Kann Antivir nicht downloaden

Denise88 · 11.11.2008, 18:37

Das ist der von Combofix:

Code:

ATTFilter

ComboFix 08-11-10.01 - Nicole 2008-11-11 18:22:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1031.18.483 [GMT 1:00]
ausgeführt von:: c:\users\Nicole\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Nicole\AppData\Local\gaosq.dat
c:\users\Nicole\AppData\Local\gaosq_nav.dat
c:\users\Nicole\AppData\Local\gaosq_navps.dat
c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Nicole\FAVORI~1\Videos.url
c:\users\Nicole\Favorites\Videos.url
c:\windows\pi.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2008-10-11 bis 2008-11-11  ))))))))))))))))))))))))))))))
.

2008-11-10 18:36 . 2008-11-10 18:36	<DIR>	d--------	c:\users\Nicole\AppData\Roaming\Malwarebytes
2008-11-10 18:36 . 2008-11-10 18:36	<DIR>	d--------	c:\users\All Users\Malwarebytes
2008-11-10 18:36 . 2008-11-10 18:36	<DIR>	d--------	c:\programdata\Malwarebytes
2008-11-10 18:36 . 2008-11-10 18:36	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-11-10 18:36 . 2008-10-22 16:10	38,496	--a------	c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-10 18:36 . 2008-10-22 16:10	15,504	--a------	c:\windows\System32\drivers\mbam.sys
2008-11-09 21:16 . 2008-11-09 21:16	<DIR>	d--------	c:\users\All Users\Avira
2008-11-09 21:16 . 2008-11-09 21:16	<DIR>	d--------	c:\programdata\Avira
2008-11-09 21:16 . 2008-11-09 21:16	<DIR>	d--------	c:\program files\Avira
2008-10-29 18:30 . 2008-08-12 04:39	443,392	--a------	c:\windows\System32\win32spl.dll
2008-10-29 18:30 . 2008-09-18 05:56	147,456	--a------	c:\windows\System32\Faultrep.dll
2008-10-29 18:30 . 2008-09-18 05:56	125,952	--a------	c:\windows\System32\wersvc.dll
2008-10-27 19:04 . 2008-10-27 19:04	27,430	--a------	c:\users\Nicole\AppData\Roaming\nvModes.dat
2008-10-23 05:47 . 2008-08-05 10:49	428,544	--a------	c:\windows\System32\EncDec.dll
2008-10-23 05:47 . 2008-08-05 10:49	293,376	--a------	c:\windows\System32\psisdecd.dll
2008-10-23 05:47 . 2008-08-05 10:48	217,088	--a------	c:\windows\System32\psisrndr.ax
2008-10-23 05:47 . 2008-08-05 10:48	177,664	--a------	c:\windows\System32\mpg2splt.ax
2008-10-23 05:47 . 2008-08-05 10:48	80,896	--a------	c:\windows\System32\MSNP.ax
2008-10-17 20:34 . 2008-10-18 11:36	<DIR>	d--------	c:\users\All Users\NVIDIA
2008-10-17 20:34 . 2008-10-18 11:36	<DIR>	d--------	c:\programdata\NVIDIA
2008-10-17 20:16 . 2008-10-17 20:16	<DIR>	d--------	c:\users\Nicole\AppData\Roaming\GTek
2008-10-16 11:32 . 2008-09-18 06:09	3,601,464	--a------	c:\windows\System32\ntkrnlpa.exe
2008-10-16 11:32 . 2008-09-18 06:09	3,549,240	--a------	c:\windows\System32\ntoskrnl.exe
2008-10-16 11:32 . 2008-09-18 03:16	2,032,640	--a------	c:\windows\System32\win32k.sys
2008-10-16 11:32 . 2008-10-02 02:32	1,383,424	--a------	c:\windows\System32\mshtml.tlb
2008-10-16 11:32 . 2008-10-02 04:49	827,392	--a------	c:\windows\System32\wininet.dll
2008-10-16 11:32 . 2008-08-27 02:06	288,768	--a------	c:\windows\System32\drivers\srv.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 16:20	352,615	---ha-w	c:\windows\system32\drivers\vsconfig.xml
2008-11-10 16:31	---------	d-----w	c:\programdata\Google Updater
2008-11-08 14:33	---------	d-----w	c:\program files\Common Files\Symantec Shared
2008-11-08 14:31	---------	d-----w	c:\program files\Norton Security Scan
2008-11-02 09:55	---------	d-----w	c:\programdata\Hewlett-Packard
2008-11-01 11:35	---------	d-----w	c:\program files\Spybot - Search & Destroy
2008-10-30 12:07	---------	d-----w	c:\users\Nicole\AppData\Roaming\Maxthon2
2008-10-28 18:52	---------	d-----w	c:\users\Nicole\AppData\Roaming\MxBoost
2008-10-22 15:21	21,248	----a-w	c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-17 19:17	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-10-17 19:15	---------	d-----w	c:\program files\HP
2008-10-17 19:14	---------	d-----w	c:\program files\Hewlett-Packard
2008-10-17 19:04	---------	d-----w	c:\users\Nicole\AppData\Roaming\Hewlett-Packard
2008-10-16 20:50	---------	d-----w	c:\program files\Windows Mail
2008-10-16 20:46	---------	d-----w	c:\programdata\Microsoft Help
2008-10-16 13:41	---------	d-----w	c:\users\Nicole\AppData\Roaming\ICQ
2008-10-06 18:10	---------	d-----w	c:\program files\Sun
2008-10-06 18:08	---------	d-----w	c:\program files\Java
2008-10-06 10:51	20,224	----a-w	c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-10-06 05:19	---------	d-----w	c:\program files\Opera
2008-10-04 11:39	---------	d-----w	c:\program files\Google
2008-10-03 08:27	---------	d-----w	c:\program files\Alwil Software
2008-10-02 12:54	---------	d---a-w	c:\programdata\TEMP
2008-10-01 06:29	0	---ha-w	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-21 04:36	---------	d-----w	c:\users\Nicole\AppData\Roaming\GMX
2008-09-20 00:46	---------	d-----w	c:\programdata\Spybot - Search & Destroy
2008-09-19 19:07	0	---ha-w	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-19 12:52	---------	d-----w	c:\programdata\WindowsSearch
2008-09-18 05:58	---------	d-----w	c:\program files\IncrediMail
2008-09-16 07:23	174	--sha-w	c:\program files\desktop.ini
