Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.07.2013, 02:11   #1
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Hi an alle, sorry, wenn ich einfach zur Sache komme, statt mich erstmal vorzustellen.

Beim Aufräumen der Festplatte meines "kleinen" Rechners (asus 1005 PX, Win7 starter) fand ich vor ca 4 Tagen ein paar txt-Dateien, die dem Anschein nach logs eines Einbruchs in den Rechner darstellen. Daraufhin habe ich eine ganze Reihe verschiedener Scans durchgeführt (Defender, Agnitum, Avira, HijackThis, Malwarebytes, Rootkit Revealer, Rootkit Buster, RU Botted, OTL, gmer, ein Tool von Microsoft, und ein paar mehr// alles auch nochmal im abgesicherten Modus), die mir alle nichts unbekanntes anzeigten. Naja, ein paar Kleinigkeiten hat man auch immer mal in Quarantäne und irgendwo liegt auch noch ein Dummy, um die eigenen Scanner zu testen. Da die logs schon etwas älter sind mache ich mir wenig Sorgen, daß sich besonders schnell irgendwas ändert, zumal sich im text genannte Dateien/Folder teils nicht finden lassen, teils wohl zum System gehören.

Die Dateien heißen:
dd_vcredistMSI4C60.txt
dd_vcredistMSI47C1.txt
dd_vcredistUI4C60.txt
dd_vcredistUI47C1.txt

ich habe noch keine Ahnung, wie man hier uploadet, und gerade die beiden erstgenannten sind etwas größer (373/374 KB) und ich kann sie nicht einfach als quote posten.

Geändert von lydia_eule (17.07.2013 um 02:12 Uhr) Grund: Begrüßung hinzugefügt

Alt 17.07.2013, 02:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Hallo und

Zitat:
die dem Anschein nach logs eines Einbruchs in den Rechner darstellen.
Wie bitte kommst du auf sowas?
Man wachst doch nicht einfach so auf und durchsucht den Rechner nach TXT-Dateien
Selbst wenn, welcher schlaue Einbrecher würde solch offentsichtliche Spuren hinterlassen?

Zitat:
Die Dateien heißen:
dd_vcredistMSI4C60.txt
dd_vcredistMSI47C1.txt
dd_vcredistUI4C60.txt
dd_vcredistUI47C1.txt
Google mal nach vcredist, vllt geht dann ein Licht auf
__________________

__________________

Alt 17.07.2013, 02:40   #3
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Öhm, sorry, aber ich wache schonmal auf und denke mir, na gucken wir mal, ob sich die temporären Dateien mal wieder bis an die Decke stapeln, gucken wir mal in ein paar rein und misten gründlich aus.
Das mag ja seltsam sein, aber ich selbst bin auch seltsam, warum also nicht auch einige meiner habits

Was mich an den logs halt etwas stutzig machte sind reihenweise Manipulationen der Policies.

Grüße,

die eule
__________________

Alt 17.07.2013, 02:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Zitat:
ob sich die temporären Dateien mal wieder bis an die Decke stapeln, gucken wir mal in ein paar rein und misten gründlich aus.
Nicht dein Ernst?
Du gehst dann JEDE temp Datei durch um auf Einbruchspuren zu prüfen oder wie?
Gehst du jedem Fitzel Müll in deiner Mülltonne auch erst nochmal durch bevor die Tonne von der Abfuhr abgeholt wird?


Zitat:
Was mich an den logs halt etwas stutzig machte sind reihenweise Manipulationen der Policies.
Was bitte für Policies, geht das auch konkreter?
Wo sind die Logs der bisher ausgeführten Tools, Funde waren ja dabei!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.07.2013, 03:36   #5
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



also erstmal vielen Dank für die prompte Bearbeitung.

Ich schnuffel einfach ab und zu mal ganz gerne in log-Dateien rum, um zu sehen, was der Compi so macht, wenn ich nicht hinschaue . Ein eigentlich harmloses Hobby, finde ich.

zu den "policies" hier ein Ausschnitt:
Zitat:
=== Verbose logging started: 26.11.2012 16:04:36 Build type: SHIP UNICODE 5.00.7601.00 Calling process: c:\987625cefd685ed45c\install.exe ===
MSI (c) (DC:00) [16:04:39:113]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (DC:00) [16:04:39:113]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (DC:58) [16:04:39:236]: Resetting cached policy values
MSI (c) (DC:58) [16:04:39:236]: Machine policy value 'Debug' is 0
MSI (c) (DC:58) [16:04:39:236]: ******* RunEngine:
******* Product: c:\987625cefd685ed45c\vc_red.msi
******* Action:
******* CommandLine: **********
MSI (c) (DC:58) [16:04:39:239]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (DC:58) [16:04:39:239]: Grabbed execution mutex.
MSI (c) (DC:58) [16:04:42:849]: Cloaking enabled.
MSI (c) (DC:58) [16:04:42:849]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (DC:58) [16:04:42:884]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:FC) [16:04:42:952]: Running installation inside multi-package transaction c:\987625cefd685ed45c\vc_red.msi
MSI (s) (DC:FC) [16:04:42:952]: Grabbed execution mutex.
MSI (s) (DC:C8) [16:04:42:964]: Resetting cached policy values
MSI (s) (DC:C8) [16:04:42:964]: Machine policy value 'Debug' is 0
MSI (s) (DC:C8) [16:04:42:964]: ******* RunEngine:
******* Product: c:\987625cefd685ed45c\vc_red.msi
******* Action:
******* CommandLine: **********
MSI (s) (DC:C8) [16:04:42:969]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (DC:C8) [16:04:43:031]: Machine policy value 'LimitSystemRestoreCheckpointing' is 0
MSI (s) (DC:C8) [16:04:43:032]: SRSetRestorePoint skipped for this transaction.
MSI (s) (DC:C8) [16:04:43:037]: End dialog not enabled
MSI (s) (DC:C8) [16:04:43:037]: Original package ==> c:\987625cefd685ed45c\vc_red.msi
MSI (s) (DC:C8) [16:04:43:037]: Package we're running from ==> C:\windows\Installer\108b0550.msi
MSI (s) (DC:C8) [16:04:43:042]: APPCOMPAT: Uninstall Flags override found.
MSI (s) (DC:C8) [16:04:43:042]: APPCOMPAT: Uninstall VersionNT override found.
MSI (s) (DC:C8) [16:04:43:042]: APPCOMPAT: Uninstall ServicePackLevel override found.
MSI (s) (DC:C8) [16:04:43:044]: APPCOMPAT: looking for appcompat database entry with ProductCode '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'.
MSI (s) (DC:C8) [16:04:43:044]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (DC:C8) [16:04:43:070]: MSCOREE not loaded loading copy from system32
MSI (s) (DC:C8) [16:04:43:109]: Machine policy value 'DisablePatch' is 0
MSI (s) (DC:C8) [16:04:43:110]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (DC:C8) [16:04:43:110]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (DC:C8) [16:04:43:110]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (DC:C8) [16:04:43:116]: APPCOMPAT: looking for appcompat database entry with ProductCode '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'.
MSI (s) (DC:C8) [16:04:43:116]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (DC:C8) [16:04:43:116]: Transforms are not secure.
MSI (s) (DC:C8) [16:04:43:117]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\asl\AppData\Local\Temp\dd_vcredistMSI4C60.txt'.
MSI (s) (DC:C8) [16:04:43:117]: Command Line: USING_EXUIH_SILENT=1 REBOOT=ReallySuppress FILESINUSETEXT= LOCPRODUCTNAME=Microsoft Visual C++ 2008 Redistributable REINSTALL=ALL REINSTALLMODE=emusc LOCPRODUCTNAME=Microsoft Visual C++ 2008 Redistributable CURRENTDIRECTORY=c:\987625cefd685ed45c CLIENTUILEVEL=2 MSICLIENTUSESEXTERNALUI=1 CLIENTPROCESSID=2524
MSI (s) (DC:C8) [16:04:43:117]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{00073E4B-0EA7-48DB-9C41-FDA7E9BB4839}'.
MSI (s) (DC:C8) [16:04:43:117]: Product Code passed to Engine.Initialize: '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'
MSI (s) (DC:C8) [16:04:43:117]: Product Code from property table before transforms: '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'
MSI (s) (DC:C8) [16:04:43:117]: Product Code from property table after transforms: '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'
MSI (s) (DC:C8) [16:04:43:117]: Product registered: entering maintenance mode
MSI (s) (DC:C8) [16:04:43:117]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI (s) (DC:C8) [16:04:43:118]: PROPERTY CHANGE: Modifying ALLUSERS property. Its current value is '2'. Its new value: '1'.
MSI (s) (DC:C8) [16:04:43:118]: Product {9BE518E6-ECC6-35A9-88E4-87755C07200F} is admin assigned: LocalSystem owns the publish key.
MSI (s) (DC:C8) [16:04:43:118]: Product {9BE518E6-ECC6-35A9-88E4-87755C07200F} is managed.

