Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.10.2013, 19:30   #1
m42ch
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Hallo,

als Student habe ich eigentlich die Möglichkeit mich per VPN in die Uni einzuklinken.
Da dies auf einmal nicht mehr funktioniert, habe ich mich an den Helpdesk der Uni gewendet.
Dieser bat mich Wireshark auszuführen während ich den VPN-Client von Cisco starten sollte.
Vom VPN-Client hat er nicht viel in den Logs gesehen, da dieser direkt wieder mit folgenden Meldung abstürtzt:
"VPN Service not abailable." --> nach bestätigen mit OK kommt noch "The VPN agent service is not responding. Please restart this application after a minute."

Jedoch fand sich im Logfile einiges an UDP-Traffic wieder. Dies ließ ihn auf eine Filesharing-Software schließen. Mich aber, da ich sowas nicht verwende, hat dies so stutzig gemacht, dass ich wie beschrieben nun ein OTL-Scan durchgeführt habe:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.10.2013 20:06:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\42\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,78 Gb Available Physical Memory | 62,98% Memory free
12,00 Gb Paging File | 9,22 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 367,84 Gb Total Space | 124,81 Gb Free Space | 33,93% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 151,39 Gb Free Space | 32,50% Space Free | Partition Type: NTFS
Drive G: | 97,82 Gb Total Space | 61,14 Gb Free Space | 62,50% Space Free | Partition Type: NTFS
Drive H: | 100,00 Mb Total Space | 18,73 Mb Free Space | 18,73% Space Free | Partition Type: NTFS
 
Computer Name: 42-PC | User Name: 42 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\42\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\42\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\42_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\system\cm106eye.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\5214f3dd750e006136aed8ca0c06d7f0\HD-Agent.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\45fbb7f9f303821b147e125742cf15ea\JSON.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Users\42\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Users\42_2\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\42_2\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\system\cm106eye.exe ()
MOD - C:\Windows\system\cmau106.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (Riverbed Technology, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64-6.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (Riverbed Technology, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (WN4501HLFIR) -- C:\Windows\SysNative\drivers\ZD1211BU.sys (Atheros Technology Corporation)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (EC168x64) -- C:\Windows\SysNative\drivers\EC168x64.sys (e3C, Inc.)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 CE 7C 1D 81 63 CE 01  [binary data]
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\..\SearchScopes,DefaultScope = {11DA48D5-FD81-41F4-AA59-97FA01D0DCA3}
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\..\SearchScopes\{11DA48D5-FD81-41F4-AA59-97FA01D0DCA3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=46
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\..\SearchScopes\{C63258F5-D393-44AE-A5DC-B74B8D87E3AF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..browser.search.selectedEngine: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: G:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\42\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\42\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.10.26 15:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.10.09 17:22:27 | 000,000,000 | ---D | M]
 
[2009.12.10 23:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\42\AppData\Roaming\mozilla\Extensions
[2013.10.23 19:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\42\AppData\Roaming\mozilla\Firefox\Profiles\w13am0zb.default\extensions
[2013.10.09 17:54:58 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\42\AppData\Roaming\mozilla\firefox\profiles\w13am0zb.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.10.09 19:42:18 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\42\AppData\Roaming\mozilla\firefox\profiles\w13am0zb.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2011.07.27 22:11:45 | 000,096,925 | ---- | M] () (No name found) -- C:\Users\42\AppData\Roaming\mozilla\firefox\profiles\w13am0zb.default\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}.xpi
[2013.10.09 17:54:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\42\AppData\Roaming\mozilla\firefox\profiles\w13am0zb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.19 16:25:40 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\42\AppData\Roaming\mozilla\firefox\profiles\w13am0zb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.05.19 16:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.19 16:25:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.09.17 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.09.17 23:23:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\42\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W13AM0ZB.DEFAULT\EXTENSIONS\FFXTLBR@ZONEALARM.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\42\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = G:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - Extension: avast! Online Security = C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: avast! Online Security = C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
 
O1 HOSTS File: ([2013.10.24 19:33:16 | 000,481,797 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 30943 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {609D670F-B735-4da7-AC6D-F3BD358E325E} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3888471740-3113341665-555123505-1000..\Run: [Spotify] C:\Users\42\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3888471740-3113341665-555123505-1000..\Run: [Spotify Web Helper] C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3888471740-3113341665-555123505-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\42_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\42_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3888471740-3113341665-555123505-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4CE8CDA-7E1C-4DCE-8482-EBF740CE2702}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.07 22:16:18 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{154ba5da-e5c3-11de-9cd0-9c6f88b70a6d}\Shell - "" = AutoRun
O33 - MountPoints2\{154ba5da-e5c3-11de-9cd0-9c6f88b70a6d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9bbf4fe8-e5c2-11de-a812-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9bbf4fe8-e5c2-11de-a812-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe
O33 - MountPoints2\{ca6d5a62-278f-11df-b11a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca6d5a62-278f-11df-b11a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoPlay.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ASRSetup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.29 20:04:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.10.29 19:49:03 | 000,000,000 | ---D | C] -- C:\Users\42\Desktop\LocaleMetaData
[2013.10.28 19:46:39 | 000,000,000 | ---D | C] -- C:\Users\42\AppData\Roaming\Wireshark
[2013.10.28 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.10.28 19:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013.10.28 19:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013.10.27 14:31:08 | 000,000,000 | ---D | C] -- C:\Users\42\.thumbnails
[2013.10.27 14:30:03 | 000,000,000 | ---D | C] -- C:\Users\42\AppData\Local\fontconfig
[2013.10.27 14:29:59 | 000,000,000 | ---D | C] -- C:\Users\42\AppData\Local\gegl-0.2
[2013.10.27 14:29:59 | 000,000,000 | ---D | C] -- C:\Users\42\.gimp-2.8
[2013.10.26 15:25:16 | 000,000,000 | ---D | C] -- C:\Users\42\AppData\Local\ElevatedDiagnostics
[2013.10.23 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\42\AppData\Roaming\AVAST Software
[2013.10.23 19:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.10.23 19:57:14 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.10.23 19:57:11 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.10.23 19:57:10 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.10.23 19:57:10 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.10.23 19:57:10 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.10.23 19:57:09 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.10.23 19:57:02 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.10.23 19:56:56 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.10.23 19:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.10.23 19:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.10.23 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.10.22 17:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.10.21 18:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.10.21 18:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.10.21 18:36:36 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.10.21 18:36:31 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.10.21 18:36:31 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.10.21 18:36:31 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.10.21 18:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.14 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\42\AppData\Local\DoNotTrackPlus
[2013.10.09 17:59:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.10.09 17:59:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.10.09 17:59:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.10.09 17:59:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.10.09 17:59:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.10.09 17:59:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.10.09 17:59:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.10.09 17:59:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.10.09 17:59:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.10.09 17:59:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.10.09 17:59:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.10.09 17:59:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.10.09 17:59:30 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.10.09 17:59:30 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.10.09 17:59:29 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.10.09 17:36:04 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013.10.09 17:36:02 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.10.09 17:36:02 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.10.09 17:36:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.10.09 17:36:02 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.10.09 17:36:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.10.09 17:36:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013.10.09 17:36:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.10.09 17:36:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013.10.09 17:35:59 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.10.09 17:35:59 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013.10.09 17:35:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013.10.09 17:35:49 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.10.09 17:35:48 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.10.09 17:35:48 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.10.09 17:35:48 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.10.09 17:35:48 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013.10.09 17:35:48 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013.10.09 17:35:47 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013.10.09 17:35:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.10.09 17:35:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.10.09 17:35:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.10.09 17:35:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.10.09 17:35:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.10.09 17:35:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.10.09 17:35:40 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013.10.09 17:35:40 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013.10.09 17:35:38 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013.10.09 17:35:33 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013.10.09 17:35:33 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.29 20:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA.job
[2013.10.29 19:56:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA.job
[2013.10.29 19:49:03 | 004,263,936 | ---- | M] () -- C:\Users\42\Desktop\schwan.evtx
[2013.10.29 19:18:22 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.29 19:18:22 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.29 19:15:19 | 001,620,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.29 19:15:19 | 000,701,354 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.10.29 19:15:19 | 000,654,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.29 19:15:19 | 000,150,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.10.29 19:15:19 | 000,122,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.29 19:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.29 19:10:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.29 19:10:34 | 536,272,895 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.28 19:50:24 | 000,207,760 | ---- | M] () -- C:\Users\42\Desktop\S*****.pcapng
[2013.10.28 19:43:27 | 000,500,504 | ---- | M] () -- C:\Users\42\Desktop\S******.pcapng
[2013.10.28 19:27:53 | 000,001,565 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2013.10.27 18:05:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core.job
[2013.10.27 15:34:30 | 000,002,070 | ---- | M] () -- C:\Users\42\AppData\Local\recently-used.xbel
[2013.10.26 15:32:15 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.10.24 19:33:16 | 000,481,797 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.10.23 19:56:58 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.10.23 19:56:58 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.10.23 19:56:58 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.10.23 19:56:58 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.10.23 19:56:58 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.10.23 19:56:58 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.10.23 19:56:58 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.10.23 19:56:58 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.10.23 19:56:58 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.10.23 19:56:56 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.10.22 18:45:18 | 000,407,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.10.22 18:41:49 | 000,109,034 | ---- | M] () -- C:\Users\42\Documents\cc_20131022_194126.reg
[2013.10.22 18:39:08 | 000,030,249 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2013.10.15 11:55:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core.job
[2013.10.14 17:09:21 | 000,481,779 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ac
[2013.10.14 17:09:21 | 000,481,779 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-203316.backup
[2013.10.09 18:40:38 | 000,001,359 | ---- | M] () -- C:\Users\42\Desktop\Dropbox.lnk
[2013.10.09 18:38:02 | 000,001,413 | ---- | M] () -- C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.10.09 18:02:46 | 001,597,892 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.08 21:15:42 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.10.08 21:15:42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.10.08 06:50:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.10.08 06:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.10.08 06:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.10.08 06:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.10.29 19:48:49 | 004,263,936 | ---- | C] () -- C:\Users\42\Desktop\schwan.evtx
[2013.10.28 19:50:24 | 000,207,760 | ---- | C] () -- C:\Users\42\Desktop\Schwan2.pcapng
[2013.10.28 19:43:27 | 000,500,504 | ---- | C] () -- C:\Users\42\Desktop\Schwan.pcapng
[2013.10.28 19:27:53 | 000,001,565 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2013.10.27 15:34:30 | 000,002,070 | ---- | C] () -- C:\Users\42\AppData\Local\recently-used.xbel
[2013.10.23 19:57:37 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.10.23 19:57:12 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.10.23 19:57:11 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.10.22 18:45:05 | 000,407,616 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.10.22 18:41:33 | 000,109,034 | ---- | C] () -- C:\Users\42\Documents\cc_20131022_194126.reg
[2013.10.09 18:40:38 | 000,001,359 | ---- | C] () -- C:\Users\42\Desktop\Dropbox.lnk
[2013.10.09 18:38:02 | 000,001,413 | ---- | C] () -- C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.07.01 19:16:50 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013.04.08 17:04:06 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2013.04.08 17:04:06 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2013.03.01 02:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.01.26 14:14:43 | 000,000,187 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.05 16:08:26 | 000,030,249 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2012.09.20 14:17:00 | 000,005,120 | ---- | C] () -- C:\Users\42\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.28 23:24:38 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2012.06.28 23:24:38 | 000,000,601 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2012.06.28 23:24:24 | 000,003,059 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2012.06.28 23:24:24 | 000,001,128 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.06.28 23:24:22 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini
[2012.05.03 20:43:03 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.05.03 20:42:46 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.10.23 19:57:50 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\AVAST Software
[2013.07.05 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\CheckPoint
[2013.10.29 20:17:18 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Dropbox
[2013.05.19 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\EndNote
[2009.12.12 16:03:00 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Foxit
[2013.06.17 21:29:04 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Foxit Software
[2012.09.20 14:07:16 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\FreeScreenToVideo
[2009.12.11 15:53:22 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Genius Multimedia
[2012.07.09 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\ICQ
[2011.12.11 02:25:16 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\LucasArts
[2010.08.26 22:07:51 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\mp3DirectCut
[2012.03.20 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Mp3tag
[2013.08.27 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\pdfforge
[2013.10.29 19:25:53 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Spotify
[2010.05.27 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\streamripper
[2010.05.27 19:03:56 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\streamWriter
[2013.05.18 18:23:04 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Swiss Academic Software
[2013.10.28 19:46:39 | 000,000,000 | ---D | M] -- C:\Users\42\AppData\Roaming\Wireshark
[2013.10.23 20:18:12 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\AVAST Software
[2013.07.06 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\CheckPoint
[2013.10.27 13:00:57 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\Dropbox
[2012.12.19 19:43:52 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\e-academy Inc
[2013.05.23 17:14:35 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\EndNote
[2013.01.23 23:50:26 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\Foxit Software
[2012.09.20 14:06:37 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\FreeScreenToVideo
[2012.11.15 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\ICQ
[2013.08.13 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\Mp3tag
[2013.03.19 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\Samsung
[2013.10.24 20:12:27 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\Spotify
[2013.05.18 17:38:48 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\Swiss Academic Software
[2013.09.02 08:52:30 | 000,000,000 | ---D | M] -- C:\Users\42_2\AppData\Roaming\webex
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Die Logs von Wireshark und Dr. Watson hänge ich als Zip-Datei ebenfalls an.