2008-09-16 07:11	---------	d-----w	c:\program files\Windows Sidebar
2008-09-16 07:11	---------	d-----w	c:\program files\Windows Photo Gallery
2008-09-16 07:11	---------	d-----w	c:\program files\Windows Journal
2008-09-16 07:11	---------	d-----w	c:\program files\Windows Defender
2008-09-16 07:11	---------	d-----w	c:\program files\Windows Collaboration
2008-09-16 07:11	---------	d-----w	c:\program files\Windows Calendar
2008-09-16 06:45	82,432	----a-w	c:\windows\System32\axaltocm.dll
2008-09-16 06:45	101,888	----a-w	c:\windows\System32\ifxcardm.dll
2008-09-12 21:07	---------	d-----w	c:\program files\ICQ6Toolbar
2008-09-12 21:06	---------	d-----w	c:\programdata\ICQ
2008-08-25 14:25	2,257,415	----a-w	c:\windows\Internet Logs\tvDebug.zip
2008-08-21 15:16	11,520	----a-w	c:\windows\Help\OEM\scripts\HCNetworkTest.exe
2008-06-23 14:43	2,674	----a-w	c:\users\Nicole\AppData\Roaming\wklnhst.dat
2008-06-21 21:01	22	----a-w	c:\users\Nicole\NTX30.zip
2008-06-08 19:42	2,863,976	----a-w	c:\users\Nicole\MpfPlus_Aol_DE.exe
2007-10-20 02:04	22	--sha-w	c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-02 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-13 323216]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-29 77824]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2007-11-24 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F19B98FA-6A66-4FDB-BFCD-830C19AF6555}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A721823F-573A-40F0-8992-69F11FDAB706}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8E2A0E27-212D-473F-BD20-395990CB367E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{6109805B-5ADA-42BA-A81F-9EADC7279195}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{FAA9B961-6E19-4BB0-8D0D-83FE038F4226}"= Disabled:UDP:c:\users\Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGU2K7DE\incredimail_install[1].exe:IncrediMail Installer
"{69F042B2-8A9F-4A51-A83E-F3A2457079FF}"= Disabled:TCP:c:\users\Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGU2K7DE\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{CC62203A-A843-4C09-A1B8-0F9AFCD0E157}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D0E828C7-E705-4CF6-8139-3845111FA9C0}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{01846461-8308-4382-A2AF-4387501F61F8}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{981DC1F1-80A5-474E-BEA1-939F323B9D81}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{121CE298-5641-4B92-8265-AD8791BF2772}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{508706CA-5F8D-4BEC-A45B-C91C1498AD94}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{3CF82762-0AAF-41AA-9D9A-DA1F636AE637}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{7D059512-7761-4242-AC01-EB3EF6D68A99}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{AED1FD81-E458-463E-B6B8-7BA6C380277A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{95887BB7-72A7-4658-9515-4B480AC51314}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{56B1A503-0E2C-44A4-B40D-3DEF12760BA9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CBF0EAF9-14D0-49AC-8972-FCD0583A5ACC}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3899175-1870-4ED0-AB97-10E4A634291F}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B454CD59-7578-4DD5-9963-C8A07C38BDFF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9764CA0A-9C35-4C3F-8E74-A803116D3BCB}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{A492A37E-6E5B-44CF-99C0-A2D798F59B25}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{03D4BD00-5FD5-4A87-B4E6-0605D7F5209E}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{BB36E217-C28B-49C3-A24C-542FEE65A910}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{FDAA8FA9-CC89-42B2-A6D0-A4FF40710D19}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{115050CE-8CDF-4A64-9775-5550825D16DC}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2007-11-24 33792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccfcd74d-07d1-11dd-ac1e-001b24856f12}]
\shell\Auto\command - auto.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccfcd764-07d1-11dd-ac1e-001b24856f12}]
\shell\Auto\command - F:\auto.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners

2008-10-24 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
HKLM-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\jn26s94s.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://de.google.mozilla.com/firefox&client=firefox-a&rls=com.google:de:official
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 18:29:36
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************
.
Zeit der Fertigstellung: 2008-11-11 18:33:06
ComboFix-quarantined-files.txt  2008-11-11 17:32:02

Vor Suchlauf: 21 Verzeichnis(se), 101.519.069.184 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 101,745,442,816 Bytes frei

217	--- E O F ---	2008-11-08 13:22:54

Kann Antivir nicht downloaden

Antiviren-, Firewall- und andere Schutzprogramme: Kann Antivir nicht downloaden

Kann Antivir nicht downloaden

Ähnliche Themen: Kann Antivir nicht downloaden