naja, hier erstmal das OTL-log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/16/2013 4:12:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\asl\Downloads\ipcop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.32% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 14.63 Gb Free Space | 14.63% Space Free | Partition Type: NTFS
Drive F: | 29.71 Gb Total Space | 5.99 Gb Free Space | 20.18% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 318.24 Gb Free Space | 34.16% Space Free | Partition Type: NTFS
 
Computer Name: NODE0009 | User Name: asl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/16 04:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asl\Downloads\ipcop\OTL.exe
PRC - [2013/07/16 01:59:42 | 085,270,800 | ---- | M] (Microsoft Corporation) -- C:\Users\asl\AppData\Local\Opera\Opera\temporary_downloads\msert.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/15 22:32:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/21 19:43:19 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/24 16:52:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/24 16:49:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 01:36:03 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/09 06:24:21 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 00:12:35 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 00:12:32 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 00:12:28 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 00:09:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 00:07:04 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 00:06:35 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 00:05:32 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/23 00:32:49 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/11/13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/24 22:26:24 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.21078__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010/09/02 13:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll
MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/02 04:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.PropSheetExtensionHelper.dll
MOD - [2009/03/02 04:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\LogicNP.PropSheetExtensionHelper.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo)
SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe -- (MVRBXYMUKTY)
SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\FTAAG.exe -- (FTAAG)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\AVANQU~1\Fix-It\MxTask.exe -- (Fix-It Task Manager)
SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\BV.exe -- (BV)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2013/07/12 20:30:46 | 000,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\asl\AppData\Local\Temp\VHDWQBLKZ.exe -- (VHDWQBLKZ)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 04:13:01 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/23 23:54:31 | 000,379,776 | ---- | M] (Sysinternals - www.sysinternals.com) [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\QKHKZJ.exe -- (QKHKZJ)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/02/07 15:23:00 | 002,072,592 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe -- (acssrv)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/05/24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [On_Demand | Stopped] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tunnel.sys -- (tunnel)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS -- (PORTMON)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Ca1528av.sys -- (Ca1528av)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Bulk1528.sys -- (Bulk1528)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/01/13 13:48:32 | 000,017,944 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\AQFileRestore.sys -- (AQFileRestore)
DRV - [2011/12/03 14:46:29 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV - [2011/10/05 10:54:44 | 000,564,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/02/02 17:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2011/02/02 16:52:40 | 000,710,824 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/02/02 16:51:36 | 000,036,288 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/02/02 16:51:26 | 000,072,352 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2010/12/07 04:12:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/11/21 19:43:19 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/27 16:37:40 | 000,328,296 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/07/01 12:10:00 | 000,188,392 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2010/07/01 12:10:00 | 000,032,872 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/20 16:01:46 | 000,034,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2010/04/13 04:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/01/15 22:20:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/08/05 11:25:52 | 000,016,024 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\inidvd.sys -- (INIDVD)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/10/27 15:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/08 11:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/07/27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/07/27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007/04/13 20:24:04 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/09/27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2004/07/26 15:36:08 | 000,316,192 | R--- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/11/26 17:15:20 | 000,000,000 | ---D | M]
 
 
[2013/07/02 21:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asl\AppData\Roaming\mozilla\Extensions
[2013/03/21 16:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asl\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223D3DB-A5CA-48EF-A348-62068B6261CC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F66DFF8B-0C17-4FAD-ABEE-695A8CAEA52E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea27e782-35f0-11e1-b61f-20cf303d6b5d}\Shell - "" = AutoRun
O33 - MountPoints2\{ea27e782-35f0-11e1-b61f-20cf303d6b5d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f4ab93d9-04d6-11e0-b056-20cf303d6b5d}\Shell - "" = AutoRun
O33 - MountPoints2\{f4ab93d9-04d6-11e0-b056-20cf303d6b5d}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/14 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Malwarebytes
[2013/07/14 21:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/14 21:10:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/07/12 17:48:17 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/07/11 14:33:21 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/07/06 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Avanquest
[2013/07/05 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2013/07/05 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\asl\Documents\Freemake
[2013/06/24 17:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monjas Breakout
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/16 00:26:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 00:26:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 23:23:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/15 23:23:00 | 1602,867,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/15 23:14:49 | 000,065,992 | ---- | M] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf
[2013/07/15 01:05:22 | 000,684,248 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/07/15 01:05:22 | 000,625,430 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/15 01:05:22 | 000,139,718 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/07/15 01:05:22 | 000,115,168 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/14 19:33:59 | 000,000,919 | ---- | M] () -- C:\Users\asl\Desktop\MySyncFolder.lnk
[2013/07/14 15:11:12 | 208,541,524 | ---- | M] () -- C:\Users\asl\regbckup.2013.07.14.reg
[2013/07/06 03:01:51 | 207,852,946 | ---- | M] () -- C:\Users\asl\reg-bckup.05.07.2013.reg
[2013/06/27 03:41:35 | 000,015,872 | ---- | M] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 17:05:27 | 330,030,432 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/06/26 15:29:52 | 000,000,216 | ---- | M] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/15 23:14:49 | 000,065,992 | ---- | C] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf
[2013/07/14 15:08:12 | 208,541,524 | ---- | C] () -- C:\Users\asl\regbckup.2013.07.14.reg
[2013/07/06 03:00:41 | 207,852,946 | ---- | C] () -- C:\Users\asl\reg-bckup.05.07.2013.reg
[2013/07/05 23:44:33 | 000,001,984 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.inf
[2013/07/05 23:44:26 | 000,017,944 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.sys
[2013/06/26 17:05:27 | 330,030,432 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/06/26 15:29:56 | 000,000,216 | ---- | C] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml
[2013/02/17 18:43:33 | 000,000,756 | ---- | C] () -- C:\Users\asl\.recently-used.xbel
[2013/01/31 17:09:00 | 000,014,115 | ---- | C] () -- C:\windows\twspmm.ini
[2012/12/12 04:53:17 | 000,001,776 | ---- | C] () -- C:\windows\Sandboxie.ini
[2012/01/03 03:40:12 | 000,000,867 | ---- | C] () -- C:\Users\asl\RPSTD2010.lic
[2012/01/03 03:39:59 | 000,000,019 | ---- | C] () -- C:\Users\asl\rp.ini
[2011/12/10 21:26:45 | 000,000,926 | ---- | C] () -- C:\windows\ARPR.INI
[2011/11/15 20:26:07 | 000,084,616 | ---- | C] () -- C:\windows\StkUnist.exe
[2011/10/26 06:04:54 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2011/09/23 02:44:26 | 000,000,649 | ---- | C] () -- C:\Users\asl\asl - Verknüpfung.lnk
[2011/09/10 08:31:31 | 000,044,398 | ---- | C] () -- C:\Users\asl\Nokia 6700 classic (1).pdf
[2011/09/09 02:03:05 | 000,310,550 | ---- | C] () -- C:\Users\asl\metalldetector.jpg
[2011/03/24 03:20:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/21 22:20:07 | 001,835,008 | ---- | C] () -- C:\Users\asl\truecryptrescue.iso
[2010/10/23 14:37:50 | 000,015,872 | ---- | C] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 20:36:39 | 000,007,610 | ---- | C] () -- C:\Users\asl\AppData\Local\Resmon.ResmonCfg
[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/02/14 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Advanced Chemistry Development
[2011/02/16 23:57:26 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Agnitum
[2011/01/08 06:45:09 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\AnvSoft
[2010/11/13 12:52:07 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Asus
[2013/07/14 19:33:58 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ASUS WebStorage
[2013/05/08 02:43:03 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Audacity
[2013/07/06 01:28:18 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Avanquest
[2011/09/28 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\calibre
[2011/02/25 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Canon
[2012/09/10 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\CasaPortale.de
[2011/10/15 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\CCS64
[2010/10/30 09:44:10 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Clonk
[2011/01/08 06:38:01 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Cuttermaran
[2010/12/07 06:12:32 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\DAEMON Tools Lite
[2011/01/15 12:41:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Echo Software
[2010/12/21 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\freac
[2011/09/20 09:09:46 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\GetRightToGo
[2012/11/30 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\GoBoingo
[2011/11/16 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\gtk-2.0
[2011/10/23 09:44:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ibf
[2010/12/12 13:29:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ImgBurn
[2011/11/30 04:59:07 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\IrfanView
[2013/07/08 14:29:09 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\JonDo
[2010/11/08 14:24:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Leadertech
[2011/09/13 04:58:00 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Nokia
[2011/03/05 22:28:34 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\OpenOffice.org
[2012/02/05 02:50:57 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Opera
[2011/09/13 04:57:59 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\PC Suite
[2011/09/18 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\PeaZip
[2013/07/05 18:45:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Philipp Winterberg
[2010/12/06 01:11:42 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ProtectDisc
[2012/01/26 22:19:47 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ScreeNet iSaver
[2012/02/21 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ScummVM
[2013/03/20 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\SoftGrid Client
[2011/02/12 08:16:21 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\temp
[2013/06/26 15:30:03 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\TrueCrypt
[2011/11/15 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Ulead Systems
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >
         
