Hallo, danke für die ausführliche Antwort.
Habe alles soweit ausgeführt und hat gut geklappt, jedoch sind folgende Probleme aufgetreten:
Die Eingabe von combofix /Uninstall hatte nicht funktioniert, deshalb habe ich die Combofix.exe in uninstall.exe umbenannt. Die Folge war jedoch, dass Combofix nochmals durchgelaufen ist und extrem lange gedauert hat. Habe es aber fertig laufen lassen. Hier das Logfile das dabei entstanden ist: Code:
ComboFix 13-07-12.01 - ***** 16.07.2013 18:42:23.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.4063.2642 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\uninstall.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-16 bis 2013-07-16 ))))))))))))))))))))))))))))))
.
.
2013-07-16 17:11 . 2013-07-16 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-16 16:46 . 2013-07-16 16:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5802261-1B88-4CC4-AB41-38E4B2A4EABE}\offreg.dll
2013-07-16 16:36 . 2012-11-28 12:12 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE86B51B-7CB5-D194-B14D-7DD03410C108}\GapaEngine.dll
2013-07-15 21:11 . 2013-07-15 21:11 -------- d-----w- c:\program files (x86)\ESET
2013-07-15 21:09 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-15 21:09 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-15 21:09 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-15 21:09 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-15 21:09 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-15 21:09 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-15 21:09 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-15 21:09 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-15 21:09 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-15 21:09 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-15 21:08 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-15 21:08 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-15 21:08 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-15 21:08 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-15 21:08 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-15 21:08 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-15 21:08 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-15 21:08 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-15 21:08 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-15 21:02 . 2013-07-15 21:02 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2013-07-15 21:01 . 2013-07-15 21:01 -------- d-----w- c:\programdata\Malwarebytes
2013-07-15 21:01 . 2013-07-15 21:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-15 21:01 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-15 21:01 . 2013-07-15 21:01 -------- d-----w- c:\users\*****\AppData\Local\Programs
2013-07-12 13:44 . 2013-07-12 13:57 -------- d-----w- C:\_OTL
2013-07-03 11:02 . 2013-07-03 11:02 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-06-29 07:55 . 2013-06-29 07:55 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-29 07:55 . 2013-06-29 07:55 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-29 07:55 . 2013-06-29 07:55 188840 ----a-w- c:\windows\system32\java.exe
2013-06-29 07:55 . 2013-06-29 07:55 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-27 15:35 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5802261-1B88-4CC4-AB41-38E4B2A4EABE}\mpengine.dll
2013-06-25 19:03 . 2013-06-25 19:03 -------- d-----w- c:\users\*****\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 01:14 . 2012-10-26 01:01 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-29 07:55 . 2012-11-06 13:57 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 07:55 . 2012-11-06 13:57 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 14:54 . 2012-11-06 09:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:54 . 2012-11-06 09:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-29 16:10 . 2013-05-29 16:10 8562 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2013-05-25 21:41 . 2013-05-25 21:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-25 21:41 . 2013-05-25 21:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-25 21:41 . 2013-05-25 21:41 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-25 21:41 . 2013-05-25 21:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-25 21:41 . 2013-05-25 21:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-25 21:41 . 2013-05-25 21:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-25 21:41 . 2013-05-25 21:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-25 21:41 . 2013-05-25 21:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-25 21:41 . 2013-05-25 21:41 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-25 21:41 . 2013-05-25 21:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-25 21:41 . 2013-05-25 21:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-25 21:41 . 2013-05-25 21:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-25 21:41 . 2013-05-25 21:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-25 21:41 . 2013-05-25 21:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-25 21:41 . 2013-05-25 21:41 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-25 21:41 . 2013-05-25 21:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-25 21:41 . 2013-05-25 21:41 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-25 21:41 . 2013-05-25 21:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-25 21:41 . 2013-05-25 21:41 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-25 21:41 . 2013-05-25 21:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-25 21:41 . 2013-05-25 21:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-25 21:41 . 2013-05-25 21:41 441856 ----a-w- c:\windows\system32\html.iec