Vielen Dank schon einmal für die Mühen desjenigen welcher sich das anschaut!

Viele Grüße
m42ch

Geändert von m42ch (29.10.2013 um 19:35 Uhr) Grund: *** = Name entfernt...

Alt 29.10.2013, 20:36   #2
m42ch
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



sry, aber ich hab gerade noch gesehen, dass es noch ein OTL-Logfile gibt mit dem Namen "Extras.txt", welches ich euch auch noch posten möchte.
Noch einmal editieren darf ich nicht, drum muss ich nen neuen Beitrag posten...

hier das Log:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.10.2013 20:06:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\42\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,78 Gb Available Physical Memory | 62,98% Memory free
12,00 Gb Paging File | 9,22 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 367,84 Gb Total Space | 124,81 Gb Free Space | 33,93% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 151,39 Gb Free Space | 32,50% Space Free | Partition Type: NTFS
Drive G: | 97,82 Gb Total Space | 61,14 Gb Free Space | 62,50% Space Free | Partition Type: NTFS
Drive H: | 100,00 Mb Total Space | 18,73 Mb Free Space | 18,73% Space Free | Partition Type: NTFS
 
Computer Name: 42-PC | User Name: 42 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FBBD47-18C4-47CB-B3B4-6104610C07F7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{01A14C04-3B6E-4A09-A9A4-1D6B40D02064}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0E45802B-267F-42CD-BB2A-A58441EE76E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1122FD53-A984-4C49-B6BC-D51D731FA500}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1962E634-B9C7-4737-AEB0-F8740A174EB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24C3948F-0895-4EE9-9CCB-3936D8A4E8EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{28068E6A-858A-4C58-9A6A-E994D9E552ED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51978F86-4F17-49A8-BF54-2827C3DC3A75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D79E787-AE11-442C-B232-419EF42E546B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7584751C-A613-4085-9FFC-9F888401CAC2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{827B949A-FFFD-4CE9-8F7F-158156BFB96D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8F7AEFF0-9FF9-4762-BCC9-79CA7F2BBA88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{929AC68A-2D76-46EE-A448-1180C909CE17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9F154CD-B47B-4EF7-852D-D43D3560F68B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C2962437-AE7C-4813-9337-C0F39F19EE43}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{C49D36DC-D19E-48CC-B6F4-5CC0B2003C88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CE997435-BFA9-4594-8A2B-E5BB481F8E41}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D9EBAB16-9802-4855-A10B-B7994C52A974}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD5FC5A2-AB33-4D97-84A1-A000019D5DC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E013EE8F-D18F-405A-8EA0-C1A052300F2B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EC28D461-F93D-4240-8DDD-154DE0F3A93E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1FC7206-C543-47FB-9797-2343C4E720AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F3B493DE-201F-4262-BAC3-CB20D6E858B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FFA6F754-6674-4D32-BA9E-33B09B59278E}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03842F0A-B07F-4ED7-88C5-58EC665FD89A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0907B4D7-BB3B-4B15-9D4B-DF6F842A3D3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C7C0D0B-AA14-405A-A0D3-2821784C8E56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe | 
"{0FF59006-5C87-40FB-9FA9-8F7E965C4B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{125117EF-8745-410F-9973-44F256AE586D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1379CB20-0132-4B7D-A4AA-35D5166009FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{13FF0D6D-C3FE-48AE-A09E-1B8BE2B6692F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{1533F7B9-893A-41C1-BB7E-90941157E339}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{15A95D45-E4A9-47D4-8E7E-4F5FAB92BE02}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{1C5569CB-CDF3-466F-85ED-8F8DF96765FB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1E98EC72-7EF5-45CB-A622-97653D342EAB}" = dir=in | app=e:\setup\hpznui40.exe | 
"{29269EF9-3F9F-49D7-80BA-41F2340BC145}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{347C3416-8467-45AA-B9B9-F39F3FCEA783}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34DB11F7-8B4A-4AF5-B9F0-0D4D9D495B10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe | 
"{36593283-2B7C-4279-A3C3-F72C044451FF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{3B3DD5D7-5C48-499F-895E-F7FE23047EEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E08CFD1-7DA7-4E42-80B7-C3F26B5B42E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44346670-8727-42B3-9CA1-F07E59F8224A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{4840A582-3B2F-4441-9CFE-1F81DF7471B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
"{4AB39B67-3ED5-4B73-A8FD-F3E1790DE271}" = protocol=6 | dir=out | app=system | 
"{4B2FCF41-26CC-4F54-8DE6-E1A2127B65E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe | 
"{4B3C987C-0BE4-4795-89C1-9C739A05E852}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{4B8E7079-2788-408C-A382-312F89DB6149}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{502D2139-AAE5-4B60-A1B5-B1A7F8E8981B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{58C687F7-D747-429F-8661-35C1E103F320}" = protocol=6 | dir=in | app=c:\users\42_2\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5CAB30B8-819A-4A67-B606-AC0566A50AD9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{5D2C6FE6-1068-4A98-9FCE-CB505FE4A63A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{5D638D75-C1A9-474F-ABFE-93328C1493CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5F1E6253-62EB-4BBB-80CF-75BAF0A1B131}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{60E5BD0A-A00F-4EC5-A67E-F3E5EDDFA277}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe | 
"{635D0E8D-9093-4A02-9075-D49E44AD93D2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{63FADB1A-ED24-4ED5-9BBF-EF041B4D9C74}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"{6780E704-6AD8-412F-9031-4D70CBD9673C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"{6C5485FD-0953-4CFC-A099-11EC757D64DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6F62F145-63F8-48ED-803E-32D78B51CF47}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{719F9AF9-AC7D-402D-90D4-2547082EA2DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{728110BB-44ED-4A4E-B74C-007F32886F65}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{745284CC-F7F4-41F8-AB92-B579AF557581}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe | 
"{79D4576E-D3C0-4C77-BE4E-A09CF47EB3AD}" = protocol=17 | dir=in | app=c:\users\42\appdata\roaming\spotify\spotify.exe | 
"{7D93D3FB-A0E3-4042-A14E-0A06FAC3B34D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\masch1984@lycos.de\half-life\hl.exe | 
"{7F6605B2-8CF2-4BA9-9076-946B84E737BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{816FBC43-6D12-4D6A-A569-3153E0707D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{83CB52C5-DC11-4FE2-AF97-7D4518C32CD5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{846C5A5C-3E11-4280-8758-19E04EF4A998}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"{85C724C5-885E-45E6-8743-CB0626D1A47E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\masch1984@lycos.de\half-life\hl.exe | 
"{875AC453-BDD1-49E5-9531-8E752E51D20C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{88FA3A7C-E0B2-40CB-8AE6-986C596FD65A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{8977346B-4A1C-435C-98BC-B52A8A64A831}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{8BABBC9B-AEFC-4AA8-8F05-044615B531A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C16D903-1FEA-4943-B86E-BF22BC63EC33}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8C9DF5C1-5656-4325-8149-475948FD148B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
"{8CADD8BB-4D19-45E7-91D3-2A85BAFF2002}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{9A0665CE-F47B-4EE0-B6AE-9D04173BCBDD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{9D12C201-B724-4BD4-930A-5D77756B7740}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2CC8FF2-0507-4F6D-85C2-AADD429D6996}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{A4D91EF5-4B0D-4D59-B42A-925C8E2B58F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe | 
"{A6D39FF3-ED40-49F3-85A2-3AB55C30660C}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | 
"{AE742430-11C3-4BA8-919D-BB916912A708}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | 
"{AECA74AA-ADEB-4CAB-ACED-43F2C8A3010B}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"{B09E5FBC-6D36-46A9-B6D5-1F4001536DC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{B57FBD76-CB5F-450B-8D26-96655D7F5C40}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{B70F5093-019F-4B99-986B-2F8BAE4491F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8B25398-ACAF-42FF-9207-E674A2D6125A}" = protocol=6 | dir=in | app=c:\users\42\appdata\roaming\spotify\spotify.exe | 
"{BC00FEC6-DCE8-41D6-A7C4-D8AD26875D4B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{BE02300F-D093-4E62-8708-104541007F91}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{C067B57F-76ED-46DE-BC6C-3A8452149824}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{C17436C5-6CFC-4D1A-82A0-5B756C7408B6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"{C2E1CA89-8ED0-4563-9343-B31A191ABAD9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C6DB1EED-DDCC-44C0-9E31-6E8E2FE16FFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C73DAFA1-C31A-40A2-A584-00A00EAA375F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe | 