--- --- ---

hmm, ist etwas lang geworden, sorry.


Alt 17.07.2013, 03:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Was ist denn mit anderen Logs wie zB Malwarebytes und anderen Scannern, gab es da keine Funde oder doch?
__________________
--> found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?

Alt 17.07.2013, 04:21   #7
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



So, also Nachtrag zu OTL. Die "extras.txt" hatte ich nicht gleich zugeordnet.
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/16/2013 4:12:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\asl\Downloads\ipcop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.32% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 14.63 Gb Free Space | 14.63% Space Free | Partition Type: NTFS
Drive F: | 29.71 Gb Total Space | 5.99 Gb Free Space | 20.18% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 318.24 Gb Free Space | 34.16% Space Free | Partition Type: NTFS
 
Computer Name: NODE0009 | User Name: asl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A33356-0587-4D74-BB22-21E576014920}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2BEF8CB8-8CA4-43B1-9668-7C72158545D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3C5CA9D8-57EA-415E-AEF3-C949BF5B3572}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4931F79B-55AA-401C-99A4-0412BD6ABD68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5202E24D-848F-43F0-8534-912DD3048FC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{677A1AEC-6325-4CC8-B75B-6F510402B953}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C05E1E0C-1460-433A-AFE5-DC3F66D192FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C1FC242C-FD0B-4D86-A4DD-86DEA92B063B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DA620C21-2E83-4CD7-A21C-21E6E1701AC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E2C28083-BEC5-4255-811A-7718186C8963}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEB03C-4171-4F5F-9C96-552482B12166}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{3B3BE582-6596-4219-B587-0C0B7F6FAC53}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{5F253DE5-76CE-4684-AD2B-F28F1C14812F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{73F45AA2-31FE-4EAE-9056-594B82D51BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A7F3DF2D-1052-42DD-81FA-FEBEEA286D92}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{C228351A-4DEE-4469-A243-1EB415E744F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D711E0A2-4CCB-4AFE-AD14-B79BF3E7FA3D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E085D794-D6CC-447A-BF71-48641FDE671C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{E2A938A9-D73C-45F1-8F8F-A914F4AA8B0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{66E77097-82E9-4227-B119-904CEA528BD2}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{57855919-A915-4646-BCCD-8653190AC344}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CB5027-1915-4830-909C-C6E69AA6ECFE}" = Monjas Breakout
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1B66191A-B8CD-4F53-AB9B-0B4AAE2235BA}" = calibre
"{1BAE5C85-A6D3-430C-842B-EAA27AC0C2E8}" = ArcSoft TotalMedia 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021F0}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BD90AED-0FF2-4A69-B84D-DC0679991FB7}" = Evince 2.30.3
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.8
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVR Studio 4
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Conceptronic CTVDIGUSB2 Device Utilities
"{DF1B8AA2-3231-498F-8136-2171D1FD1A65}" = ArcSoft WebCam Companion 2
"{E5026CE8-B6E0-46CB-A63C-040B920C8611}" = inSSIDer 2.0
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agnitum Outpost Security Suite Free_is1" = Outpost Security Suite 7.1
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Bridge Builder" = Bridge Builder
"Bug Brain" = Bug Brain
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"ChemToolBox_is1" = ChemToolBox version 1.1.0
"Clonk Endeavour" = Clonk Endeavour 4.95.5
"Eee Docking_is1" = Eee Docking 3.7.0
"ELECTRA_is1" = ELECTRA 2.8
"EncVorbis" = EncVorbis 1.1
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Frhed" = Frhed 1.7.1
"GIF Animator" = Microsoft GIF Animator
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LG USB Booster_is1" = Booster 1.05A02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mp3parse" = MP3 Parser DirectShow Filter (remove only)
"Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0
"NetPbm-10.27_is1" = GnuWin32: NetPbm version 10.27
"Nmap" = Nmap 5.20
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
"Oolite" = Oolite 1.76.0.4679
"Opera 12.15.1748" = Opera 12.15
"PosteRazor_is1" = PosteRazor
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ReOrganize_is1" = ReOrganize!
"SMPlayer" = SMPlayer 0.6.8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Target 3001! V15 discover" = Target 3001! V15 discover
"TrueCrypt" = TrueCrypt
"TVRTLDrv" = DVB-T USB BDA Driver
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/15/2013 4:45:51 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xd70  Startzeit der fehlerhaften Anwendung: 0x01ce819c4a583723  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 888aa3f6-ed8f-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 4:46:00 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xef0  Startzeit der fehlerhaften Anwendung: 0x01ce819c4fd344b0  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 8e077252-ed8f-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 4:46:09 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xa9c  Startzeit der fehlerhaften Anwendung: 0x01ce819c55469cf2  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 937f4b24-ed8f-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 4:56:30 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01ce819dc322ef19  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 055396a6-ed91-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 5:25:32 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0x5e8  Startzeit der fehlerhaften Anwendung: 0x01ce81a1a00b558c  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 14016be5-ed95-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 5:26:57 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce81a1e90a7576  Pfad der
 fehlerhaften Anwendung: C:\windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 4684177f-ed95-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 5:27:05 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xb7c  Startzeit der fehlerhaften Anwendung: 0x01ce81a20a78f9a6  Pfad der
 fehlerhaften Anwendung: C:\windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 4b0899cd-ed95-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 5:34:50 PM | Computer Name = node0009 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Job does not exist
 
Error - 7/15/2013 5:41:45 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xd28  Startzeit der fehlerhaften Anwendung: 0x01ce81a2306ef718  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 57ff56bb-ed97-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 6:06:55 PM | Computer Name = node0009 | Source = System Restore | ID = 8193
Description = 
 
Error - 7/15/2013 6:22:14 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xb1c  Startzeit der fehlerhaften Anwendung: 0x01ce81a9bd9bf3fb  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: ffac1ae1-ed9c-11e2-b8d8-20cf303d6b5d
 
[ System Events ]
Error - 7/15/2013 6:53:52 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnoserichtliniendienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1079
 
Error - 7/15/2013 6:55:56 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Fix-It Task Manager" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 7/15/2013 6:56:09 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Fix-It Utilities Prozess-Monitor" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/15/2013 9:00:14 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 7/15/2013 9:00:14 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 7/15/2013 9:01:38 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 7/15/2013 9:01:38 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
 
< End of report >
         
--- --- ---


Die Datei von Malwarebytes finde ich sicher gleich, einen Moment.

hier also die log von Malwarebytes:
Zitat:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
asl :: NODE0009 [Administrator]

Schutz: Aktiviert

14.07.2013 21:19:28
mbam-log-2013-07-14 (21-19-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244462
Laufzeit: 31 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
sorry, daß das etwas gedauert hat.

