OK, das ComboFix habe ich auch laufen lassen. Das Programm hat mich - außer zum Warten - zu gar nichts aufgefordert.
Ich habe das Programm nicht mit Rechtsklick auf den .exe-Link "als Administrator" ausgeführt. Hätte ich das machen müssen? Ich habe aber AntiVir und die Windows-Firewall ausgeschaltet. http://s10.postimage.org/bk93rbamh/Combo.jpg
Das ist der Inhalt der Log-Datei, die das Programm nach dem Durchlauf von selbst geöffnet hat:
Combofix Logfile: Code:
ComboFix 12-11-20.02 - Office-PC 20.11.2012 20:23:57.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4091.2676 [GMT 1:00]
ausgeführt von:: c:\users\NAME\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Office-PC\AppData\Local\Temp\{26F98962-4D84-4DF8-AF9B-629FC4B4D03A}\ISBEW64.exe
c:\users\Office-PC\AppData\Local\Temp\{67365063-E8B1-40F7-91B3-E42A8BE4B6C7}\fpb.tmp
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MaAgent.exe
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MAAuthProc.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MACLICX13.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MACLicX15.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MACSMANAGER.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MaCSMgr.exe
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MaCSProHook.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\mapshapi.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\mapwij10.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MaSyncP.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MaWAMP.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MAWebControl.exe
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MaWMP.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MPXBox.exe
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\MtpAccess.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAFileUpdate.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\UserShare.dll
c:\users\Office-PC\AppData\Local\Temp\MarkAny\ContentSafer\XSYNCClt.dll
c:\users\OFFICE~1\AppData\Local\Temp\{26F98962-4D84-4DF8-AF9B-629FC4B4D03A}\ISBEW64.exe
c:\users\OFFICE~1\AppData\Local\Temp\{67365063-E8B1-40F7-91B3-E42A8BE4B6C7}\fpb.tmp
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MaAgent.exe
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MAAuthProc.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MACLICX13.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MACLicX15.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MACSMANAGER.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MaCSMgr.exe
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MaCSProHook.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\mapshapi.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\mapwij10.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MaSyncP.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MaWAMP.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MAWebControl.exe
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MaWMP.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MPXBox.exe
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\MtpAccess.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAFileUpdate.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\UserShare.dll
c:\users\OFFICE~1\AppData\Local\Temp\MarkAny\ContentSafer\XSYNCClt.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-20 bis 2012-11-20 ))))))))))))))))))))))))))))))
.
.
2012-11-20 19:29 . 2012-11-20 19:29 -------- d-----w- c:\users\NAME\AppData\Local\temp
2012-11-20 19:29 . 2012-11-20 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 19:21 . 2012-11-20 19:21 -------- d-----w- C:\32788R22FWJFW
2012-11-20 11:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D18A1852-8C17-4E0A-8AC9-98DE0B03B3E6}\mpengine.dll
2012-11-18 17:05 . 2012-11-18 17:05 -------- d-----w- c:\program files (x86)\Seagate
2012-11-18 17:04 . 2012-11-18 17:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-17 02:17 . 2012-11-17 02:17 -------- d-----w- c:\program files\7-Zip
2012-11-15 12:13 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-13 12:13 . 2012-11-13 12:13 -------- d-----w- c:\program files (x86)\Fotosizer
2012-11-04 18:24 . 2012-11-04 18:24 -------- d-----w- c:\users\NAME\AppData\Roaming\FreeHideIP
2012-11-04 18:17 . 2012-11-04 18:17 -------- d-----w- c:\programdata\FreeHideIP
2012-11-04 18:17 . 2012-11-04 18:17 -------- d-----w- c:\users\Office-PC\AppData\Roaming\FreeHideIP