"{C8552FD9-194F-4F88-A934-CA8C01ACC3A8}" = protocol=17 | dir=in | app=c:\users\42_2\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CC332B59-3FC9-4394-AEE3-01BD873CAEC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{CD92AC0B-0533-451D-AF27-EFAD46EBB5D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{D947DBF5-155C-4FF5-8EF8-D545AFB5E9D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{DBE8AA69-13AC-4FA2-9AEF-A0DA0E0F9E4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{DD1C5F13-0F5D-4B66-8E95-1D5B3BA29CE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{DDBEF69F-2DAD-45B4-8069-14774257E427}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{E1379D0A-F5CA-4525-A7DC-52C955D95319}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe | 
"{E4063941-75C4-405C-A2E0-CEA7B71CA50C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"{F1843A5A-1E9B-4222-9A05-723810C5EE35}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"{F4CF0BE5-F3B6-4144-9D0C-663683E90AAC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"{F5EC60F7-3418-4548-B70B-D7EB8F14649C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{F91C95E5-2063-4651-9D92-7831CB7C5CAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FBD31056-BD5E-40F5-A93D-33BB3EF7D8C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FC07A998-6C6D-41B8-BA3D-AB3A6CC7F116}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{25664DD7-AB35-47BB-8D01-855521602A51}C:\program files (x86)\steam\steamapps\masch1984@lycos.de\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\masch1984@lycos.de\half-life\hl.exe | 
"TCP Query User{29B8F461-1B89-4141-A6F5-2DC116AD1A19}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | 
"TCP Query User{44EA7AC4-35C2-4C1D-A90B-4330527C280A}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{494EB58E-07C2-4E29-BA12-B5EF031253CE}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"TCP Query User{66F40611-CC2D-4814-8CB7-D40E0BF95E8B}C:\users\42\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\42\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{6B58F5E7-6FF8-420A-B766-7E411893BE82}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{753B6CE6-CAFA-4CB8-BE14-FF354A7BB26F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{8ACF81F4-D953-491F-BF71-0F61348F37BE}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{913EAABC-2CF2-4D6F-9712-009351A62634}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{951F0AEC-655B-4307-B394-CF97D9E65005}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{BEBF0003-B965-4ACE-9F4B-355A2EFF568C}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"TCP Query User{C6A7CD89-89B4-4327-B398-CF4622A60265}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{D5345193-3351-459B-8129-39FF7D5E768F}C:\users\42_2\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\42_2\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{D87E348A-6B9A-4EF6-807C-2A3DB998981D}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{ED7A829B-E0FF-4B47-96B0-E0B26064983D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{0BCD49C6-A250-45BD-8BBC-8BFD12F9C17D}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | 
"UDP Query User{13438D8E-BF2A-4C8F-846A-20F16A034C68}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{17EC2F35-51C7-4F6C-8B86-43A0FBF736E7}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{36BB6461-07E4-4DF1-B970-3C6925F7EED8}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"UDP Query User{3B7FC45F-F17E-479D-91FA-DDC12CFE480B}C:\users\42\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\42\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{51DC2311-8A12-4DA1-A302-BF773E4670E1}C:\program files (x86)\steam\steamapps\masch1984@lycos.de\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\masch1984@lycos.de\half-life\hl.exe | 
"UDP Query User{5C1FD0E4-DBF3-48AC-AEB6-C35350D18396}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{865DBCE5-5835-48A4-8BA8-2F322CC722C7}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"UDP Query User{9CC30CA3-7814-41D9-865B-934242E32951}C:\users\42_2\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\42_2\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{B64A6FA3-B441-4CA6-9433-5F4F6956C8D6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{DA25E005-39E7-4BCE-8AC2-B4DF2889387E}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{E6FCD1FB-AC7B-47A2-ACEF-C2E41DCC16B5}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{E704B8CB-EE85-45A1-8D08-0B0E3A4473F2}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{E7336A42-5B60-4B9C-A094-FDE454080615}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{FFFC2856-35F6-4803-BC6D-041073F88F36}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"CCleaner" = CCleaner
"C-Media CM106 Like Sound Driver" = MEDUSA NX USB 5.1 Gaming Headset
"GIMP-2_is1" = GIMP 2.8.2
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}" = BlueStacks Notification Center
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{AC938019-B63F-4EAC-81BD-7C77B18C484E}" = Cisco AnyConnect Secure Mobility Client
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF1C72E2-203C-4E95-8D24-735196D29E04}" = HP Install Network Printer Wizard
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age Of Pirates 1.41_is1" = Age Of Pirates - Caribbean Tales 1.41
"Avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BlueStacks App Player" = BlueStacks App Player
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"Liveupdate4_is1" = Liveupdate4
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"pdfsam" = pdfsam
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Rockstar Games Social Club" = Rockstar Games Social Club
"StarCraft II" = StarCraft II
"StarLancer 1.0" = Microsoft StarLancer
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay 
"Steam App 31190" = Tales of Monkey Island: Chapter 3 - Lair of the Leviathan 
"Steam App 31200" = Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood 
"Steam App 31210" = Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 620" = Portal 2
"Steam App 70" = Half-Life
"VLC media player" = VLC media player 2.0.2
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.10.2 (64-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3888471740-3113341665-555123505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2013 15:08:05 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4cf  ID des fehlerhaften
 Prozesses: 0x5ec  Startzeit der fehlerhaften Anwendung: 0x01ced4da31b2bf4e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 70503ecf-40cd-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:09:07 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4db  ID des fehlerhaften
 Prozesses: 0x147c  Startzeit der fehlerhaften Anwendung: 0x01ced4da56c06124  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 953f7aaa-40cd-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:10:09 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4cf  ID des fehlerhaften
 Prozesses: 0x1414  Startzeit der fehlerhaften Anwendung: 0x01ced4da7ba14ee3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 ba094fa2-40cd-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:11:11 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4e4  ID des fehlerhaften
 Prozesses: 0x1468  Startzeit der fehlerhaften Anwendung: 0x01ced4daa05ec5a8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 deb44c2d-40cd-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:12:12 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4cf  ID des fehlerhaften
 Prozesses: 0x15f0  Startzeit der fehlerhaften Anwendung: 0x01ced4dac54405aa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 037e2124-40ce-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:13:13 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4cf  ID des fehlerhaften
 Prozesses: 0xad8  Startzeit der fehlerhaften Anwendung: 0x01ced4dae9d28c23  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 27fef217-40ce-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:14:16 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4cf  ID des fehlerhaften
 Prozesses: 0x1714  Startzeit der fehlerhaften Anwendung: 0x01ced4db0e6ac229  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 4d14ec28-40ce-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:15:17 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4cf  ID des fehlerhaften
 Prozesses: 0x1490  Startzeit der fehlerhaften Anwendung: 0x01ced4db336a3c09  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 71e78bcc-40ce-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:16:19 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4e4  ID des fehlerhaften
 Prozesses: 0x15ec  Startzeit der fehlerhaften Anwendung: 0x01ced4db58417a3a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 96bde51b-40ce-11e3-b7b3-bc0543014aad
 
Error - 29.10.2013 15:17:21 | Computer Name = 42-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0,
 Zeitstempel: 0x51c1c669  Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7bc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b4cf  ID des fehlerhaften
 Prozesses: 0xed4  Startzeit der fehlerhaften Anwendung: 0x01ced4db7d1b1ac6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
 Client\vpnagent.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Dbghelp.dll
Berichtskennung:
 bb8d63a8-40ce-11e3-b7b3-bc0543014aad
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 29.10.2013 15:17:21 | Computer Name = 42-PC | Source = acvpnagent | ID = 67108866
Description = Function: CLoginUtils::SetAnyConnectLaunchAtLogin File: .\Utility\LoginUtils.cpp
Line:
 49 Invoked Function: changeAnyConnectRunKeyValue Return Code: -2147024891 (0x80070005)
Description:
 Zugriff verweigert   
 
Error - 29.10.2013 15:17:21 | Computer Name = 42-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processOnLoadPreferencesComplete File: .\MainThread.cpp
Line:
 5679 Invoked Function: CLoginUtils::SetAnyConnectLaunchAtLogin Return Code: -2147024891
 (0x80070005) Description: Zugriff verweigert   
 
Error - 29.10.2013 15:17:33 | Computer Name = 42-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 29.10.2013 15:17:34 | Computer Name = 42-PC | Source = acvpnui | ID = 67108866
Description = Function: CSocketTransport::connectTransport File: .\IPC\SocketTransport.cpp
Line:
 981 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: Es
 konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung 
verweigerte.   
 