Avira moniert nur, daß es die hosts-datei nicht öffnen kann, das aber auch schon seit Jahren.

und hier noch den rootkit-Buster:
Zitat:
+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1129
| Computer Name: NODE0009
| OS version: 6.1-7601
| User Name: asl
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1c4bd6048c8d
SubKey : 1c4bd6048c8d
FullLength: 89
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : s1
Data : 771343423
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : s2
Data : 285507792
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : g0
Data : 38 23 E8 D0 BF F2 2D 6F ...
ValueType : 3
AccessType: 0
FullLength: 61
DataSize : 32
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : h0
Data : 1
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
SubKey : 14919EA49A8F3B4AA3CF1058D9A64CEC
FullLength: 94
6 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAllocateVirtualMemory
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82236cbc
CurrentHandler : 0x8ca836e0
ServiceNumber : 0x13
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcConnectPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8228256e
CurrentHandler : 0x8ca83b60
ServiceNumber : 0x16
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcSendWaitReceivePort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8225f211
CurrentHandler : 0x8ca83df0
ServiceNumber : 0x27
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAssignProcessToJobObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8220c0be
CurrentHandler : 0x8ca83610
ServiceNumber : 0x2b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwClose
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822515c8
CurrentHandler : 0x8ca817e0
ServiceNumber : 0x32
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwConnectPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82285070
CurrentHandler : 0x8ca83980
ServiceNumber : 0x3b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8225c470
CurrentHandler : 0x8ca811b0
ServiceNumber : 0x42
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8220dffb
CurrentHandler : 0x8ca81b90
ServiceNumber : 0x46
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822e91d9
CurrentHandler : 0x8ca82ab0
ServiceNumber : 0x4f
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateProcessEx
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822e9224
CurrentHandler : 0x8ca82ba0
ServiceNumber : 0x50
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSection
Image Path :
OriginalHandler : 0x8223013d
CurrentHandler : 0x8cc68a06
ServiceNumber : 0x54
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8220e9c6
CurrentHandler : 0x8ca81ab0
ServiceNumber : 0x56
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822e8fe2
CurrentHandler : 0x8ca828f0
ServiceNumber : 0x57
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThreadEx
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8227d49b
CurrentHandler : 0x8ca829d0
ServiceNumber : 0x58
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateUserProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8227b3cd
CurrentHandler : 0x8ca82ca0
ServiceNumber : 0x5d
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDebugActiveProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822baeaa
CurrentHandler : 0x8ca83fb0
ServiceNumber : 0x60
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x821f8a4a
CurrentHandler : 0x8ca81d50
ServiceNumber : 0x67
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x821ea453
CurrentHandler : 0x8ca82680
ServiceNumber : 0x6a
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82273dd0
CurrentHandler : 0x8ca81e10
ServiceNumber : 0x74
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82276236
CurrentHandler : 0x8ca81ef0
ServiceNumber : 0x77
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFsControlFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82262a39
CurrentHandler : 0x8ca810c0
ServiceNumber : 0x86
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x821d2c32
CurrentHandler : 0x8ca86000
ServiceNumber : 0x9b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMakeTemporaryObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82218a22
CurrentHandler : 0x8ca819f0
ServiceNumber : 0xa4
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8223ed81
CurrentHandler : 0x8ca81640
ServiceNumber : 0xb3
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822588d2
CurrentHandler : 0x8ca81c80
ServiceNumber : 0xb6
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8221eb93
CurrentHandler : 0x8ca82e90
ServiceNumber : 0xbe
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822769eb
CurrentHandler : 0x8ca80eb0
ServiceNumber : 0xc2
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8226b0ee
CurrentHandler : 0x8ca82d90
ServiceNumber : 0xc6
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwProtectVirtualMemory
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8224f651
CurrentHandler : 0x8ca838a0
ServiceNumber : 0xd7
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82258f3e
CurrentHandler : 0x8ca81fd0
ServiceNumber : 0xf4
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82257695
CurrentHandler : 0x8ca820b0
ServiceNumber : 0x10a
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueueApcThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82208e42
CurrentHandler : 0x8ca83540
ServiceNumber : 0x10d
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRenameKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a90bb
CurrentHandler : 0x8ca825b0
ServiceNumber : 0x122
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwReplaceKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a8c08
CurrentHandler : 0x8ca82270
ServiceNumber : 0x124
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRequestPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8228d79b
CurrentHandler : 0x8ca83c50
ServiceNumber : 0x12a
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRequestWaitReplyPort
Image Path :
OriginalHandler : 0x8224ab22
CurrentHandler : 0x8cc68a10
ServiceNumber : 0x12b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRestoreKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8229ec72
CurrentHandler : 0x8ca824e0
ServiceNumber : 0x12e
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSaveKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a04e4
CurrentHandler : 0x8ca82340
ServiceNumber : 0x135
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSaveKeyEx
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8229fc8a
CurrentHandler : 0x8ca82410
ServiceNumber : 0x136
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSecureConnectPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8226b123
CurrentHandler : 0x8ca83a70
ServiceNumber : 0x138
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetContextThread
Image Path :
OriginalHandler : 0x822ea851
CurrentHandler : 0x8cc68a0b
ServiceNumber : 0x13c
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationDebugObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822bb72d
CurrentHandler : 0x8ca84080
ServiceNumber : 0x147
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSecurityObject
Image Path :
OriginalHandler : 0x8220e7f7
CurrentHandler : 0x8cc68a15
ServiceNumber : 0x15b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8225b37a
CurrentHandler : 0x8ca82760
ServiceNumber : 0x15e
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822175f8
CurrentHandler : 0x8ca82190
ServiceNumber : 0x166
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822eacdf
CurrentHandler : 0x8ca832a0
ServiceNumber : 0x16e
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a219b
CurrentHandler : 0x8ca83360
ServiceNumber : 0x16f
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path :
OriginalHandler : 0x822927d2
CurrentHandler : 0x8cc68a1a
ServiceNumber : 0x170
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path :
OriginalHandler : 0x82267d86
CurrentHandler : 0x8cc689a7
ServiceNumber : 0x172
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8228569b
CurrentHandler : 0x8ca83150
ServiceNumber : 0x173
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwUnloadDriver
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822c6577
CurrentHandler : 0x8ca82830
ServiceNumber : 0x17b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8227c2a2
CurrentHandler : 0x8ca80fb0
ServiceNumber : 0x18c
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8226ca83
CurrentHandler : 0x8ca837c0
ServiceNumber : 0x18f
ModuleName : SandBox.sys
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
[KERNEL_CODE][DEVICE_OBJECT]:
Driver Name : iaStor
DeviceObject at : 09A408E0
[KERNEL_CODE][DEVICE_OBJECT]:
Driver Name : au6yrt75
DeviceObject at : 09A40930
2 Kernel code patching found.

--== Dump Hidden Services ==--
No hidden services found.
so, mehr finde ich jetzt nicht, aber das dürfte wohl ein kleiner Rundumschlag gewesen sein.