2012-11-04 18:16 . 2012-11-04 18:16 -------- d-----w- c:\program files (x86)\FreeHideIP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 02:02 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-11-15 12:10 . 2012-07-19 17:09 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 12:10 . 2012-07-19 17:09 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 20:44 . 2012-09-10 20:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-10 20:44 . 2012-09-10 20:45 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-28 08:05 . 2012-09-22 15:23 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-28 08:04 . 2012-08-28 08:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-08-28 08:04 . 2012-08-28 08:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-08-28 08:04 . 2012-08-28 08:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-08-28 08:04 . 2012-08-28 08:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-08-28 08:04 . 2012-08-28 08:04 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-08-28 08:04 . 2012-08-28 08:04 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-08-28 08:04 . 2012-08-28 08:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-08-28 08:04 . 2012-08-28 08:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-08-28 08:04 . 2012-08-28 08:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-08-28 08:04 . 2012-08-28 08:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-08-28 08:04 . 2012-08-28 08:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-08-28 08:04 . 2012-08-28 08:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-28 08:04 . 2012-09-22 15:22 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-28 08:04 . 2012-09-22 15:22 319456 ----a-w- c:\windows\SysWow64\DIFxAPI.dll
2012-08-28 08:04 . 2012-09-22 15:22 20032 ----a-w- c:\windows\SysWow64\drivers\dgderdrv.sys
2012-08-28 08:04 . 2012-08-28 08:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-08-28 08:04 . 2012-08-28 08:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-08-28 08:04 . 2012-08-28 08:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-08-28 08:04 . 2012-08-28 08:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-08-28 08:04 . 2012-08-28 08:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-08-28 08:04 . 2012-08-28 08:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-08-28 08:04 . 2012-08-28 08:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-08-28 08:04 . 2012-08-28 08:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-08-28 08:04 . 2012-08-28 08:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-08-28 08:04 . 2012-08-28 08:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-08-28 08:04 . 2012-08-28 08:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-08-28 08:04 . 2012-08-28 08:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-08-28 08:04 . 2012-08-28 08:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-21 . 22D13FF3DAFEC2A80634752B1EAA2DE6 . 22016 . . [6.0.6001.18000] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 2006-11-02 . DD5D684975352B85B52E3FD5347C20CB . 6144 . . [6.0.6000.16386] .. c:\windows\system32\drivers\null.sys
.
[-] 2009-04-11 . 458919C8C42E398DC4802178D5FFEE27 . 94720 . . [6.0.6002.18005] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2008-01-21 . A1B39DE453433B115B4EA69EE0343816 . 103424 . . [6.0.6000.16386] .. c:\windows\system32\browser.dll
.
[-] 2011-11-16 . 260BF9C43EE12C6898A9F5AAB0FB0E5D . 11264 . . [6.0.6000.16386] .. c:\windows\system32\lsass.exe
.
[-] 2008-01-21 . 9B63B29DEFC0F3115A559D2597BF5D75 . 348160 . . [6.0.6000.16386] .. c:\windows\system32\netman.dll
.
[-] 2009-04-11 . 6D316F4859634071CC25C4FD4589AD2C . 1081856 . . [7.0.6001.18000] .. c:\windows\system32\qmgr.dll
.
[-] 2009-04-11 . CF8B9A3A5E7DC57724A89D0C3E8CF9EF . 719872 . . [6.0.6000.16386] .. c:\windows\system32\rpcss.dll
.
[-] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
[-] 2010-08-17 . F66FF751E7EFC816D266977939EF5DC3 . 273920 . . [6.0.6000.16386] .. c:\windows\system32\spoolsv.exe
.
[-] 2009-04-11 . 6D0773A3A65D28B663F334C90441D01A . 405504 . . [6.0.6001.18000] .. c:\windows\system32\winlogon.exe
.
[-] 2010-08-31 . 74ABE02BF1937B32C6FC169A782FCF60 . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[-] 2008-01-21 . DDEE5FE5C3C3141CE02DE6B7B2BF686B . 1291264 . . [2001.12.6930.16386] .. c:\windows\system32\comres.dll
.
