hier das combofix-log. am ende des prozesses, beim erstellen der log-datei ist das programm leider stecken geblieben, ich hoffe das log (der die das?) ist trotzdem brauchbar:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-04-07.04 - xxx 08.04.2012 19:20:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3034.2025 [GMT 2:00]
ausgeführt von:: C:\Users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\tbEDQ75VFH2EJb
C:\Windows\system32\drivers\etc\hosts.ics
((((((((((((((((((((((( Dateien erstellt von 2012-03-08 bis 2012-04-08 ))))))))))))))))))))))))))))))
2012-04-08 17:29:04 . 2012-04-08 17:29:35 -------- dc----w- C:\Users\xxx\AppData\Local\temp
2012-04-08 17:29:04 . 2012-04-08 17:29:04 -------- dc----w- C:\Users\Default\AppData\Local\temp
2012-04-08 15:30:51 . 2012-04-08 15:30:51 -------- dc----w- C:\_OTL
2012-04-05 08:22:42 . 2012-04-05 08:22:42 418464 -c--a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-04-04 22:31:54 . 2012-04-04 22:31:54 -------- dc----w- C:\Program Files\ESET
2012-04-02 14:07:42 . 2012-04-02 14:07:59 -------- dc----w- C:\Program Files\Defraggler
2012-04-01 19:28:21 . 2012-04-01 19:28:21 -------- dc----w- C:\Users\xxx\AppData\Roaming\Malwarebytes
2012-04-01 19:27:52 . 2012-04-01 19:27:52 -------- dc----w- C:\ProgramData\Malwarebytes
2012-04-01 19:27:51 . 2012-04-01 19:27:56 -------- dc----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-01 19:27:51 . 2011-12-10 13:24:06 20464 -c--a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-01 09:58:46 . 2012-04-01 09:58:46 -------- dc----w- C:\Users\xxx\AppData\Local\PDF24
2012-04-01 09:58:03 . 2012-04-01 09:58:22 -------- dc----w- C:\Program Files\PDF24
2012-03-30 19:23:14 . 2012-04-08 17:15:37 -------- dc----w- C:\Users\xxx\AppData\Roaming\vlc
2012-03-27 15:17:25 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2E75756-952B-4BAC-98D2-ADAED3D4EA29}\mpengine.dll
2012-03-26 09:16:44 . 2012-03-26 09:16:44 -------- dc----w- C:\Users\xxx\AppData\Local\Google
2012-03-26 09:16:44 . 2012-03-26 09:16:44 -------- dc----w- C:\Program Files\Google
2012-03-20 13:51:54 . 2012-03-20 13:51:54 592824 -c--a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-20 13:51:54 . 2012-03-20 13:51:54 44472 -c--a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-14 10:51:16 . 2012-01-09 15:54:08 613376 -c--a-w- C:\Windows\system32\rdpencom.dll
2012-03-14 10:51:15 . 2012-02-02 15:16:25 2044416 -c--a-w- C:\Windows\system32\win32k.sys
2012-03-14 10:51:15 . 2012-01-09 13:58:29 180736 -c--a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 10:51:04 . 2012-02-13 13:44:40 1068544 -c--a-w- C:\Windows\system32\DWrite.dll
2012-03-14 10:51:03 . 2012-02-14 15:45:30 219648 -c--a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 10:51:03 . 2012-02-14 15:45:30 160768 -c--a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 10:51:03 . 2012-02-13 14:12:08 1172480 -c--a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 10:51:03 . 2012-02-13 13:47:57 683008 -c--a-w- C:\Windows\system32\d2d1.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-04-05 08:22:42 . 2011-09-27 06:54:48 70304 -c--a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15:19 . 2011-07-30 09:01:27 41184 -c--a-w- C:\Windows\avastSS.scr
2012-03-07 00:15:14 . 2011-07-30 09:01:21 201352 -c--a-w- C:\Windows\system32\aswBoot.exe
2012-03-07 00:03:51 . 2011-07-30 09:03:32 612184 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-03-07 00:03:38 . 2011-07-30 09:03:44 337880 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-03-07 00:02:00 . 2011-07-30 09:03:33 35672 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-03-07 00:01:53 . 2011-07-30 09:03:33 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-03-07 00:01:48 . 2011-07-30 09:03:31 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01:30 . 2011-07-30 09:03:45 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18:36 . 2011-08-01 01:21:22 237072 -c----w- C:\Windows\system32\MpSigStub.exe
2012-03-20 13:51:54 . 2011-04-09 07:16:51 97208 -c--a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2009-03-31 14:18:34 217088]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-03-31 16:55:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-03-31 16:55:22 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-03-31 16:55:34 150552]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-12-21 18:34:46 3810304]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 22:41:12 178712]
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 18:49:08 405639]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2009-03-31 15:00:24 483428]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-07 00:15:17 4241512]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 12:53:18 460872]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-05 18:40:21 10536 -c--a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=C:\Windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07:56 843712 -c--a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51:18 37296 -c--a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40:30 687560 -c--a-w- C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 12:46:38 206064 ----a-w- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-03-14 07:02:08 155648 -c--a-w- C:\Program Files\PDF24\pdf24.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2009-01-09 17:06:32 1735760 -c--a-w- C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28:03 1233920 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55:08 17148552 -c--a-r- C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 05:59:52 254696 -c--a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25:33 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell DataSafe Online"="C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"MPlayerForWindows_UpdateReminder"="C:\Program Files\MPlayer für Windows\AutoUpdate.exe" /L=1031 /TASK
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:22:42 253600]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 15:00:04 81920]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - 25723643
*Deregistered* - 25723643
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Inhalt des "geplante Tasks" Ordners
2012-04-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:22:42 . 2012-04-05 08:22:42]
2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26 09:16:55 . 2012-03-26 09:16:43]
2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26 09:16:55 . 2012-03-26 09:16:43]
2012-04-08 C:\Windows\Tasks\User_Feed_Synchronization-{E5908986-8A3F-4220-B0C8-45998620A305}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-21 02:24:52 . 2008-01-21 02:24:52]
danke
+lg
08.04.2012, 19:47
Baum-Darstellung