Alt 17.07.2013, 14:04   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Bislang alles unauffällig und Virenfunde gab es bisher auch nicht.
Ein Log noch:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.07.2013, 15:54   #9
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



hier mal FRST.txt
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by asl (administrator) on 17-07-2013 16:08:01
Running from C:\Users\asl\Downloads\ipcop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Windows\System32\AsusService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

MountPoints2: {ea27e782-35f0-11e1-b61f-20cf303d6b5d} - G:\LaunchU3.exe -a
MountPoints2: {f4ab93d9-04d6-11e0-b056-20cf303d6b5d} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\AP\Reboot.exe 60 [x]
\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [751592 2010-01-29] ()
HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-03-30] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-06-24] (ASUSTek Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [OutpostFeedBack] - C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe [517056 2011-02-07] (Agnitum Ltd.)
HKLM\...\Run: [OutpostMonitor] - C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [3107736 2011-02-07] (Agnitum Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] -  [x]
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1496528 2010-11-21] (TrueCrypt Foundation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 acssrv; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2072592 2011-02-07] (Agnitum Ltd.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 QKHKZJ; C:\Users\asl\AppData\Local\Temp\QKHKZJ.exe [379776 2012-05-23] (Sysinternals - www.sysinternals.com)
S3 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
S3 VHDWQBLKZ; C:\Users\asl\AppData\Local\Temp\VHDWQBLKZ.exe [592768 2013-07-12] (Sysinternals - www.sysinternals.com)
S3 .AVQWindowsMonitorService; C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe [x]
S4 AQFileRestoreSrv; "C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe" [x]
S4 BV; C:\Users\asl\AppData\Local\Temp\BV.exe [x]
S3 Fix-It Task Manager; C:\PROGRA~1\AVANQU~1\Fix-It\MxTask.exe -Service [x]
S4 FTAAG; C:\Users\asl\AppData\Local\Temp\FTAAG.exe [x]
S4 MVRBXYMUKTY; C:\Users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe [x]
S4 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 acedrv10; C:\windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
S2 acehlp10; C:\windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 afw; C:\Windows\System32\DRIVERS\afw.sys [34920 2010-04-20] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [328296 2010-09-27] (Agnitum Ltd.)
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [17944 2012-01-13] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-06-21] ()
S3 ASWFilt; C:\windows\system32\Filt\ASWFilt.dll [72352 2011-02-02] (Agnitum Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
S3 INIDVD; C:\Windows\System32\DRIVERS\inidvd.sys [16024 2009-08-05] (Initio Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2010-04-13] ( )
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2010-01-15] (CACE Technologies, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
R1 SandBox; C:\windows\system32\drivers\SandBox.sys [710824 2011-02-02] (Agnitum Ltd.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-13] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-07] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
S3 TrufosAlt; C:\Windows\System32\DRIVERS\TrufosAlt.sys [309320 2011-12-03] (BitDefender S.R.L.)
S3 VBEngNT; C:\windows\system32\drivers\VBEngNT.sys [242040 2011-02-02] (VirusBuster Kft.)
S3 VBFilt; C:\windows\system32\Filt\VBFilt.dll [36288 2011-02-02] (Agnitum Ltd.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [316192 2004-07-26] (Jungo)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 Bulk1528; System32\Drivers\Bulk1528.sys [x]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [x]
S3 PORTMON; \??\C:\Users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS [x]
S3 tunnel; system32\DRIVERS\tunnel.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-17 16:06 - 2013-07-17 16:06 - 00000000 ____D C:\FRST
2013-07-16 01:11 - 2013-07-16 01:11 - 05030933 _____ C:\Users\asl\Downloads\RSW-Portable.zip
2013-07-15 01:05 - 2013-07-15 01:05 - 00005346 _____ C:\windows\system32\PerfStringBackup.TMP
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Users\asl\AppData\Roaming\Malwarebytes
2013-07-14 21:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-14 15:08 - 2013-07-14 15:11 - 208541524 _____ C:\Users\asl\regbckup.2013.07.14.reg
2013-07-11 23:13 - 2013-07-11 23:13 - 00000000 ____D C:\Users\asl\Downloads\backups
2013-07-11 22:03 - 2013-07-11 22:03 - 00007219 _____ C:\Users\asl\Desktop\hijackthis.2013.07.11.log
2013-07-11 14:33 - 2013-07-11 14:43 - 00000000 ____D C:\windows\system32\MRT
2013-07-09 01:12 - 2013-07-09 01:12 - 00000499 _____ C:\Users\asl\Desktop\Krabben mit Ananas und Gemüse. 1portion.txt
2013-07-06 03:00 - 2013-07-06 03:01 - 207852946 _____ C:\Users\asl\reg-bckup.05.07.2013.reg
2013-07-06 01:28 - 2013-07-06 01:28 - 00000000 ____D C:\Users\asl\AppData\Roaming\Avanquest
2013-07-05 23:44 - 2012-01-13 13:48 - 00017944 _____ C:\windows\system32\Drivers\AQFileRestore.sys
2013-07-05 23:43 - 2013-07-06 01:28 - 00000000 ____D C:\ProgramData\Avanquest
2013-07-05 23:39 - 2013-06-28 01:47 - 00000677 _____ C:\Users\asl\Desktop\leslichk.k-.na-.carb.nitrate.txt
2013-07-05 18:27 - 2013-07-05 18:27 - 00000000 ____D C:\Users\asl\Documents\Freemake
2013-07-05 03:15 - 2013-07-12 20:29 - 00000000 ____D C:\Users\asl\Downloads\winFAQ
2013-06-26 19:09 - 2013-06-26 19:05 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-26 19:07 - 2013-06-26 19:06 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-26 19:07 - 2013-06-26 19:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-26 19:07 - 2013-06-26 19:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-26 17:05 - 2013-06-26 17:05 - 330030432 _____ C:\windows\MEMORY.DMP
2013-06-26 17:05 - 2013-06-26 17:05 - 00145280 _____ C:\windows\Minidump\062613-33571-01.dmp
2013-06-26 15:29 - 2013-06-26 15:29 - 00000216 _____ C:\windows\system32\TrueCrypt System Favorite Volumes.xml
2013-06-24 22:55 - 2013-05-08 07:38 - 01293672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

