Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-04-15.01 - Alina 15.04.2012 16:40:05.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.293 [GMT 2:00]
ausgeführt von:: c:\users\Alina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Alina\esetsmartinstaller_enu.exe
c:\users\Alina\OTL.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-15 bis 2012-04-15 ))))))))))))))))))))))))))))))
.
.
2012-04-15 14:52 . 2012-04-15 14:53 -------- d-----w- c:\users\Alina\AppData\Local\temp
2012-04-15 14:52 . 2012-04-15 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 14:36 . 2012-04-15 14:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4EB9669-5E78-4D02-88C2-979793E6A732}\offreg.dll
2012-04-13 10:58 . 2012-04-13 10:58 -------- d-----w- C:\_OTL
2012-04-13 09:21 . 2012-03-20 01:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4EB9669-5E78-4D02-88C2-979793E6A732}\mpengine.dll
2012-04-12 18:48 . 2012-04-12 18:48 -------- d-----w- c:\program files\ESET
2012-04-12 09:06 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:58 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-04-12 08:58 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-12 08:57 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-12 08:57 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-04-12 08:57 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-12 08:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-04-12 08:57 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-12 08:55 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-04-12 08:55 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-04-12 08:55 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-12 08:55 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-04-12 08:55 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-04-12 08:53 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 08:53 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 08:44 . 2012-02-28 05:34 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 08:44 . 2012-02-28 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 08:44 . 2012-02-28 05:34 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-04-12 08:44 . 2012-02-28 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-12 08:41 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-12 08:41 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-12 08:41 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-12 08:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-12 08:41 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-12 08:41 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-11 14:02 . 2012-04-11 14:02 -------- d-----w- c:\users\Alina\AppData\Roaming\Malwarebytes
2012-04-11 14:01 . 2012-04-11 14:01 -------- d-----w- c:\programdata\Malwarebytes
2012-04-11 14:01 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 14:01 . 2012-04-11 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 20:27 . 2012-03-28 20:27 -------- d-----w- c:\program files\Common Files\Java
2012-03-28 20:26 . 2012-03-28 20:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-28 20:25 . 2012-03-28 20:25 -------- d-----w- c:\program files\Java
2012-03-22 13:25 . 2012-03-22 13:25 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-22 13:25 . 2012-03-22 13:25 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-10-22 17:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 14:01 . 2011-10-22 16:58 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-22 13:25 . 2011-11-12 08:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2010-09-08 34728]
"HotkeyService"="AsusSender.exe" [2010-09-08 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-09-08 34728]
"LiveUpdate"="AsusSender.exe" [2010-09-08 34728]
"CapsHook"="AsusSender.exe" [2010-09-08 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"GraphicsSwitch"="AsusSender.exe" [2010-09-08 34728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-25 8522272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-10-17 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-09-14 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-3-3 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-05 c:\windows\Tasks\Norton Security Scan for Alina.job
- c:\progra~1\NORTON~2\Engine\351~1.10\Nss.exe [2012-02-04 07:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\4v2rjtrr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-15 16:58:17
ComboFix-quarantined-files.txt 2012-04-15 14:58
.
Vor Suchlauf: 8 Verzeichnis(se), 78.675.783.680 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 78.316.023.808 Bytes frei
.
- - End Of File - - FA53B12FEE55F087583E267926A60463
[/CODE]
--- --- ---
15.04.2012, 16:00
Baum-Darstellung