2013-05-25 21:41 . 2013-05-25 21:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-25 21:41 . 2013-05-25 21:41 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-25 21:41 . 2013-05-25 21:41 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-25 21:41 . 2013-05-25 21:41 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-25 21:41 . 2013-05-25 21:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-25 21:41 . 2013-05-25 21:41 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-25 21:41 . 2013-05-25 21:41 235008 ----a-w- c:\windows\system32\url.dll
2013-05-25 21:41 . 2013-05-25 21:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-25 21:41 . 2013-05-25 21:41 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-25 21:41 . 2013-05-25 21:41 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-25 21:41 . 2013-05-25 21:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-25 21:41 . 2013-05-25 21:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-25 21:41 . 2013-05-25 21:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-25 21:41 . 2013-05-25 21:41 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-25 21:41 . 2013-05-25 21:41 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-25 21:41 . 2013-05-25 21:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-25 21:41 . 2013-05-25 21:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-25 21:41 . 2013-05-25 21:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-25 21:41 . 2013-05-25 21:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-25 21:41 . 2013-05-25 21:41 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-25 21:41 . 2013-05-25 21:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-25 21:41 . 2013-05-25 21:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-25 21:41 . 2013-05-25 21:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-25 21:41 . 2013-05-25 21:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-25 21:41 . 2013-05-25 21:41 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-25 21:41 . 2013-05-25 21:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-25 21:41 . 2013-05-25 21:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-25 21:40 . 2013-05-25 21:40 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-25 21:40 . 2013-05-25 21:40 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-25 21:40 . 2013-05-25 21:40 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-25 21:40 . 2013-05-25 21:40 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-25 21:40 . 2013-05-25 21:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-25 21:40 . 2013-05-25 21:40 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-25 21:40 . 2013-05-25 21:40 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-25 21:40 . 2013-05-25 21:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-25 21:40 . 2013-05-25 21:40 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-25 21:40 . 2013-05-25 21:40 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-25 21:40 . 2013-05-25 21:40 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-25 21:40 . 2013-05-25 21:40 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-25 21:40 . 2013-05-25 21:40 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-25 21:40 . 2013-05-25 21:40 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-25 21:40 . 2013-05-25 21:40 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-25 21:40 . 2013-05-25 21:40 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-25 21:40 . 2013-05-25 21:40 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-25 21:40 . 2013-05-25 21:40 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-25 21:40 . 2013-05-25 21:40 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-25 21:40 . 2013-05-25 21:40 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-25 21:40 . 2013-05-25 21:40 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-05-25 21:40 . 2013-05-25 21:40 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-25 21:40 . 2013-05-25 21:40 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-25 21:40 . 2013-05-25 21:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-25 21:40 . 2013-05-25 21:40 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-05-25 21:40 . 2013-05-25 21:40 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-05-25 21:40 . 2013-05-25 21:40 1238528 ----a-w- c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-12-31 5598840]
"Driver Mender"="c:\program files (x86)\Driver Mender\Driver Mender\DriverMender.exe" [2013-01-24 3602800]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-15 1807272]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-15 21:09 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 14:54]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 15:39]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"XeroxScanUtility"="c:\program files\Xerox\Scan_Utility\xrxzipui.exe" [2010-02-10 2371072]
"XeroxEndeavorBackgroundTask"="c:\windows\system32\xgchabgnd.exe" [2009-11-02 102912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 16335392]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2777182332-3687985682-1980628378-1000\Software\SecuROM\License information*]
"datasecu"=hex:0a,32,cb,58,20,a4,c6,e5,43,80,d9,4a,b7,f1,cb,6c,49,64,9b,3f,1c,
09,3d,8c,85,14,d6,e2,31,06,d0,88,14,d5,c0,f6,06,62,fa,6a,f8,58,13,21,2a,fb,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-16 19:22:56
ComboFix-quarantined-files.txt 2013-07-16 17:22
ComboFix2.txt 2013-07-12 17:01
.
Vor Suchlauf: 19 Verzeichnis(se), 240.016.699.392 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 239.765.798.912 Bytes frei
.
- - End Of File - - FB47B6586ACDE466D591840BC6F52EBD
A36C5E4F47E84449FF07ED3517B43A31 Weiteres habe ich dann das Java-Update installiert. Am Ende der Installation erschien dann folgende Meldung: browserlauncherror: 3
Habe während der Installation alle Programme geschlossen gehabt.
Nun läuft alles gut soweit, allerdings stimmt bei manchen Symbolen das Symbol nicht. Z.b. *.pptx und *.docx: http://abload.de/thumb/symbolvsz3g.jpg
Vielleicht weißt du noch etwas.
Vielen Dank!
Liebe Grüße,
Stefan Binna. |