[-] 2012-04-23 . 62740B9D2A137E8CED41A9E4239A7A31 . 174592 . . [6.0.6000.16386] .. c:\windows\system32\cryptsvc.dll
.
[-] 2009-04-11 . E12F22B73F153DECE721CD45EC05B4AF . 361984 . . [2001.12.6932.18005] .. c:\windows\system32\es.dll
.
[-] 2009-04-11 . 62C15795629FA290656C6A7E5CD25F52 . 163840 . . [6.0.6002.18005] .. c:\windows\system32\imm32.dll
.
[-] 2010-04-16 . 11EAF90B44A9E378CB6F4ECBF2471F60 . 621568 . . [1.0626.6002.18244] .. c:\windows\system32\usp10.dll
.
[-] 2011-04-12 . 2299078C1E59FE69ADDF49897D6A373A . 1210880 . . [6.0.6001.18000] .. c:\windows\system32\kernel32.dll
.
[-] 2008-01-21 . 8BDE3074EE7BB92030448419E33635C7 . 29184 . . [6.0.6001.18000] .. c:\windows\system32\linkinfo.dll
.
[-] 2008-01-21 . 891E1D0DCDE747C8F1EE71E61EA193F5 . 32768 . . [6.0.6001.18000] .. c:\windows\system32\lpk.dll
.
[-] 2008-01-21 . D23E5184266747DDCE9D0C6581D916B3 . 433664 . . [6.0.6000.16386] .. c:\windows\system32\hnetcfg.dll
.
[-] 2012-06-28 . 864DFCF19D99711E6449255DD1F4F2B0 . 17809920 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[-] 2011-12-14 . 2C74308C8A20F3F3A2226DFE36914CBF . 621056 . . [7.0.6002.18551] .. c:\windows\system32\msvcrt.dll
.
[-] 2009-04-11 . BB08D93011B82883EC33C7707A9627BE . 304128 . . [6.0.6000.16386] .. c:\windows\system32\mswsock.dll
.
[-] 2009-04-11 . A3F1B171702CA04744EE514243B45BFB . 717312 . . [6.0.6001.18000] .. c:\windows\system32\netlogon.dll
.
[-] 2009-04-11 . 7823A58BF0FE3CAAA555C12B5CF91290 . 123392 . . [6.0.6001.18000] .. c:\windows\system32\powrprof.dll
.
[-] 2009-04-11 . 9922ADB6DCA8F0F5EA038BEFF339C08B . 235520 . . [6.0.6000.16386] .. c:\windows\system32\scecli.dll
.
[-] 2006-11-02 . 2CCA759379C220D29F0066CA49E9259F . 6144 . . [6.0.6000.16386] .. c:\windows\system32\sfc.dll
.
[-] 2008-01-21 . CDA9F1373805AF88F6FA4F2064BBA24D . 27648 . . [6.0.6000.16386] .. c:\windows\system32\svchost.exe
.
[-] 2009-04-11 . CC2562B4D55E0B6A4758C65407F63B79 . 318976 . . [6.0.6000.16386] .. c:\windows\system32\tapisrv.dll
.
[-] 2009-04-11 . F3F5549E69AE8509342E67E4F972CA1C . 820224 . . [6.0.6001.18000] .. c:\windows\system32\user32.dll
.
[-] 2008-01-21 . A0AB2BB9A92293D9CE66E252719AB5FE . 28160 . . [6.0.6000.16386] .. c:\windows\system32\userinit.exe
.
[-] 2012-06-28 . 807CAA713A27CDF8ABE91BC367DBB269 . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[-] 2009-04-11 . BAB10B35E2D5EE0DC3DE05A177C52C50 . 264704 . . [6.0.6000.16386] .. c:\windows\system32\ws2_32.dll
.
[-] 2008-01-21 . 9CD45523D76E4177C612B03C879E0AFF . 5120 . . [6.0.6001.18000] .. c:\windows\system32\ws2help.dll
.