Error - 29.10.2013 15:17:34 | Computer Name = 42-PC | Source = acvpnui | ID = 67108866
Description = Function: CIpcTransport::connectIpc File: .\IPC\IPCTransport.cpp Line:
 252 Invoked Function: CSocketTransport::connectTransport Return Code: -31588340 (0xFE1E000C)
Description:
 SOCKETTRANSPORT_ERROR_CONNECT 
 
Error - 29.10.2013 15:17:34 | Computer Name = 42-PC | Source = acvpnui | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588319
 (0xFE1E0021) Description: SOCKETTRANSPORT_ERROR_NO_SOCKET_HANDLE:The socket transport
 does not possess a valid socket handle. 
 
Error - 29.10.2013 15:17:34 | Computer Name = 42-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::initIpc File: .\ApiIpc.cpp Line: 423 Invoked Function:
 CIpcTransport::connectIpc Return Code: -31588340 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

 
Error - 29.10.2013 15:17:34 | Computer Name = 42-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::initiateAgentConnection File: .\ApiIpc.cpp Line: 336
Invoked
 Function: ApiIpc::initIpc Return Code: -31588340 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

 
Error - 29.10.2013 15:17:34 | Computer Name = 42-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::run File: .\ApiIpc.cpp Line: 570 Invoked Function: 
ApiIpc::initiateAgentConnection Return Code: -31588340 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

 
Error - 29.10.2013 15:17:34 | Computer Name = 42-PC | Source = acvpnui | ID = 67108865
Description = Function: ClientIfcBase::attach File: .\ClientIfcBase.cpp Line: 606 Client
 failed to attach.
 
[ System Events ]
Error - 29.10.2013 15:10:09 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 61 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:11:11 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 62 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:12:13 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 63 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:13:14 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 64 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:14:16 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 65 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:15:18 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 66 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:16:20 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 67 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:17:21 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 68 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:18:23 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 69 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.10.2013 15:19:24 | Computer Name = 42-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
 beendet. Dies ist bereits 70 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
--- --- ---

[/code]
__________________


Alt 04.11.2013, 21:59   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
__________________

Alt 05.11.2013, 19:09   #4
m42ch
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Hallo,

ein Virenscanner hat bisher nicht angeschlagen.
Hier die Logs von FRST:



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by 42 (administrator) on 42-PC on 05-11-2013 20:02:43
Running from C:\Users\42\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Windows\system\Cm106eye.exe
(Dropbox, Inc.) C:\Users\42_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKCU\...\Run: [Google Update] - C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-10] (Google Inc.)
HKCU\...\Run: [Spotify] - C:\Users\42\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-18] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-18] (Spotify Ltd)
MountPoints2: E - E:\ASRSetup.exe
MountPoints2: J - J:\LaunchU3.exe -a
MountPoints2: {154ba5da-e5c3-11de-9cd0-9c6f88b70a6d} - I:\LaunchU3.exe -a
MountPoints2: {9bbf4fe8-e5c2-11de-a812-806e6f6e6963} - E:\autorun\autorun.exe
MountPoints2: {ca6d5a62-278f-11df-b11a-806e6f6e6963} - D:\AutoPlay.exe
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [25600 2009-06-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-23] (AVAST Software)
HKU\42_2\...\Run: [Google Update] - C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-10] (Google Inc.)
HKU\42_2\...\Run: [Spotify Web Helper] - C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-18] (Spotify Ltd)
Startup: C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\42_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\42_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\42\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70CE7C1D8163CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {11DA48D5-FD81-41F4-AA59-97FA01D0DCA3} URL = hxxp://www.bing.com/search?q={searchTerms}&r=46
SearchScopes: HKCU - {11DA48D5-FD81-41F4-AA59-97FA01D0DCA3} URL = hxxp://www.bing.com/search?q={searchTerms}&r=46
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {609D670F-B735-4da7-AC6D-F3BD358E325E} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default
FF user.js: detected! => C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\user.js
FF Homepage: about:home
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - G:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\42\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\42\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: fireftp - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: prefs - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}.xpi
FF Extension: Adblock Plus - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: dta - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\42\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - G:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Extension: (avast! Online Security) - C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-23] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-23] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
S3 EC168x64; C:\Windows\System32\DRIVERS\EC168x64.sys [104576 2007-05-18] (e3C, Inc.)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-18] ()
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 WEBNTACCESS; C:\Windows\SysWow64\NTACCESS.SYS [17920 2008-04-14] (Your Corporation)
S3 WN4501HLFIR; C:\Windows\System32\DRIVERS\zd1211Bu.sys [602880 2007-06-25] (Atheros Technology Corporation)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 COMMONFX.DLL; \SystemRoot\System32\COMMONFX.DLL [x]
S3 CT20XUT.DLL; \SystemRoot\System32\CT20XUT.DLL [x]
S3 CTAUDFX.DLL; \SystemRoot\System32\CTAUDFX.DLL [x]
S3 CTEAPSFX.DLL; \SystemRoot\System32\CTEAPSFX.DLL [x]
S3 CTEDSPFX.DLL; \SystemRoot\System32\CTEDSPFX.DLL [x]
S3 CTEDSPIO.DLL; \SystemRoot\System32\CTEDSPIO.DLL [x]
S3 CTEDSPSY.DLL; \SystemRoot\System32\CTEDSPSY.DLL [x]
S3 CTEXFIFX.DLL; \SystemRoot\System32\CTEXFIFX.DLL [x]
S3 CTHWIUT.DLL; \SystemRoot\System32\CTHWIUT.DLL [x]
S3 CTSBLFX.DLL; \SystemRoot\System32\CTSBLFX.DLL [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 ZDPSp50a64; System32\Drivers\ZDPSp50a64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-05 20:01 - 2013-11-05 20:01 - 01957098 _____ (Farbar) C:\Users\42\Desktop\FRST64.exe
2013-11-05 20:01 - 2013-11-05 20:01 - 00000000 ____D C:\FRST
2013-11-04 19:24 - 2013-11-04 19:24 - 545837968 _____ C:\Users\42\Downloads\Make_Love_13.11.03_22-20_mdr_45_TVOON_DE.mpg.HQ.avi
2013-11-02 22:45 - 2013-11-03 19:36 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2013-10-29 20:29 - 2013-10-29 20:29 - 00244073 _____ C:\Users\42\Desktop\weitere Logs.zip
2013-10-29 20:24 - 2013-10-29 20:24 - 00112194 _____ C:\Users\42\Desktop\OTL.Txt
2013-10-29 20:19 - 2013-10-29 20:19 - 00095140 _____ C:\Users\42\Downloads\Extras.Txt
2013-10-29 20:17 - 2013-10-29 20:17 - 00112194 _____ C:\Users\42\Downloads\OTL.Txt
2013-10-29 20:04 - 2013-10-29 20:04 - 00602112 _____ (OldTimer Tools) C:\Users\42\Downloads\OTL.exe
2013-10-29 20:04 - 2013-10-29 20:04 - 00000000 ____D C:\_OTL
2013-10-29 19:49 - 2013-10-29 19:49 - 00000000 ____D C:\Users\42\Desktop\LocaleMetaData
2013-10-29 19:48 - 2013-10-29 19:49 - 04263936 _____ C:\Users\42\Desktop\watson.evtx
2013-10-28 19:50 - 2013-10-28 19:50 - 00207760 _____ C:\Users\42\Desktop\wireshark.pcapng
2013-10-28 19:43 - 2013-10-28 19:43 - 00500504 _____ C:\Users\42\Desktop\42.pcapng
2013-10-28 19:20 - 2013-10-28 19:26 - 27966944 _____ (Wireshark development team) C:\Users\42\Downloads\Wireshark-win64-1.10.2.exe
2013-10-27 15:34 - 2013-10-27 15:34 - 00002070 _____ C:\Users\42\AppData\Local\recently-used.xbel
2013-10-27 14:31 - 2013-10-27 14:31 - 00000000 ____D C:\Users\42\.thumbnails
2013-10-27 14:29 - 2013-10-27 15:34 - 00000000 ____D C:\Users\42\.gimp-2.8
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\42\AppData\Local\gegl-0.2
2013-10-23 20:18 - 2013-10-23 20:18 - 00000000 ____D C:\Users\42_2\AppData\Roaming\AVAST Software
2013-10-23 20:17 - 2013-11-05 18:34 - 00010916 _____ C:\Windows\PFRO.log
2013-10-23 19:57 - 2013-10-26 15:32 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-23 19:57 - 2013-10-23 19:57 - 00000000 ____D C:\Users\42\AppData\Roaming\AVAST Software
2013-10-23 19:57 - 2013-10-23 19:56 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-23 19:57 - 2013-10-23 19:56 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-23 19:56 - 2013-10-23 19:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-23 19:56 - 2013-10-23 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-23 19:55 - 2013-10-23 19:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-22 18:59 - 2013-10-22 18:59 - 00108512 _____ C:\Users\42\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 18:45 - 2013-11-05 18:34 - 00000728 _____ C:\Windows\setupact.log
2013-10-22 18:45 - 2013-10-22 18:45 - 00407616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 18:45 - 2013-10-22 18:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-22 18:41 - 2013-10-22 18:41 - 00109034 _____ C:\Users\42\Documents\cc_20131022_194126.reg
2013-10-22 17:22 - 2013-10-22 17:22 - 03047304 _____ (Cisco Systems, Inc.) C:\Users\42\Downloads\anyconnect-win-3.1.04059-web-deploy-k9.exe
2013-10-22 17:20 - 2013-10-23 18:28 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-10-21 18:36 - 2013-10-21 18:36 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 18:36 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-21 18:36 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-21 18:36 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-21 18:36 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-21 18:35 - 2013-10-21 18:36 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-21 18:18 - 2013-11-05 20:04 - 1248791850 _____ C:\Windows\system32\Drivers\etc\hosts.ac.tmp
2013-10-21 16:59 - 2013-10-21 17:03 - 253931296 _____ (NVIDIA Corporation) C:\Users\42_2\Desktop\331.58-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-10-14 19:35 - 2013-10-21 18:41 - 00000000 ____D C:\Users\42\AppData\Local\DoNotTrackPlus
2013-10-14 17:09 - 2013-09-19 17:15 - 00466255 _____ C:\Windows\system32\Drivers\etc\hosts.20131014-180921.backup
2013-10-09 18:40 - 2013-10-09 18:40 - 00001359 _____ C:\Users\42\Desktop\Dropbox.lnk
2013-10-09 17:59 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 17:59 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 17:59 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 17:59 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 17:59 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 17:59 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 17:59 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 17:59 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 17:59 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 17:59 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 17:36 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 17:36 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:36 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 17:36 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:36 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:36 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:36 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:36 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:36 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:36 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:36 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:36 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:36 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:36 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:36 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:36 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:35 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:35 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:35 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:35 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:35 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 17:35 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:35 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:35 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:35 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:35 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:35 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:35 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:35 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:35 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:35 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:35 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:35 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:35 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:35 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:35 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:35 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:35 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:35 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:35 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:35 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:35 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:35 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:35 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:35 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:35 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:35 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 17:35 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:35 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