==================== One Month Modified Files and Folders =======

2013-07-17 16:06 - 2013-07-17 16:06 - 00000000 ____D C:\FRST
2013-07-17 16:06 - 2011-02-17 00:01 - 00083668 _____ C:\windows\system32\config\rules.rdb
2013-07-17 15:57 - 2013-03-21 16:49 - 00000000 ____D C:\Users\asl\AppData\Roaming\Mozilla
2013-07-17 15:45 - 2011-10-13 21:27 - 00000000 ____D C:\Users\asl\Downloads\ipcop
2013-07-17 15:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 15:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 06:13 - 2009-07-14 06:39 - 00100772 _____ C:\windows\setupact.log
2013-07-17 01:12 - 2010-12-23 12:52 - 00000000 ___RD C:\Users\asl\Downloads\mplayer
2013-07-16 23:56 - 2011-02-16 23:57 - 00000000 ____D C:\windows\system32\Filt
2013-07-16 19:46 - 2010-10-17 23:53 - 01110126 _____ C:\windows\WindowsUpdate.log
2013-07-16 01:11 - 2013-07-16 01:11 - 05030933 _____ C:\Users\asl\Downloads\RSW-Portable.zip
2013-07-15 23:24 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 23:17 - 2011-02-20 17:24 - 00267890 _____ C:\windows\system32\config\afw_db.conf
2013-07-15 23:17 - 2011-02-20 17:24 - 00016460 _____ C:\windows\system32\config\afw_hm.conf
2013-07-15 23:14 - 2010-10-17 09:17 - 00000000 ___RD C:\Users\asl\Desktop
2013-07-15 19:27 - 2010-10-18 12:08 - 00620492 _____ C:\windows\PFRO.log
2013-07-15 01:05 - 2013-07-15 01:05 - 00005346 _____ C:\windows\system32\PerfStringBackup.TMP
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Users\asl\AppData\Roaming\Malwarebytes
2013-07-14 21:10 - 2010-12-08 22:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 19:33 - 2010-10-24 22:30 - 00000919 _____ C:\Users\asl\Desktop\MySyncFolder.lnk
2013-07-14 19:33 - 2010-10-17 09:17 - 00000000 ____D C:\Users\asl\AppData\Roaming\ASUS WebStorage
2013-07-14 15:11 - 2013-07-14 15:08 - 208541524 _____ C:\Users\asl\regbckup.2013.07.14.reg
2013-07-14 15:08 - 2010-10-17 09:17 - 00000000 ____D C:\Users\asl
2013-07-14 14:52 - 2010-12-21 02:06 - 00000000 ____D C:\Users\asl\html
2013-07-14 02:23 - 2009-07-25 09:50 - 01528514 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-12 20:29 - 2013-07-05 03:15 - 00000000 ____D C:\Users\asl\Downloads\winFAQ
2013-07-12 18:54 - 2010-06-24 18:03 - 00055380 _____ C:\windows\DPINST.LOG
2013-07-12 18:53 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\DriverStore
2013-07-11 23:13 - 2013-07-11 23:13 - 00000000 ____D C:\Users\asl\Downloads\backups
2013-07-11 22:03 - 2013-07-11 22:03 - 00007219 _____ C:\Users\asl\Desktop\hijackthis.2013.07.11.log
2013-07-11 20:50 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-11 14:43 - 2013-07-11 14:33 - 00000000 ____D C:\windows\system32\MRT
2013-07-09 01:12 - 2013-07-09 01:12 - 00000499 _____ C:\Users\asl\Desktop\Krabben mit Ananas und Gemüse. 1portion.txt
2013-07-08 14:29 - 2010-12-23 14:09 - 00000000 ____D C:\Users\asl\AppData\Roaming\JonDo
2013-07-07 02:24 - 2013-01-19 13:10 - 00000000 ____D C:\Users\asl\AppData\Roaming\vlc
2013-07-06 19:05 - 2011-08-05 01:08 - 00000000 ____D C:\Users\asl\Downloads\_out
2013-07-06 03:01 - 2013-07-06 03:00 - 207852946 _____ C:\Users\asl\reg-bckup.05.07.2013.reg
2013-07-06 01:28 - 2013-07-06 01:28 - 00000000 ____D C:\Users\asl\AppData\Roaming\Avanquest
2013-07-06 01:28 - 2013-07-05 23:43 - 00000000 ____D C:\ProgramData\Avanquest
2013-07-06 00:17 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 23:43 - 2010-06-24 18:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-05 18:52 - 2011-11-15 20:45 - 00000000 ____D C:\ProgramData\Ulead Systems
2013-07-05 18:45 - 2010-12-07 03:57 - 00000000 ____D C:\Users\asl\AppData\Roaming\Philipp Winterberg
2013-07-05 18:38 - 2010-11-10 09:48 - 00000000 ____D C:\ProgramData\FreePDF
2013-07-05 18:38 - 2010-11-10 09:48 - 00000000 ____D C:\Program Files\FreePDF_XP
2013-07-05 18:29 - 2011-03-05 16:35 - 00000000 ____D C:\windows\tessdata
2013-07-05 18:27 - 2013-07-05 18:27 - 00000000 ____D C:\Users\asl\Documents\Freemake
2013-07-05 18:23 - 2010-10-26 19:30 - 00000000 ____D C:\Users\asl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
2013-07-05 18:08 - 2010-06-24 18:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-03 02:03 - 2010-12-16 11:32 - 00000000 ____D C:\Users\asl\Downloads\64
2013-06-28 01:47 - 2013-07-05 23:39 - 00000677 _____ C:\Users\asl\Desktop\leslichk.k-.na-.carb.nitrate.txt
2013-06-27 14:15 - 2011-01-15 04:42 - 00000000 ____D C:\Users\asl\Downloads\pn
2013-06-27 03:41 - 2010-10-23 14:37 - 00015872 _____ C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-26 19:06 - 2013-06-26 19:07 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-26 19:05 - 2013-06-26 19:09 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-26 19:05 - 2013-06-26 19:07 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-26 19:05 - 2013-06-26 19:07 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-26 19:05 - 2013-03-08 03:11 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-06-26 19:05 - 2010-10-26 12:27 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-06-26 19:02 - 2011-02-17 00:01 - 95658496 _____ C:\windows\system32\config\fsdb.sdb
2013-06-26 17:05 - 2013-06-26 17:05 - 330030432 _____ C:\windows\MEMORY.DMP
2013-06-26 17:05 - 2013-06-26 17:05 - 00145280 _____ C:\windows\Minidump\062613-33571-01.dmp
2013-06-26 17:05 - 2010-11-02 22:39 - 00000000 ____D C:\windows\Minidump
2013-06-26 15:30 - 2010-11-21 21:46 - 00000000 ____D C:\Users\asl\AppData\Roaming\TrueCrypt
2013-06-26 15:29 - 2013-06-26 15:29 - 00000216 _____ C:\windows\system32\TrueCrypt System Favorite Volumes.xml
2013-06-25 16:39 - 2010-11-09 11:16 - 00000000 ____D C:\Users\asl\games
2013-06-24 15:32 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-24 00:37 - 2010-10-18 11:48 - 75733144 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 21:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und hier das Additional:
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2013 02
Ran by asl at 2013-07-17 16:11:31
Running from C:\Users\asl\Downloads\ipcop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 1.1.0)
ACD/Labs Software in C:\Program Files\ACDFREE12\ (Version: v12.00, FREE)
Acrobat.com (Version: 1.6.65)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader 9.4.1 MUI (Version: 9.4.1)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe SVG Viewer 3.0 (Version: 3.0)
ArcSoft TotalMedia 3.5
ArcSoft WebCam Companion 2
ASUS VIBE (Version: 1.0.187)
ASUS WebStorage (Version: 3.0.84.161)
ASUSUpdate for Eee PC (Version: 1.04.01)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
Audacity 1.3.12 (Unicode)
Avira Free Antivirus (Version: 12.1.9.1236)
AVR Studio 4 (Version: 4.10.356)
Booster 1.05A02
Bridge Builder
Bug Brain
calibre (Version: 0.8.12)
Canon CanoScan Toolbox 5.0
CanoScan 4400F
CapsHook (Version: 1.0.0.5)
CCS64 V3.8 (Version: 1.0.0)
ChemToolBox version 1.1.0
Clonk Endeavour 4.95.5 (Version: 4.95.5)
Conceptronic CTVDIGUSB2 Device Utilities (Version: 3.0.0.0)
DVB-T USB BDA Driver
ebi.BookReader3J (Version: 3.75.14)
Eee Docking 3.7.0 (Version: 3.7.0)
EeeSplendid (Version: 5.1.2.0011)
ELECTRA 2.8
EncVorbis 1.1 (Version: 1.1)
eReg (Version: 1.20.138.34)
Evince 2.30.3 (Version: 2.30.3)
FontResizer (Version: 1.01.0011)
Free CD to MP3 Converter
Frhed 1.7.1 (Version: 1.7.1)
GnuWin32: NetPbm version 10.27 (Version: 10.27)
GPL Ghostscript 9.00
Hotkey Service (Version: 1.27)
ImgBurn (Version: 2.5.3.0)
inSSIDer 2.0 (Version: 2.0.2)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.27)
JAP (Version: 00.13.001)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 21 (Version: 6.0.210)
Java(TM) 6 Update 22 (Version: 6.0.220)
KONICA MINOLTA magicolor 2430DL
LAME v3.98.3 for Audacity
LG CyberLink Power2Go (Version: 6.2.3325)
LG Power Tools (Version: 6.0.3316)
LiveUpdate (Version: 1.21)
LocaleMe (Version: 1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft GIF Animator
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Monjas Breakout (Version: 1.1.34.0)
MP3 Parser DirectShow Filter (remove only)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Musik & Audio Restaurator Pro 5.0 (Version: 5.0)
Nmap 5.20
Nokia Connectivity Cable Driver (Version: 7.1.45.0)
Oolite 1.76.0.4679
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opera 12.15 (Version: 12.15.1748)
Outpost Security Suite 7.1 (Version: 7.1)
PC Connectivity Solution (Version: 11.4.21.0)
PL-2303 USB-to-Serial (Version: 1.00.000)
PL-2303 Vista Driver Installer (Version: 3.0.1.0)
PosteRazor (Version: 1.5.2)
Programmer's Notepad 2 (Version: 2.2.0.2240)
ProtectDisc Helper Driver 10 (Version: 10.0.0.3)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
Realtek High Definition Audio Driver (Version: 6.0.1.6098)
ReOrganize! (Version: 2.3.1)
Scope (Version: 1.22.0)
Sid Meier's Civilization 4 Complete (HKCU Version: 1.74)
Skype™ 5.10 (Version: 5.10.116)
SMPlayer 0.6.8 (Version: 0.6.8)
SPCA1528 PC Driver (Version: 2.2.3.7)
Super Hybrid Engine (Version: 2.16)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.16.0)
Target 3001! V15 discover (Version: )
Telescope Driver (Version: 10.30.09)
TrueCrypt (Version: 7.0a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
USB PC Camera Plus (Version: 5.21.1.000)
VLC media player 2.0.5 (Version: 2.0.5)
Winamp (Version: 5.581 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Winamp Toolbar
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xiph.Org Ogg Codecs 0.83.17220 32-bit (Version: 0.83.17220)


