23,12,e4,3c,51,5e,b0,09,80,37,33,f4,84,\
"rkeysecu"=hex:e0,b8,86,8b,e1,9b,6b,71,b4,da,cc,3b,cd,67,dd,1c

[HKEY_USERS\S-1-5-21-1833170771-2961884924-2979029459-1001_Classes\Wow6432Node\CLSID\{57f0005c-388c-47a2-a7bb-f273fb7220df}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007b
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-1833170771-2961884924-2979029459-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):bc,25,0a,be,80,e0,f5,7d,10,ed,a0,3e,44,57,ce,10,e9,1b,61,b6,e9,
bc,bf,ce,17,75,f2,3f,ef,ee,a5,1b,e2,e3,ef,8b,56,e9,92,89,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1833170771-2961884924-2979029459-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3e,6c,7c,78,35,28,29,68,28,55,55,61,60,ea,5b,da,f5,0f,19,13,6e,
eb,e8,61,9a,2c,e9,d8,29,97,f5,01,51,5e,41,79,5a,ef,2f,44,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1833170771-2961884924-2979029459-1001_Classes\Wow6432Node\CLSID\{dadb425b-b100-4c37-aa5c-bf643e1141ab}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000034
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="CEB5EDFBFCC8C403F76B42061280E630EF6CD9DF3FF9F8F5A69FE64A30CCE3A333C0254000930C51D5E45A62E075C822C80430FD933C9708DD1A579B3179AE2673527825423E5531AF4DFD182ADF15F417E52545DB51AF566617E2A36487717047649936C26F4DC0D25F9C7C927744DF5B2F84737F22A6CD1435D3A9962FA04AFA346EE25252933E9E99D7C60F77C3BA2D3FCD293C1B580252D3A757E7AFA19D6C4510FC96943B8E87BE07946B9FF404B33A336D202C91A720998C3C4FC8D0F90FDBCCBC8AE94EB896D733E44633AC59FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14074E033465AB91203FA115244AEC581913D872921DEFC2B85283E73FBC51DB4A5BC741F1362C7B3CF0A88F427B8590CD3992EEABA1027608C6BDE773B6F2D90EB0DFE2599EA83237C02A1D9E0F22437C2E9CC25B887DBAB5E2A003A0F0C850A4DA01C1702D13FECF0E28DCFCDB594CB4E92CEE41143F1C3E5A35B7E4B6151B96672B8471D43031BBDD35B0D21E970A778A8CB7AFE6F62C10821C4C0F36EB1DDD03F00EC7ED1B1B2256F9414AF71AE137CF98A4B08C287E0BD6064AA402373BE903790918B340931FC432F7C26C73B9DF9EC4827C712B2C06F2B9FEDC9131DF1D5C006435C4E2F5C2972F06CEE30C7DCC01136085E72A514B9A117AA6BC6D78CF2BD4D1A9A4971F11E4545D34AB9D9ECF239E146D24261018B27A139F434F764D2D5A4933BBC7F302E11B35EEF2B58FADD593B38C41F20C9FC4F8E09EC810CFD1C58781C3D433D802EC8E08ACCE3AC61F0E351DEEBA38ED0800A1C12B523C7D93FB69FA00A0693AF0054F16CEB7DE4252E4567053737161E9B5205681C935FD37FA9DF74130D186A1CD12E2EC0A3080E5176190ACAF6F1A545BB10412FE2ED1D890577E15FBA5AF5E0F1FB452068C847106D3A5239954C8C80BA7F482A3B1008831DED7BD5FF1AB60355217FBCFA5577DB53F1D13BE19A9BE836B94ABCD9B1147728F91B09A1A765B4F9B589E7184030650C8278C9009779E25749497F71D940E11D67F174F520FEF92000D9DD40298FC2128B7CF63C47246F6D16A0901BA99C569B9B7CE0625F6B7D5978B95CCCDAA461B2C0557713EE088A2A6CFF32BCC37CE805013E82B70B53E158EEED50B6A523C50B50ECD58BF8AABF528C1011D0207FCFBC2312B8CE5D40471A5165EAAAD292BFCBA111298E2BB69E3A0808BE1D82615A753728F5D8AE3FC2DAFA5E727C4D1D3FAC393399898C5EE006F11A5E5A537D3F0547EC2B6B9F511B016025B5F2C6C6C4DED5C0921237C600785BD937C145F68EC2CBEA6929FA09B0955D95999B7231C186A77FE609CB9D1D36A93CDDB9FC774D0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-17 17:40:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-17 16:40

Vor Suchlauf: 13 Verzeichnis(se), 28.336.496.640 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 27.970.568.192 Bytes frei

- - End Of File - - B84AFF0CB82A723F4B74BDE46833A594