==================== One Month Modified Files and Folders =======

2013-11-05 20:04 - 2013-10-21 18:18 - 1248791850 _____ C:\Windows\system32\Drivers\etc\hosts.ac.tmp
2013-11-05 20:04 - 2013-04-21 21:41 - 00000000 ____D C:\Users\42\AppData\Roaming\Dropbox
2013-11-05 20:01 - 2013-11-05 20:01 - 01957098 _____ (Farbar) C:\Users\42\Desktop\FRST64.exe
2013-11-05 20:01 - 2013-11-05 20:01 - 00000000 ____D C:\FRST
2013-11-05 19:55 - 2012-07-10 15:28 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA.job
2013-11-05 19:15 - 2012-04-14 16:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 19:05 - 2012-07-10 18:28 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA.job
2013-11-05 18:42 - 2009-07-14 05:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-05 18:42 - 2009-07-14 05:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 18:41 - 2009-07-14 18:58 - 00701354 _____ C:\Windows\system32\perfh007.dat
2013-11-05 18:41 - 2009-07-14 18:58 - 00150254 _____ C:\Windows\system32\perfc007.dat
2013-11-05 18:41 - 2009-07-14 06:13 - 01620804 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 18:40 - 2012-07-10 13:16 - 01888026 _____ C:\Windows\WindowsUpdate.log
2013-11-05 18:39 - 2013-04-21 21:44 - 00000000 ___RD C:\Users\42_2\Dropbox
2013-11-05 18:39 - 2012-07-02 15:29 - 00000000 ____D C:\Users\42\AppData\Roaming\Spotify
2013-11-05 18:39 - 2010-01-09 11:23 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6AE07752-9BCC-4914-AEF4-6E694B349A33}
2013-11-05 18:34 - 2013-10-23 20:17 - 00010916 _____ C:\Windows\PFRO.log
2013-11-05 18:34 - 2013-10-22 18:45 - 00000728 _____ C:\Windows\setupact.log
2013-11-05 18:34 - 2012-02-23 22:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-05 18:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 20:31 - 2013-05-19 20:18 - 00000000 ____D C:\Users\42\AppData\Roaming\vlc
2013-11-04 19:24 - 2013-11-04 19:24 - 545837968 _____ C:\Users\42\Downloads\Make_Love_13.11.03_22-20_mdr_45_TVOON_DE.mpg.HQ.avi
2013-11-03 21:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-03 21:28 - 2012-09-10 20:42 - 00000000 ____D C:\Users\42_2\AppData\Roaming\vlc
2013-11-03 19:36 - 2013-11-02 22:45 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2013-11-03 18:05 - 2012-07-10 18:28 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core.job
2013-11-03 13:38 - 2013-04-21 21:40 - 00000000 ____D C:\Users\42_2\AppData\Roaming\Dropbox
2013-10-29 20:29 - 2013-10-29 20:29 - 00244073 _____ C:\Users\42\Desktop\weitere Logs.zip
2013-10-29 20:24 - 2013-10-29 20:24 - 00112194 _____ C:\Users\42\Desktop\OTL.Txt
2013-10-29 20:19 - 2013-10-29 20:19 - 00095140 _____ C:\Users\42\Downloads\Extras.Txt
2013-10-29 20:17 - 2013-10-29 20:17 - 00112194 _____ C:\Users\42\Downloads\OTL.Txt
2013-10-29 20:04 - 2013-10-29 20:04 - 00602112 _____ (OldTimer Tools) C:\Users\42\Downloads\OTL.exe
2013-10-29 20:04 - 2013-10-29 20:04 - 00000000 ____D C:\_OTL
2013-10-29 19:49 - 2013-10-29 19:49 - 00000000 ____D C:\Users\42\Desktop\LocaleMetaData
2013-10-29 19:49 - 2013-10-29 19:48 - 04263936 _____ C:\Users\42\Desktop\watson.evtx
2013-10-28 19:50 - 2013-10-28 19:50 - 00207760 _____ C:\Users\42\Desktop\wireshark.pcapng
2013-10-28 19:43 - 2013-10-28 19:43 - 00500504 _____ C:\Users\42\Desktop\42.pcapng
2013-10-28 19:26 - 2013-10-28 19:20 - 27966944 _____ (Wireshark development team) C:\Users\42\Downloads\Wireshark-win64-1.10.2.exe
2013-10-27 15:34 - 2013-10-27 15:34 - 00002070 _____ C:\Users\42\AppData\Local\recently-used.xbel
2013-10-27 15:34 - 2013-10-27 14:29 - 00000000 ____D C:\Users\42\.gimp-2.8
2013-10-27 15:15 - 2009-12-22 19:32 - 00000000 ____D C:\Users\42\AppData\Local\Paint.NET
2013-10-27 14:31 - 2013-10-27 14:31 - 00000000 ____D C:\Users\42\.thumbnails
2013-10-27 14:31 - 2009-12-10 20:39 - 00000000 ____D C:\Users\42
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\42\AppData\Local\gegl-0.2
2013-10-27 12:59 - 2012-07-10 18:00 - 00000000 ____D C:\Users\42_2
2013-10-26 15:32 - 2013-10-23 19:57 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-26 15:27 - 2009-12-11 01:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-26 15:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-24 20:12 - 2012-07-12 20:34 - 00000000 ____D C:\Users\42_2\AppData\Roaming\Spotify
2013-10-24 20:07 - 2012-07-12 20:34 - 00000000 ____D C:\Users\42_2\AppData\Local\Spotify
2013-10-23 20:18 - 2013-10-23 20:18 - 00000000 ____D C:\Users\42_2\AppData\Roaming\AVAST Software
2013-10-23 19:57 - 2013-10-23 19:57 - 00000000 ____D C:\Users\42\AppData\Roaming\AVAST Software
2013-10-23 19:56 - 2013-10-23 19:57 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-23 19:56 - 2013-10-23 19:57 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-23 19:56 - 2013-10-23 19:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-23 19:56 - 2013-10-23 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-23 19:55 - 2013-10-23 19:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-23 18:28 - 2013-10-22 17:20 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-10-23 18:28 - 2012-03-05 21:06 - 00000000 ____D C:\ProgramData\Cisco
2013-10-22 18:59 - 2013-10-22 18:59 - 00108512 _____ C:\Users\42\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 18:45 - 2013-10-22 18:45 - 00407616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 18:45 - 2013-10-22 18:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-22 18:41 - 2013-10-22 18:41 - 00109034 _____ C:\Users\42\Documents\cc_20131022_194126.reg
2013-10-22 18:40 - 2010-05-05 17:32 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-22 18:40 - 2009-12-10 20:30 - 00000000 ____D C:\Windows\Panther
2013-10-22 18:39 - 2012-12-05 16:08 - 00030249 ____H C:\Windows\SysWOW64\BTImages.dat
2013-10-22 17:22 - 2013-10-22 17:22 - 03047304 _____ (Cisco Systems, Inc.) C:\Users\42\Downloads\anyconnect-win-3.1.04059-web-deploy-k9.exe
2013-10-21 18:41 - 2013-10-14 19:35 - 00000000 ____D C:\Users\42\AppData\Local\DoNotTrackPlus
2013-10-21 18:36 - 2013-10-21 18:36 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 18:36 - 2013-10-21 18:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-21 18:36 - 2013-09-02 08:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 18:22 - 2013-09-02 08:52 - 00000000 ____D C:\ProgramData\WebEx
2013-10-21 17:03 - 2013-10-21 16:59 - 253931296 _____ (NVIDIA Corporation) C:\Users\42_2\Desktop\331.58-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-10-21 17:00 - 2012-07-10 18:28 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA
2013-10-21 17:00 - 2012-07-10 18:28 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core
2013-10-17 20:20 - 2013-03-19 16:22 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-10-15 11:55 - 2012-07-10 15:28 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core.job
2013-10-14 17:09 - 2009-07-14 03:34 - 00481779 ____R C:\Windows\system32\Drivers\etc\hosts.ac
2013-10-14 17:09 - 2009-07-14 03:34 - 00481779 ____R C:\Windows\system32\Drivers\etc\hosts.20131024-203316.backup
2013-10-14 11:50 - 2012-07-10 15:28 - 00004072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA
2013-10-14 11:50 - 2012-07-10 15:28 - 00003676 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core
2013-10-10 20:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 19:17 - 2013-03-14 13:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 19:17 - 2013-03-14 13:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 18:40 - 2013-10-09 18:40 - 00001359 _____ C:\Users\42\Desktop\Dropbox.lnk
2013-10-09 18:38 - 2009-12-10 20:39 - 00000000 ___RD C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-09 18:37 - 2013-04-21 21:44 - 00001335 _____ C:\Users\42_2\Desktop\Dropbox.lnk
2013-10-09 18:17 - 2009-12-10 23:07 - 00000000 ____D C:\Users\42\AppData\Local\Mozilla
2013-10-09 18:02 - 2011-01-26 07:32 - 01597892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 17:54 - 2013-08-20 01:06 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 17:52 - 2009-12-10 23:44 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 17:50 - 2009-12-10 23:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-09 17:20 - 2010-03-11 18:20 - 00000000 ___RD C:\Users\42\Virtual Machines
2013-10-09 17:20 - 2009-12-10 20:39 - 00000000 ___RD C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-08 21:15 - 2012-04-14 16:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:15 - 2012-04-14 16:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:15 - 2011-05-17 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 06:50 - 2013-10-21 18:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 06:46 - 2013-10-21 18:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 06:46 - 2013-10-21 18:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 06:46 - 2013-10-21 18:36 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