==================== Restore Points =========================

14-07-2013 13:40:14 Windows Update
14-07-2013 15:39:04 Windows Update
14-07-2013 15:47:48 Windows Update
14-07-2013 15:56:11 Windows Update
14-07-2013 16:19:25 PC Connectivity Solution wird entfernt
15-07-2013 21:02:04 Windows Update
15-07-2013 21:46:03 Windows Update
15-07-2013 21:57:10 Windows Update
15-07-2013 22:06:59 Windows Modules Installer
15-07-2013 22:15:38 Windows Update
15-07-2013 22:23:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03B1E017-ADAD-4F6C-9FFF-F3FF1263B9B3} - System32\Tasks\{40231726-2AD1-4DDF-802B-B3592288EDF9} => C:\Users\asl\games\CCS64\ccs64109\CCS64.EXE [1997-10-19] ()
Task: {0B1D4333-A969-48B4-B66A-F8FA9459B107} - System32\Tasks\{3A4B8E9E-3491-4753-AA5B-4D963D0335CC} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {293AC247-9FEE-4B2E-8819-2408640F3744} - System32\Tasks\{8F6B01B5-DD6B-4F94-BDF3-5FCC6C2F4825} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {2D8DCBBD-DBF9-4B8C-9641-94AA1D73BCDC} - System32\Tasks\{6E18611D-A9BF-46D1-80E2-34C418CD88CD} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {3674CDBE-2E30-4559-A98D-615183B6E07A} - System32\Tasks\{7115B069-7D1D-43D7-B928-D4C346E7C4B7} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {39A74D49-2E87-4D8F-8998-54836FAFEC73} - System32\Tasks\{F50075FE-EDB8-4730-914C-A9F8493BC816} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software)
Task: {47C5E7EA-0F15-4384-A0F2-B5D5AC4E4EFD} - System32\Tasks\{6E818BBE-FD87-4A3F-A1C9-868D6639A427} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {557E4D75-B3DD-4129-A026-03A38095DC18} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {7122C574-17F2-41EA-950B-0F4DFDF3AEF1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {7DF999DB-DFBB-4B96-AFBB-08A846C20FAF} - System32\Tasks\{D4C09B2F-F973-4EA7-9A45-ED71478418CB} => C:\windows\divpcam.exe No File
Task: {8F9F3C9D-27D1-40EB-AE25-41D558FC7FC7} - System32\Tasks\{EB06576D-1FB8-4C14-9E23-D871D30D8497} => C:\Franzis\AVR\AvrStudio4\AVRStudio.exe [2004-08-20] ()
Task: {99CD4632-F462-480A-AFB4-45EA4E679EAD} - System32\Tasks\{63E4BB1D-0171-494D-BBF1-12E3ECB51654} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {9B0BC181-4244-4940-90C2-88D404AB44DB} - System32\Tasks\{499A9D13-BA7F-42E1-B8F2-B447F5B5648C} => C:\Franzis\AVR\AvrStudio4\AVRStudio.exe [2004-08-20] ()
Task: {ADE0237C-7293-405E-B7B3-929CAB865F26} - System32\Tasks\{6F4FCA60-4D99-4CE2-A1D6-DEBF29286278} => C:\Users\asl\games\CCS64\ccs64109\CCS64.EXE [1997-10-19] ()
Task: {B2604337-5581-42FC-9F2C-C6BFD76BF951} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {CC267A72-326B-405D-A724-233655919F38} - System32\Tasks\{3F7079CF-A8DD-40E5-A444-C5BB74D6ED31} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {CD61100B-E4E9-4E92-BFBE-ADD86DA9FDAC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {E0A49F5F-1924-463F-9612-FA3527CF4D51} - System32\Tasks\{E214E448-29F2-4EBE-8CE6-AA894092ADEB} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {E3CFDE65-39F9-4C66-8ECB-55ED5455B0F5} - System32\Tasks\{5CA95D23-D5BE-4F50-BDC9-84C28E911DA1} => C:\Users\asl\games\CCS64\ccs32\ccs.exe [2000-01-24] ()
Task: {E550E20B-71C5-4500-8C08-153AE7111B2D} - System32\Tasks\{C964DC32-D255-4EFF-9D34-7D3DF95DC30E} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {E7A05E30-A508-4B3E-9C6A-F8437C0125C9} - System32\Tasks\{081D8737-4B15-49F6-A79F-833025871DBE} => C:\Program Files\IrfanView\i_view32.exe [2010-10-20] (Irfan Skiljan)
Task: {EFC83B69-FDCF-406C-B89D-BC6B8528BBEF} - System32\Tasks\{03DF4B75-1EAC-4C89-8399-B2A983CF45A2} => C:\Program Files\IrfanView\i_view32.exe [2010-10-20] (Irfan Skiljan)
Task: {F1B91D14-2453-440D-9BAB-A9D1771D5900} - System32\Tasks\{D95EA9D2-3154-4D80-A5B4-BD0730A36B74} => C:\Franzis\AVR\AvrStudio4\AVRStudio.exe [2004-08-20] ()
Task: {F3AC650F-D259-4F35-B7F1-B2710F13C1FB} - System32\Tasks\{BDFEC4C0-FD3D-496D-927F-01827624A0BD} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {F6D37DDD-B9F0-434C-AFB3-6A0BEFC8C620} - System32\Tasks\{F9CDFE2D-E431-45E8-AFF9-444C3E3C4CC1} => C:\Users\asl\games\CCS64\ccs64109\CCS64.EXE [1997-10-19] ()
Task: {F8543B71-B76B-44C1-A2DA-09F3DC015BED} - System32\Tasks\{55F0F4C8-2DC8-4B0A-97D5-7863D5C2B04B} => C:\Users\asl\games\simon5\simon5.exe No File

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (L2TP)
Description: WAN-Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (Netzwerkmonitor)
Description: WAN-Miniport (Netzwerkmonitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (IP)
Description: WAN-Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (IPv6)
Description: WAN-Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (PPPOE)
Description: WAN-Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (PPTP)
Description: WAN-Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (SSTP)
Description: WAN-Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2013 07:28:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0x508
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/16/2013 00:22:14 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xb1c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/16/2013 00:06:55 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070005).

Error: (07/15/2013 11:41:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xd28
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 11:34:50 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (07/15/2013 11:27:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xb7c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 11:26:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xf7c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 11:25:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0x5e8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 10:56:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xcd4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 10:46:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xa9c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3


System errors:
=============
Error: (07/17/2013 04:07:26 PM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 04:07:26 PM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 04:06:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (07/17/2013 04:06:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (07/17/2013 04:06:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Kryptografiedienste" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (07/17/2013 03:51:54 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/17/2013 08:55:58 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 08:55:50 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 08:55:34 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 08:55:28 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.


Microsoft Office Sessions:
=========================
Error: (07/16/2013 07:28:57 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba650801ce81aae6852570C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll31943df6-ee3d-11e2-b8d8-20cf303d6b5d

Error: (07/16/2013 00:22:14 AM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6b1c01ce81a9bd9bf3fbC:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dllffac1ae1-ed9c-11e2-b8d8-20cf303d6b5d

Error: (07/16/2013 00:06:55 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070005

Error: (07/15/2013 11:41:45 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6d2801ce81a2306ef718C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll57ff56bb-ed97-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 11:34:50 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (07/15/2013 11:27:05 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6b7c01ce81a20a78f9a6C:\windows\System32\svchost.exeC:\windows \system32\msvcrt.dll4b0899cd-ed95-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 11:26:57 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6f7c01ce81a1e90a7576C:\windows\System32\svchost.exeC:\windows \system32\msvcrt.dll4684177f-ed95-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 11:25:32 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba65e801ce81a1a00b558cC:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll14016be5-ed95-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 10:56:30 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6cd401ce819dc322ef19C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll055396a6-ed91-11e2-8804-20cf303d6b5d

Error: (07/15/2013 10:46:09 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6a9c01ce819c55469cf2C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll937f4b24-ed8f-11e2-8804-20cf303d6b5d


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2038.15 MB
Available physical RAM: 1007.04 MB
Total Pagefile: 4076.3 MB
Available Pagefile: 2816.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:15.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:29.71 GB) (Free:5.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 29133921)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

