Danke Arne, hier das Ergebnis:
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 10-12-14.07 - Marc 15.12.2010 17:12:18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3583.2791 [GMT 1:00]
ausgeführt von:: c:\users\Marc\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-15 bis 2010-12-15 ))))))))))))))))))))))))))))))
.
2010-12-15 16:14 . 2010-12-15 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-14 18:24 . 2010-12-14 18:25 -------- d-----w- c:\programdata\SecTaskMan
2010-12-14 18:24 . 2010-12-14 18:24 -------- d-----w- c:\program files\Security Task Manager
2010-12-14 17:21 . 2010-12-14 17:21 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes
2010-12-14 17:21 . 2010-12-14 17:21 -------- d-----w- c:\programdata\Malwarebytes
2010-12-14 17:21 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 17:21 . 2010-12-14 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 17:21 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 16:58 . 2010-12-14 18:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-14 16:58 . 2010-12-14 18:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-14 16:57 . 2010-12-14 16:57 -------- d-----w- c:\program files\Common Files\Java
2010-12-14 16:57 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-14 16:57 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-14 16:06 . 2010-12-14 16:12 -------- d-----w- c:\programdata\PC Tools
2010-12-14 16:03 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9ED5DAB8-21CD-4BE0-A6DE-E5D923C6D06A}\mpengine.dll
2010-11-30 18:44 . 2010-11-30 18:46 -------- d-----w- c:\users\Marc\AppData\Roaming\vlc
2010-11-24 20:32 . 2010-11-24 20:33 -------- d-----w- c:\users\Marc\AppData\Roaming\Download Manager
2010-11-24 09:28 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 16:16 . 2010-09-19 20:06 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 09:26 . 2010-09-19 20:06 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2010-09-16 17:47 222080 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-02 9808488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\t9247kii.default\
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-15 17:15:30
ComboFix-quarantined-files.txt 2010-12-15 16:15
Vor Suchlauf: 6 Verzeichnis(se), 222.406.213.632 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 221.964.390.400 Bytes frei
- - End Of File - - ACFE144542951C26C5B05A825E59DA5F
--- --- ---
15.12.2010, 17:18
Baum-Darstellung