Some content of TEMP:
====================
C:\Users\42\AppData\Local\Temp\20131021074457569jniverify.dll
C:\Users\42\AppData\Local\Temp\20131021084055623jniverify.dll
C:\Users\42\AppData\Local\Temp\20131022061947424jniverify.dll
C:\Users\42\AppData\Local\Temp\20131022072627992jniverify.dll
C:\Users\42\AppData\Local\Temp\20131023073020139jniverify.dll
C:\Users\42_2\AppData\Local\Temp\20131021072517332jniverify.dll
C:\Users\42_2\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\42_2\AppData\Local\Temp\Foxit Updater.exe
C:\Users\42_2\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\42_2\AppData\Local\Temp\SIntf16.dll
C:\Users\42_2\AppData\Local\Temp\SIntf32.dll
C:\Users\42_2\AppData\Local\Temp\SIntfNT.dll
C:\Users\42_2\AppData\Local\Temp\SkypeSetup.exe
C:\Users\42_2\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\42_2\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\42_2\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-03 15:06

==================== End Of Log ============================
         
--- --- ---


[/code]

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by 42 at 2013-11-05 20:05:03
Running from C:\Users\42\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Age Of Pirates - Caribbean Tales 1.41 (x32)
avast! Free Antivirus (x32 Version: 9.0.2006)
AVM FRITZ!WLAN (x32)
BlueStacks App Player (x32 Version: 0.7.12.896)
BlueStacks Notification Center (x32 Version: 0.7.12.896)
CCleaner (Version: 3.16)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04059)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Dawn of War - Dark Crusade (x32 Version: 1.00.0000)
Dawn Of War - Winter Assault (x32 Version: 1.4)
DawnOfWar (x32 Version: 1.00.00000)
EndNote X6 (x32 Version: 16.0.1.6599)
Foxit Reader (x32 Version: 6.0.5.618)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (HKCU Version: 30.0.1599.101)
Half-Life (x32)
HP Install Network Printer Wizard (x32 Version: 8.1.03)
ICQ7.6 (x32 Version: 7.6)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Liveupdate4 (x32)
Max Payne 3 (x32 Version: 1.0.0.0)
MEDUSA NX USB 5.1 Gaming Headset
Metro 2033 (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Small Business Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft StarLancer (x32)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 21.0)
Mp3tag v2.49 (x32 Version: v2.49)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Controller-Treiber 306.97 (Version: 306.97)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Drivers (Version: 1.4)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
OpenAL (x32)
Paint.NET v3.5.11 (Version: 3.61.0)
PDFCreator (x32 Version: 1.7.1)
pdfsam (x32 Version: 2.2.0)
Portal (x32)
Portal 2 (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6151)
ResearchSoft Direct Export Helper (x32)
Rockstar Games Social Club (x32 Version: 1.0.9.5)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 6.1 (x32 Version: 6.1.129)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StarCraft II (x32 Version: 1.3.6.19269)
Steam (x32 Version: 1.0.0.0)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (x32)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay  (x32)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan  (x32)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood  (x32)
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Warhammer® 40,000™: Dawn of War® II (x32)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

==================== Restore Points  =========================

22-10-2013 16:15:33 Removed Cisco AnyConnect Secure Mobility Client
22-10-2013 16:20:02 Installed Cisco AnyConnect Secure Mobility Client
22-10-2013 16:23:28 Installed Cisco AnyConnect Secure Mobility Client
22-10-2013 17:26:47 Installed Cisco AnyConnect Secure Mobility Client
22-10-2013 17:38:36 Removed Cisco AnyConnect Secure Mobility Client
23-10-2013 17:27:15 Installed Cisco AnyConnect Secure Mobility Client
23-10-2013 18:56:30 avast! antivirus system restore point
25-10-2013 16:52:49 Windows Update
26-10-2013 14:29:39 avast! antivirus system restore point
26-10-2013 14:33:57 Windows Update
29-10-2013 18:15:31 Windows Update
02-11-2013 21:36:36 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-24 19:33 - 00481797 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	www.123moviedownload.com
127.0.0.1	123moviedownload.com
127.0.0.1	123simsen.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1E111526-5B69-4807-A9B0-6B2ED59BA348} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {30E3AAA7-F2F9-4F73-9845-30388A0DFF1E} - System32\Tasks\{AB2C7417-7F4A-45B9-B208-2E0EA15529BB} => C:\Program Files (x86)\BlueStacks\HD-RunApp.exe [2013-05-13] (BlueStack Systems, Inc.)
Task: {36A8183D-A23B-4EF5-8BA2-CF085524921B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {446F46CF-F5F4-4EA8-8785-EB1EDE6CD415} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {4A7792D5-278F-49FC-9B54-67D1EB99F0C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {5077AD23-1ED7-4F52-941B-6E2F4E756AD8} - System32\Tasks\{7516A115-52F7-4E2D-8BDF-A1A0BFB65525} => M:\Studium\SS12\lj631ge.exe
Task: {72018DC6-31FA-4EE0-97C9-481940B477CC} - System32\Tasks\{C7EA6CC9-6D81-4906-BF31-71CB90164604} => E:\setup.exe
Task: {D769BBB8-4CD7-4803-AAEE-751561D84812} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {D98886BF-CE76-4A13-AA06-6C97239400A1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F1CDACEE-24CB-4E22-91C2-B918F446775E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core.job => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA.job => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core.job => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA.job => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-05 18:35 - 2013-11-05 09:55 - 02138112 _____ () C:\Program Files\AVAST Software\Avast\defs\13110500\algo.dll
2013-10-23 19:56 - 2013-10-23 19:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-06-28 23:24 - 2006-09-13 13:08 - 00491520 ____N () C:\Windows\system\CmAu106.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\42_2\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-21 18:42 - 2013-10-09 01:01 - 00698832 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-21 18:42 - 2013-10-09 01:01 - 00099792 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-21 18:42 - 2013-10-09 01:02 - 04055504 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-21 18:42 - 2013-10-09 01:02 - 00415184 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-21 18:42 - 2013-10-09 01:01 - 01604560 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-21 18:42 - 2013-10-09 01:02 - 13584336 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2013 08:04:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x1440
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 08:03:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x175c
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 08:02:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x1220
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 08:01:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x868
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 08:00:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x8c0
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 07:59:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0xb0c
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 07:58:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4db
ID des fehlerhaften Prozesses: 0xd78
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 07:57:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x9a0
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 07:56:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4e4
ID des fehlerhaften Prozesses: 0xe8
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/05/2013 07:55:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0xb0c
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3


System errors:
=============
Error: (11/05/2013 08:04:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 91 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 08:03:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 90 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 08:02:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 89 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 08:01:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 88 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 08:00:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 87 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 07:59:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 86 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 07:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 85 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 07:57:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 84 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 07:56:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 83 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/05/2013 07:55:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 82 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (11/05/2013 08:04:42 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf144001ceda59e19d0518C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll1ffbeedf-464d-11e3-9955-bc0543014aad

Error: (11/05/2013 08:03:40 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf175c01ceda59bca8b83eC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dllfb1cf109-464c-11e3-9955-bc0543014aad

Error: (11/05/2013 08:02:38 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf122001ceda59982e75c2C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dlld6496c84-464c-11e3-9955-bc0543014aad

Error: (11/05/2013 08:01:37 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf86801ceda5973340ce1C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dllb1c98073-464c-11e3-9955-bc0543014aad

Error: (11/05/2013 08:00:35 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf8c001ceda594eb957f5C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll8ce67ca5-464c-11e3-9955-bc0543014aad

Error: (11/05/2013 07:59:34 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cfb0c01ceda5929f1bf32C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll6868ccc8-464c-11e3-9955-bc0543014aad

Error: (11/05/2013 07:58:32 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4dbd7801ceda5905536d25C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll4396c5bc-464c-11e3-9955-bc0543014aad

Error: (11/05/2013 07:57:31 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf9a001ceda58e0e5d528C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll1f06030f-464c-11e3-9955-bc0543014aad

Error: (11/05/2013 07:56:30 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4e4e801ceda58bcaff822C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dllfab494d9-464b-11e3-9955-bc0543014aad

Error: (11/05/2013 07:55:29 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cfb0c01ceda58980e38b4C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dlld6628e0c-464b-11e3-9955-bc0543014aad


CodeIntegrity Errors:
===================================
  Date: 2013-08-19 19:13:40.539
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-19 18:25:13.381
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-19 17:58:39.131
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-19 16:50:45.324
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 15:06:07.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 14:58:01.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 14:34:55.222
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 14:15:15.303
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 12:36:32.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 01:22:50.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 6143.24 MB
Available physical RAM: 3330.21 MB
Total Pagefile: 12284.66 MB
Available Pagefile: 9087.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:367.84 GB) (Free:118.58 GB) NTFS
Drive f: (Volume) (Fixed) (Total:465.76 GB) (Free:151.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:97.82 GB) (Free:61.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 69205244)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Viele Grüße

m42ch

Geändert von m42ch (05.11.2013 um 19:17 Uhr)

Alt 05.11.2013, 22:27   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.11.2013, 18:55   #6
m42ch
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



hier dann auch das MBAR-Log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
42 :: 42-PC [administrator]