[-] 2010-06-28 . 0CB93E3F36C4F4122E7CBBAA731F67D1 . 1915904 . . [6.0.6000.16386] .. c:\windows\system32\ole32.dll
.
[-] 2006-11-02 . 21322B1A2AD337C579F4A65EA0D25193 . 14848 . . [6.0.6000.16386] .. c:\windows\system32\cngaudit.dll
.
[-] 2008-01-21 . 117EA87DF785CA1B9D821F6F213DCE07 . 123904 . . [6.0.6000.16386] .. c:\windows\system32\wininit.exe
.
[-] 2006-11-02 . 7E370DF3743B39CD375C52F7995783C4 . 9728 . . [6.0.6000.16386] .. c:\windows\system32\ctfmon.exe
.
[-] 2009-07-10 . 56793271ECDEDD350C5ADD305603E963 . 302080 . . [6.0.6000.16386] .. c:\windows\system32\shsvcs.dll
.
[-] 2009-04-11 . 44B9D8EC2F3EF3A0EFB00857AF70D861 . 206848 . . [6.0.6000.16386] .. c:\windows\system32\regsvc.dll
.
[-] 2010-11-06 . 0F838C811AD295D2A4489B9993096C63 . 855040 . . [6.0.6001.18000] .. c:\windows\system32\schedsvc.dll
.
[-] 2008-01-21 . 192C74646EC5725AEF3F80D19FF75F6A . 185856 . . [6.0.6000.16386] .. c:\windows\system32\ssdpsrv.dll
.
[-] 2009-04-11 . 5CDD30BC217082DAC71A9878D9BFD566 . 547328 . . [6.0.6001.18000] .. c:\windows\system32\termsrv.dll
.
[-] 2008-01-21 . 17BF3BF5296936B153FDDDA189B60E07 . 5120 . . [6.0.6001.18000] .. c:\windows\system32\ksuser.dll
.
[-] 2008-01-21 . 6B58266234B36ABCDD43C797B0D1932E . 8192 . . [6.0.6001.18000] .. c:\windows\system32\msimg32.dll
.
[-] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
.
[-] 2012-04-23 . 75C6A297E364014840B48ECCD7525E30 . 133120 . . [6.0.6000.16386] .. c:\windows\SysWOW64\cryptsvc.dll
.
[-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] .. c:\windows\SysWOW64\es.dll
.
[-] 2009-04-11 . B8FBE5F40B09F5D20E1E5CCFEF893D62 . 116224 . . [6.0.6002.18005] .. c:\windows\SysWOW64\imm32.dll
.
[-] 2011-04-12 . 7F4CAEAC24592FA9F574E1F8CD1D0604 . 859648 . . [6.0.6001.18000] .. c:\windows\SysWOW64\kernel32.dll
.
[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] .. c:\windows\SysWOW64\linkinfo.dll
.
[-] 2009-04-11 . DF37346EA13082E3E1B423B54014E641 . 23552 . . [6.0.6002.18005] .. c:\windows\SysWOW64\lpk.dll
.
[-] 2012-06-28 . 525F42376AA8D997B638145415244162 . 12317184 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
.
[-] 2011-12-14 . 17AF64D727545F2804F6E6D998327E3F . 680448 . . [7.0.6002.18551] .. c:\windows\SysWOW64\msvcrt.dll
.
[-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] .. c:\windows\SysWOW64\mswsock.dll
.
[-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] .. c:\windows\SysWOW64\netlogon.dll
.
[-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] .. c:\windows\SysWOW64\powrprof.dll
.
[-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] .. c:\windows\SysWOW64\scecli.dll
.
[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] .. c:\windows\SysWOW64\sfc.dll
.
[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] .. c:\windows\SysWOW64\svchost.exe
.
[-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] .. c:\windows\SysWOW64\tapisrv.dll
.