Alt 18.07.2013, 00:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2013, 04:22   #11
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



done. hier nun also das log von combofix:
Code:
ATTFilter
ComboFix 13-07-16.01 - asl 18.07.2013   1:55.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2038.1358 [GMT 2:00]
ausgeführt von:: c:\users\asl\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-18 bis 2013-07-18  ))))))))))))))))))))))))))))))
.
.
2013-07-18 01:26 . 2013-07-18 01:39	--------	d-----w-	c:\users\asl\AppData\Local\temp
2013-07-18 01:26 . 2013-07-18 01:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-17 23:16 . 2013-07-15 01:34	7143960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{04A5E7AF-81F8-4A9D-B98E-825481AC5DEA}\mpengine.dll
2013-07-17 14:06 . 2013-07-17 14:06	--------	d-----w-	C:\FRST
2013-07-14 19:11 . 2013-07-14 19:11	--------	d-----w-	c:\users\asl\AppData\Roaming\Malwarebytes
2013-07-14 19:10 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-07-14 13:08 . 2013-07-14 13:11	208541524	----a-w-	c:\users\asl\regbckup.2013.07.14.reg
2013-07-11 12:33 . 2013-07-11 12:43	--------	d-----w-	c:\windows\system32\MRT
2013-07-06 01:00 . 2013-07-06 01:01	207852946	----a-w-	c:\users\asl\reg-bckup.05.07.2013.reg
2013-07-05 23:28 . 2013-07-05 23:28	--------	d-----w-	c:\users\asl\AppData\Roaming\Avanquest
2013-07-05 21:44 . 2012-01-13 11:48	17944	----a-w-	c:\windows\system32\drivers\AQFileRestore.sys
2013-07-05 21:43 . 2013-07-05 23:28	--------	d-----w-	c:\programdata\Avanquest
2013-06-26 17:07 . 2013-06-26 17:06	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 20:55 . 2013-05-08 05:38	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 17:05 . 2013-03-08 01:11	867240	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-26 17:05 . 2010-10-26 10:27	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-05 19:12 . 2013-05-22 15:18	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-02 00:06 . 2010-12-08 21:00	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 11:09 . 2013-05-01 11:07	211753182	----a-w-	c:\windows\system32\2013.05.01.registry.bck.reg
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-02-07 13:14	468128	----a-w-	c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-11-21 1496528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-29 415920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-06-24 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-02-07 517056]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-02-07 3107736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-15 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 .AVQWindowsMonitorService;Fix-It Utilities Prozess-Monitor;c:\program files\Avanquest\Fix-It\AVQWinMonEngine.exe [x]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [2012-01-13 17944]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2011-02-02 72352]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [x]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\DRIVERS\inidvd.sys [2009-08-05 16024]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]
R3 PORTMON;PORTMON;c:\users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 188392]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 32872]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-12-03 309320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-02-02 242040]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [2011-02-02 36288]
R3 VHDWQBLKZ;VHDWQBLKZ;c:\users\asl\AppData\Local\Temp\VHDWQBLKZ.exe [x]
R4 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\Avanquest\Fix-It\AQFileRestoreSrv.exe [x]
R4 BV;BV;c:\users\asl\AppData\Local\Temp\BV.exe [x]
R4 FTAAG;FTAAG;c:\users\asl\AppData\Local\Temp\FTAAG.exe [x]
R4 MVRBXYMUKTY;MVRBXYMUKTY;c:\users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe [x]
R4 QKHKZJ;QKHKZJ;c:\users\asl\AppData\Local\Temp\QKHKZJ.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-07 691696]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-04-20 34920]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-21 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-02-02 710824]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2011-02-07 2072592]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-15 50704]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-09-27 328296]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-13 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
AddRemove-IrfanView - e:\portable\IrfanView\iv_uninstall.exe
AddRemove-Musik & Audio Restaurator Pro 5_is1 - c:\program files\softfeld\Musik und Audio Restaurator Pro 5\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3532)
c:\progra~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WerFault.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-18  04:45:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-18 02:45
.
Vor Suchlauf: 11 Verzeichnis(se), 16.325.795.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 17.673.228.288 Bytes frei
.
- - End Of File - - 4A2F52C95A6B6C113BE9A6E99CBD8787
EF6DF11655F8FD600A5BE866AE01AAFC
         

Alt 18.07.2013, 04:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
Das ist schonmal sehr kontraproduktiv. Wozu hast du Avira und Outpost installiert?
Belass es einfach bei einem reinem Virenscanner plus Windows-Firewall, mehr ist nicht nötig. Anders gesagt, mehr verursacht mehr Komplikationen. Deinstalliere Outpost.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2013, 04:41   #13
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



sorry, aber gemäß der Anweisung, ich sollte son Zeug für den Scan ausmachen tat ich mein Bestes, es abzuschalten. Wenn das falsch war habe ich wohl die Anweisungen falsch verstanden. Vllt bin ich aber auch einfach zu blöd und du meinst was anderes.

Gruß,

die eule

Alt 18.07.2013, 04:44   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Du hast richtig gelesen und auch nichts falsch gemacht. Nun solltest du jetzt Outpost deinstallieren.

Einen Vorwurf gab es nit und ich mach uns auch gern einen Kaffee jetzt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2013, 05:14   #15
lydia_eule
 
found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Standard

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?



Das mag sich für dich jetzt evtl komisch anhören, aber kann ich nicht stattdessen lieber die M$-Firewall rauswerfen statt Outpost? Irgendwie hänge ich daran, seit ich unter Win98 vieles probiert habe und diese am angenehmsten fand. Die sieht knuffelig aus und fühlt sich eben einfach "richtig" an.

achja: thx 4 coffee

Antwort

Themen zu found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?
abgesicherten, asus, avira, bot, defender, einfach, festplatte, found, gmer, hijack, hijackthis, kleine, malwarebytes, microsoft, modus, nichts, quarantäne, revealer, rootkit, scanner, schnell, system, tool, win, win7



Ähnliche Themen: found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?


  1. Komische Dateien in C: bei Windows7
    Log-Analyse und Auswertung - 20.08.2014 (10)
  2. Virenverdacht - komische Dateien auf dem PC wie: Tarma Installer
    Log-Analyse und Auswertung - 03.08.2014 (15)
  3. Ich habe über 600 infizierte Dateien,wie kann ich diese reparieren oder entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (5)
  4. Komische Videos die ich nicht heruntergeladen habe
    Smartphone, Tablet & Handy Security - 11.01.2014 (6)
  5. windows7: komische Dateien in system32
    Log-Analyse und Auswertung - 14.09.2013 (3)
  6. Komische Rechnung (nein, habe ich nicht geöffnet)
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (5)
  7. Komische .exe Dateien, wie z.B. C:\1148,188.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2009 (6)
  8. Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (73)
  9. komische dateien
    Alles rund um Windows - 19.04.2009 (3)
  10. Komische Dateien in C:/Dokumente.../Name
    Plagegeister aller Art und deren Bekämpfung - 31.12.2007 (1)
  11. Langsamer PC und komische Dateien
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (3)
  12. Komische Dateien im Rycler aller Partitionen
    Plagegeister aller Art und deren Bekämpfung - 24.12.2006 (1)
  13. Nach Server Hack komische dateien ...
    Plagegeister aller Art und deren Bekämpfung - 04.10.2006 (6)
  14. kann mir das einer erklären?
    Alles rund um Windows - 12.11.2005 (3)
  15. Komische Dateien im Cache
    Plagegeister aller Art und deren Bekämpfung - 11.07.2005 (0)
  16. Habe Trojaner komische Po-Ups
    Plagegeister aller Art und deren Bekämpfung - 06.05.2005 (20)
  17. Klasse Forum!Aber wer von euch kann einem absolutem Leien etwas erklären?
    Plagegeister aller Art und deren Bekämpfung - 05.02.2005 (17)

Zum Thema found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? - Hi an alle, sorry, wenn ich einfach zur Sache komme, statt mich erstmal vorzustellen. Beim Aufräumen der Festplatte meines "kleinen" Rechners (asus 1005 PX, Win7 starter) fand ich vor ca - found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?...
Archiv
Du betrachtest: found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.