06.11.2013 19:31:54
mbar-log-2013-11-06 (19-31-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 272442
Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Schaut alles gut aus... =)


Hier einfach noch der System-Log falls der noch für iwas gut ist:

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6441656320, free: 3524161536

Downloaded database version: v2013.11.06.08
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/06/2013 19:31:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\system32\drivers\aswTdi.sys
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\fwlanusbn.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\CM10664.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005fbd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xfffffa8005d29060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005fbc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-6\
Lower Device Object: 0xfffffa8005d39060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005fbd060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005fbdb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005fbd060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005d27580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005d29060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005fbc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005fbcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005fbc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005d37520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005d39060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69205244

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976766976
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 771424256

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 771631104  Numsec = 205137920

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
         

Alt 06.11.2013, 20:42   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.11.2013, 22:02   #8
m42ch
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



1. AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.011 - Bericht erstellt am 06/11/2013 um 22:44:31
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : 42 - 42-PC
# Gestartet von : C:\Users\42\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Users\42\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\42\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\42_2\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Datei Gelöscht : C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-screen-to-video_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-screen-to-video_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\prefs.js ]


[ Datei : C:\Users\42_2\AppData\Roaming\Mozilla\Firefox\Profiles\3b6g3u3i.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\42_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3104 octets] - [06/11/2013 22:42:17]
AdwCleaner[S0].txt - [3033 octets] - [06/11/2013 22:44:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3093 octets] ##########
         
2. JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by 42 on 06.11.2013 at 22:51:11,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cbsidlm-tr1_7-The_Babylon_Project_DVD-ORG2-10882882_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cbsidlm-tr1_7-The_Babylon_Project_DVD-ORG2-10882882_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\cbsidlm-tr1_7-The_Babylon_Project_DVD-ORG2-10882882_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\cbsidlm-tr1_7-The_Babylon_Project_DVD-ORG2-10882882_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\42\AppData\Roaming\mozilla\firefox\profiles\w13am0zb.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2013 at 22:58:11,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by 42 (administrator) on 42-PC on 06-11-2013 22:59:22
Running from C:\Users\42\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\42_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Windows\system\Cm106eye.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKCU\...\Run: [Google Update] - C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-10] (Google Inc.)
HKCU\...\Run: [Spotify] - C:\Users\42\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-18] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-18] (Spotify Ltd)
MountPoints2: E - E:\ASRSetup.exe
MountPoints2: J - J:\LaunchU3.exe -a
MountPoints2: {154ba5da-e5c3-11de-9cd0-9c6f88b70a6d} - I:\LaunchU3.exe -a
MountPoints2: {9bbf4fe8-e5c2-11de-a812-806e6f6e6963} - E:\autorun\autorun.exe
MountPoints2: {ca6d5a62-278f-11df-b11a-806e6f6e6963} - D:\AutoPlay.exe
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [25600 2009-06-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-23] (AVAST Software)
HKU\42_2\...\Run: [Google Update] - C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-10] (Google Inc.)
HKU\42_2\...\Run: [Spotify Web Helper] - C:\Users\42\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-18] (Spotify Ltd)
Startup: C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\42_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\42_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\42\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70CE7C1D8163CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {11DA48D5-FD81-41F4-AA59-97FA01D0DCA3} URL = hxxp://www.bing.com/search?q={searchTerms}&r=46
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {609D670F-B735-4da7-AC6D-F3BD358E325E} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default
FF Homepage: about:home
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - G:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\42\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\42\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: fireftp - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: prefs - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}.xpi
FF Extension: Adblock Plus - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: dta - C:\Users\42\AppData\Roaming\Mozilla\Firefox\Profiles\w13am0zb.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\42\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - G:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Extension: (avast! Online Security) - C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\42\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\42\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-23] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-23] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
S3 EC168x64; C:\Windows\System32\DRIVERS\EC168x64.sys [104576 2007-05-18] (e3C, Inc.)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-18] ()
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 WEBNTACCESS; C:\Windows\SysWow64\NTACCESS.SYS [17920 2008-04-14] (Your Corporation)
S3 WN4501HLFIR; C:\Windows\System32\DRIVERS\zd1211Bu.sys [602880 2007-06-25] (Atheros Technology Corporation)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 COMMONFX.DLL; \SystemRoot\System32\COMMONFX.DLL [x]
S3 CT20XUT.DLL; \SystemRoot\System32\CT20XUT.DLL [x]
S3 CTAUDFX.DLL; \SystemRoot\System32\CTAUDFX.DLL [x]
S3 CTEAPSFX.DLL; \SystemRoot\System32\CTEAPSFX.DLL [x]
S3 CTEDSPFX.DLL; \SystemRoot\System32\CTEDSPFX.DLL [x]
S3 CTEDSPIO.DLL; \SystemRoot\System32\CTEDSPIO.DLL [x]
S3 CTEDSPSY.DLL; \SystemRoot\System32\CTEDSPSY.DLL [x]
S3 CTEXFIFX.DLL; \SystemRoot\System32\CTEXFIFX.DLL [x]
S3 CTHWIUT.DLL; \SystemRoot\System32\CTHWIUT.DLL [x]
S3 CTSBLFX.DLL; \SystemRoot\System32\CTSBLFX.DLL [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 ZDPSp50a64; System32\Drivers\ZDPSp50a64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 22:59 - 2013-11-06 22:59 - 01957098 _____ (Farbar) C:\Users\42\Downloads\FRST64.exe
2013-11-06 22:58 - 2013-11-06 22:58 - 00001356 _____ C:\Users\42\Desktop\JRT.txt
2013-11-06 22:51 - 2013-11-06 22:51 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 22:50 - 2013-11-06 22:50 - 01034531 _____ (Thisisu) C:\Users\42\Downloads\JRT.exe
2013-11-06 22:42 - 2013-11-06 22:44 - 00000000 ____D C:\AdwCleaner
2013-11-06 22:41 - 2013-11-06 22:41 - 01073262 _____ C:\Users\42\Downloads\adwcleaner.exe
2013-11-06 22:37 - 2013-11-06 22:37 - 02134554 _____ C:\Users\42\Desktop\Logs.zip
2013-11-06 22:29 - 2013-11-06 22:29 - 21041152 _____ C:\Users\42\Desktop\Fehlerüberblick.evtx
2013-11-06 22:06 - 2013-11-06 22:29 - 00000000 ____D C:\Users\42\Desktop\LocaleMetaData
2013-11-06 21:35 - 2013-11-06 22:06 - 04263936 _____ C:\Users\42\Desktop\schwan3.evtx
2013-11-06 19:31 - 2013-11-06 19:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-06 19:31 - 2013-11-06 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-05 20:01 - 2013-11-05 20:01 - 00000000 ____D C:\FRST
2013-11-04 19:24 - 2013-11-04 19:24 - 545837968 _____ C:\Users\42\Downloads\Make_Love_13.11.03_22-20_mdr_45_TVOON_DE.mpg.HQ.avi
2013-11-02 22:45 - 2013-11-03 19:36 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2013-10-29 20:04 - 2013-10-29 20:04 - 00602112 _____ (OldTimer Tools) C:\Users\42\Downloads\OTL.exe
2013-10-29 20:04 - 2013-10-29 20:04 - 00000000 ____D C:\_OTL
2013-10-28 19:28 - 2013-11-06 21:53 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-10-28 19:27 - 2013-11-06 21:53 - 00000000 ____D C:\Program Files\Wireshark
2013-10-28 19:27 - 2013-10-28 19:27 - 00001565 _____ C:\Users\Public\Desktop\Wireshark.lnk
2013-10-28 19:20 - 2013-10-28 19:26 - 27966944 _____ (Wireshark development team) C:\Users\42\Downloads\Wireshark-win64-1.10.2.exe
2013-10-27 15:34 - 2013-10-27 15:34 - 00002070 _____ C:\Users\42\AppData\Local\recently-used.xbel
2013-10-27 14:31 - 2013-10-27 14:31 - 00000000 ____D C:\Users\42\.thumbnails
2013-10-27 14:29 - 2013-10-27 15:34 - 00000000 ____D C:\Users\42\.gimp-2.8
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\42\AppData\Local\gegl-0.2
2013-10-23 20:18 - 2013-10-23 20:18 - 00000000 ____D C:\Users\42_2\AppData\Roaming\AVAST Software
2013-10-23 20:17 - 2013-10-23 20:17 - 00010354 _____ C:\Windows\PFRO.log
2013-10-23 19:57 - 2013-11-06 21:58 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-23 19:57 - 2013-10-23 19:57 - 00000000 ____D C:\Users\42\AppData\Roaming\AVAST Software
2013-10-23 19:57 - 2013-10-23 19:56 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-23 19:57 - 2013-10-23 19:56 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-23 19:57 - 2013-10-23 19:56 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-23 19:56 - 2013-10-23 19:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-23 19:56 - 2013-10-23 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-23 19:55 - 2013-10-23 19:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-22 18:59 - 2013-10-22 18:59 - 00108512 _____ C:\Users\42\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 18:45 - 2013-11-06 22:46 - 00000672 _____ C:\Windows\setupact.log
2013-10-22 18:45 - 2013-10-22 18:45 - 00407616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 18:45 - 2013-10-22 18:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-22 18:41 - 2013-10-22 18:41 - 00109034 _____ C:\Users\42\Documents\cc_20131022_194126.reg
2013-10-22 17:22 - 2013-10-22 17:22 - 03047304 _____ (Cisco Systems, Inc.) C:\Users\42\Downloads\anyconnect-win-3.1.04059-web-deploy-k9.exe
2013-10-22 17:20 - 2013-11-06 21:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-10-21 18:36 - 2013-10-21 18:36 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 18:36 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-21 18:36 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-21 18:36 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-21 18:36 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-21 18:35 - 2013-10-21 18:36 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-21 18:18 - 2013-11-06 23:00 - 925695594 _____ C:\Windows\system32\Drivers\etc\hosts.ac.tmp
2013-10-21 16:59 - 2013-10-21 17:03 - 253931296 _____ (NVIDIA Corporation) C:\Users\42_2\Desktop\331.58-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-10-14 19:35 - 2013-10-21 18:41 - 00000000 ____D C:\Users\42\AppData\Local\DoNotTrackPlus
2013-10-14 17:09 - 2013-09-19 17:15 - 00466255 _____ C:\Windows\system32\Drivers\etc\hosts.20131014-180921.backup
2013-10-09 18:40 - 2013-10-09 18:40 - 00001359 _____ C:\Users\42\Desktop\Dropbox.lnk
2013-10-09 17:59 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 17:59 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 17:59 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 17:59 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 17:59 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 17:59 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 17:59 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 17:59 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 17:59 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 17:59 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 17:59 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 17:59 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 17:36 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 17:36 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:36 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 17:36 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:36 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:36 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:36 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:36 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:36 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:36 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:36 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:36 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:36 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:36 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:36 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:36 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:35 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:35 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:35 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:35 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:35 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:35 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 17:35 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:35 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:35 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:35 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:35 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:35 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:35 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:35 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:35 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:35 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:35 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:35 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:35 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:35 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:35 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:35 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:35 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:35 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:35 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:35 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:35 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:35 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:35 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:35 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:35 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:35 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 17:35 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:35 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