[-] 2009-04-11 . D29FDB5DEDBDC1BD882164DC6DC4DD53 . 648704 . . [6.0.6001.18000] .. c:\windows\SysWOW64\user32.dll
.
[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] .. c:\windows\SysWOW64\userinit.exe
.
[-] 2012-06-28 . 975129E360241BE751BE93D9E0AC7409 . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
.
[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] .. c:\windows\SysWOW64\ws2_32.dll
.
[-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] .. c:\windows\SysWOW64\ws2help.dll
.
[-] 2009-04-11 . 6B08E54A451B3F95E4109DBA7E594270 . 3079168 . . [6.0.6000.16386] .. c:\windows\explorer.exe
.
[-] 2008-01-21 . 5DFBCE56E689D90AE9E2FB278F80058E . 134656 . . [6.0.6000.16386] .. c:\windows\regedit.exe
.
[-] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] .. c:\windows\SysWOW64\ole32.dll
.
[-] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] .. c:\windows\SysWOW64\usp10.dll
.
[-] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] .. c:\windows\SysWOW64\ksuser.dll
.
[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] .. c:\windows\SysWOW64\ctfmon.exe
.
[-] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] .. c:\windows\SysWOW64\shsvcs.dll
.
[-] 2006-11-02 . 2EC53B5A351C4D443896DBAD117F7E82 . 4608 . . [6.0.6000.16386] .. c:\windows\SysWOW64\msimg32.dll
.
[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] .. c:\windows\SysWOW64\cngaudit.dll
.
[-] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] .. c:\windows\SysWOW64\wininit.exe
.
[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] .. c:\windows\SysWOW64\ias.dll
.
[-] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
.
[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] .. c:\windows\SysWOW64\upnphost.dll
.
[-] 2009-04-11 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] .. c:\windows\SysWOW64\dsound.dll
.
[-] 2009-04-11 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] .. c:\windows\SysWOW64\d3d9.dll
.
[-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] .. c:\windows\SysWOW64\ddraw.dll
.
[-] 2009-04-11 06:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] .. c:\windows\SysWOW64\olepro32.dll
.
[-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] .. c:\windows\SysWOW64\perfctrs.dll
.
[-] 2009-04-11 . 69827805A221C21450BA22F4326A2EE3 . 20480 . . [6.0.6002.18005] .. c:\windows\SysWOW64\version.dll
.
[-] 2009-04-11 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6000.16386] .. c:\windows\SysWOW64\midimap.dll
.
[-] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] .. c:\windows\SysWOW64\rasadhlp.dll
.
[-] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] .. c:\windows\SysWOW64\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Free Hide IP"="c:\program files (x86)\FreeHideIP\FreeHideIP.exe" [2012-09-25 3810688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-02 89600]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-11-03 1833576]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Office-PC\AppData\Roaming\Mozilla\Firefox\Profiles\p8o9pvz3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de&tab=ww
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Mozilla Thunderbird 14.0 (x86 de) - c:\program files (x86)\Mozilla Thunderbird\uninstall\helper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-20 20:34:57
ComboFix-quarantined-files.txt 2012-11-20 19:34
.
Vor Suchlauf: 10 Verzeichnis(se), 28.398.170.112 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 28.593.205.248 Bytes frei
.
- - End Of File - - 1FEB8EED3F8AD7E4992724B640031E04
--- --- ---
Ich habe den Computer danach neugestartet und vorher das mit Windows Update versucht, geht weiterhin nicht.
Beim Hochfahren kommt zunächst der DOS-Hinweis, dass das Volume für den direkten Zugriff nicht geöffnet werden kann. Und auf der Seite mit dem Windows-Begrüßungsbildchirm kommt dann eine Fehlermeldung, dass windows/fonts usw. defekt ist. Wenn man den Hinweis wegklickt, erscheint hinten dran der nächste, mit einem anderen Font-Fehler. Man kann aber auch drunter auf den Benutzernamen klicken, dann wird der Desktop geöffnet und alles scheint normal.
. |
