Hallo , hier ist die combofix.txt :
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-02-13.01 - Levent 14.02.2012 16:07:38.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3069.1911 [GMT 1:00]
ausgeführt von:: c:\users\Levent\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Levent\AppData\Roaming\AcroIEHelpe.txt
c:\users\Levent\AppData\Roaming\srvblck2.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-14 bis 2012-02-14 ))))))))))))))))))))))))))))))
.
.
2012-02-14 15:15 . 2012-02-14 15:15 -------- d-----w- c:\users\Levent\AppData\Local\temp
2012-02-14 15:15 . 2012-02-14 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 13:54 . 2012-02-14 13:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33E6BB37-1E44-4145-B5E9-84BAFB0EC8C0}\offreg.dll
2012-02-14 13:48 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33E6BB37-1E44-4145-B5E9-84BAFB0EC8C0}\mpengine.dll
2012-02-14 13:38 . 2012-02-14 13:52 -------- d-----w- C:\_OTL
2012-02-08 22:01 . 2012-02-08 22:01 -------- d-----w- c:\users\Levent\AppData\Roaming\Malwarebytes
2012-02-08 22:00 . 2012-02-08 22:00 -------- d-----w- c:\programdata\Malwarebytes
2012-02-08 22:00 . 2012-02-08 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 22:00 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 21:30 . 2012-02-08 21:30 -------- d-----w- c:\users\Levent\AppData\Roaming\Avira
2012-02-08 21:25 . 2011-12-15 14:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-08 21:25 . 2011-12-15 14:00 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-08 21:25 . 2012-02-08 21:25 -------- d-----w- c:\programdata\Avira
2012-02-08 21:25 . 2012-02-08 21:25 -------- d-----w- c:\program files\Avira
2012-02-08 21:10 . 2011-09-16 09:35 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-01 16:10 . 2012-02-01 16:17 -------- d-----w- c:\users\Levent\AppData\Roaming\BirdieSync
2012-02-01 16:10 . 2012-02-01 16:46 -------- d-----w- c:\program files\BirdieSync
2012-02-01 14:32 . 2012-02-01 14:32 -------- d-----w- c:\program files\iPod
2012-02-01 14:32 . 2012-02-01 14:33 -------- d-----w- c:\program files\iTunes
2012-01-25 11:31 . 2012-02-14 13:35 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-25 11:31 . 2012-01-25 11:31 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-25 11:31 . 2012-01-25 11:31 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-25 11:31 . 2012-01-25 11:31 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-24 13:34 . 2012-01-24 13:34 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 22:28 . 2011-08-05 17:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 23:21 . 2009-11-01 11:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-15 14:00 . 2009-11-01 11:41 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-25 12:56 . 2011-11-25 12:56 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:25 . 2011-12-26 18:35 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-11 11:10 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:41 . 2012-01-12 19:56 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:41 . 2012-01-12 19:56 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:39 . 2012-01-12 19:56 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 05:38 . 2012-01-11 11:10 1288472 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:35 . 2012-01-12 19:56 314880 ----a-w- c:\windows\system32\webio.dll
2011-11-17 05:34 . 2012-01-12 19:56 15872 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 05:34 . 2012-01-12 19:56 100352 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 05:34 . 2012-01-12 19:56 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-12 19:56 22016 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 05:32 . 2012-01-12 19:56 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 05:29 . 2012-01-12 19:56 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-14 13:35 . 2011-05-04 13:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Levent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Levent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-08-22 08:01 593920 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-07-07 07:08 216064 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-07-27 13:38 321080 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-02-07 17:10 1242448 ----a-w- c:\program files\Steam\steam.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-27 2152152]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 iscFlash;iscFlash;c:\swsetup\sp45138\iscflash.sys [2009-06-16 13312]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 107360]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 12:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Levent\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Levent\AppData\Roaming\Mozilla\Firefox\Profiles\w326u7lg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-BirdieSync - c:\program files\BirdieSync\BirdieSync.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4158215117-505975296-2067828243-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-4158215117-505975296-2067828243-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-4158215117-505975296-2067828243-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-14 16:17:50
ComboFix-quarantined-files.txt 2012-02-14 15:17
.
Vor Suchlauf: 12 Verzeichnis(se), 95.020.707.840 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 94.916.550.656 Bytes frei
.
- - End Of File - - 75AC61B10F98880D3085925EA374A945
--- --- ---
14.02.2012, 16:22
Baum-Darstellung