==================== One Month Modified Files and Folders =======

2013-11-06 23:00 - 2013-10-21 18:18 - 925695594 _____ C:\Windows\system32\Drivers\etc\hosts.ac.tmp
2013-11-06 22:59 - 2013-11-06 22:59 - 01957098 _____ (Farbar) C:\Users\42\Downloads\FRST64.exe
2013-11-06 22:59 - 2012-07-10 18:00 - 00000000 ____D C:\Users\42_2
2013-11-06 22:58 - 2013-11-06 22:58 - 00001356 _____ C:\Users\42\Desktop\JRT.txt
2013-11-06 22:55 - 2012-07-10 15:28 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA.job
2013-11-06 22:54 - 2009-07-14 05:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 22:54 - 2009-07-14 05:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 22:53 - 2012-07-02 15:29 - 00000000 ____D C:\Users\42\AppData\Roaming\Spotify
2013-11-06 22:53 - 2009-07-14 18:58 - 00701354 _____ C:\Windows\system32\perfh007.dat
2013-11-06 22:53 - 2009-07-14 18:58 - 00150254 _____ C:\Windows\system32\perfc007.dat
2013-11-06 22:53 - 2009-07-14 06:13 - 01620804 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-06 22:51 - 2013-11-06 22:51 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 22:50 - 2013-11-06 22:50 - 01034531 _____ (Thisisu) C:\Users\42\Downloads\JRT.exe
2013-11-06 22:49 - 2010-01-09 11:23 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6AE07752-9BCC-4914-AEF4-6E694B349A33}
2013-11-06 22:48 - 2013-04-21 21:44 - 00000000 ___RD C:\Users\42_2\Dropbox
2013-11-06 22:48 - 2013-04-21 21:41 - 00000000 ____D C:\Users\42\AppData\Roaming\Dropbox
2013-11-06 22:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 22:46 - 2013-10-22 18:45 - 00000672 _____ C:\Windows\setupact.log
2013-11-06 22:46 - 2012-02-23 22:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-06 22:45 - 2012-07-10 13:16 - 01854895 _____ C:\Windows\WindowsUpdate.log
2013-11-06 22:44 - 2013-11-06 22:42 - 00000000 ____D C:\AdwCleaner
2013-11-06 22:41 - 2013-11-06 22:41 - 01073262 _____ C:\Users\42\Downloads\adwcleaner.exe
2013-11-06 22:37 - 2013-11-06 22:37 - 02134554 _____ C:\Users\42\Desktop\Logs.zip
2013-11-06 22:29 - 2013-11-06 22:29 - 21041152 _____ C:\Users\42\Desktop\Fehlerüberblick.evtx
2013-11-06 22:29 - 2013-11-06 22:06 - 00000000 ____D C:\Users\42\Desktop\LocaleMetaData
2013-11-06 22:15 - 2012-04-14 16:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 22:06 - 2013-11-06 21:35 - 04263936 _____ C:\Users\42\Desktop\schwan3.evtx
2013-11-06 22:05 - 2012-07-10 18:28 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA.job
2013-11-06 21:58 - 2013-10-23 19:57 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-06 21:53 - 2013-10-28 19:28 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-11-06 21:53 - 2013-10-28 19:27 - 00000000 ____D C:\Program Files\Wireshark
2013-11-06 21:53 - 2013-10-22 17:20 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-06 21:53 - 2013-05-19 20:18 - 00000000 ____D C:\Users\42\AppData\Roaming\vlc
2013-11-06 21:53 - 2012-12-05 14:42 - 00000000 ____D C:\Program Files\CheckPoint
2013-11-06 21:53 - 2012-09-10 20:42 - 00000000 ____D C:\Users\42_2\AppData\Roaming\vlc
2013-11-06 21:53 - 2009-12-10 20:39 - 00000000 ____D C:\Users\42
2013-11-06 21:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-06 21:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-06 21:18 - 2012-03-05 21:06 - 00000000 ____D C:\ProgramData\Cisco
2013-11-06 19:53 - 2013-11-06 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-06 19:42 - 2009-12-22 19:32 - 00000000 ____D C:\Users\42\AppData\Local\Paint.NET
2013-11-06 19:31 - 2013-11-06 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-05 20:01 - 2013-11-05 20:01 - 00000000 ____D C:\FRST
2013-11-04 19:24 - 2013-11-04 19:24 - 545837968 _____ C:\Users\42\Downloads\Make_Love_13.11.03_22-20_mdr_45_TVOON_DE.mpg.HQ.avi
2013-11-03 19:36 - 2013-11-02 22:45 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2013-11-02 22:33 - 2013-04-21 21:40 - 00000000 ____D C:\Users\42_2\AppData\Roaming\Dropbox
2013-10-29 20:04 - 2013-10-29 20:04 - 00602112 _____ (OldTimer Tools) C:\Users\42\Downloads\OTL.exe
2013-10-29 20:04 - 2013-10-29 20:04 - 00000000 ____D C:\_OTL
2013-10-28 19:27 - 2013-10-28 19:27 - 00001565 _____ C:\Users\Public\Desktop\Wireshark.lnk
2013-10-28 19:26 - 2013-10-28 19:20 - 27966944 _____ (Wireshark development team) C:\Users\42\Downloads\Wireshark-win64-1.10.2.exe
2013-10-27 18:05 - 2012-07-10 18:28 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core.job
2013-10-27 15:34 - 2013-10-27 15:34 - 00002070 _____ C:\Users\42\AppData\Local\recently-used.xbel
2013-10-27 15:34 - 2013-10-27 14:29 - 00000000 ____D C:\Users\42\.gimp-2.8
2013-10-27 14:31 - 2013-10-27 14:31 - 00000000 ____D C:\Users\42\.thumbnails
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\42\AppData\Local\gegl-0.2
2013-10-26 15:27 - 2009-12-11 01:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-24 20:12 - 2012-07-12 20:34 - 00000000 ____D C:\Users\42_2\AppData\Roaming\Spotify
2013-10-24 20:07 - 2012-07-12 20:34 - 00000000 ____D C:\Users\42_2\AppData\Local\Spotify
2013-10-23 20:18 - 2013-10-23 20:18 - 00000000 ____D C:\Users\42_2\AppData\Roaming\AVAST Software
2013-10-23 20:17 - 2013-10-23 20:17 - 00010354 _____ C:\Windows\PFRO.log
2013-10-23 19:57 - 2013-10-23 19:57 - 00000000 ____D C:\Users\42\AppData\Roaming\AVAST Software
2013-10-23 19:56 - 2013-10-23 19:57 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-23 19:56 - 2013-10-23 19:57 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-23 19:56 - 2013-10-23 19:57 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-23 19:56 - 2013-10-23 19:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-23 19:56 - 2013-10-23 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-23 19:55 - 2013-10-23 19:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-22 18:59 - 2013-10-22 18:59 - 00108512 _____ C:\Users\42\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 18:45 - 2013-10-22 18:45 - 00407616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 18:45 - 2013-10-22 18:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-22 18:41 - 2013-10-22 18:41 - 00109034 _____ C:\Users\42\Documents\cc_20131022_194126.reg
2013-10-22 18:40 - 2010-05-05 17:32 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-22 18:40 - 2009-12-10 20:30 - 00000000 ____D C:\Windows\Panther
2013-10-22 18:39 - 2012-12-05 16:08 - 00030249 ____H C:\Windows\SysWOW64\BTImages.dat
2013-10-22 17:22 - 2013-10-22 17:22 - 03047304 _____ (Cisco Systems, Inc.) C:\Users\42\Downloads\anyconnect-win-3.1.04059-web-deploy-k9.exe
2013-10-21 18:41 - 2013-10-14 19:35 - 00000000 ____D C:\Users\42\AppData\Local\DoNotTrackPlus
2013-10-21 18:36 - 2013-10-21 18:36 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 18:36 - 2013-10-21 18:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-21 18:36 - 2013-09-02 08:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 18:22 - 2013-09-02 08:52 - 00000000 ____D C:\ProgramData\WebEx
2013-10-21 17:03 - 2013-10-21 16:59 - 253931296 _____ (NVIDIA Corporation) C:\Users\42_2\Desktop\331.58-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-10-21 17:00 - 2012-07-10 18:28 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA
2013-10-21 17:00 - 2012-07-10 18:28 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core
2013-10-15 11:55 - 2012-07-10 15:28 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core.job
2013-10-14 17:09 - 2009-07-14 03:34 - 00481779 ____R C:\Windows\system32\Drivers\etc\hosts.ac
2013-10-14 17:09 - 2009-07-14 03:34 - 00481779 ____R C:\Windows\system32\Drivers\etc\hosts.20131024-203316.backup
2013-10-14 11:50 - 2012-07-10 15:28 - 00004072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA
2013-10-14 11:50 - 2012-07-10 15:28 - 00003676 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core
2013-10-10 20:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 19:17 - 2013-03-14 13:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 19:17 - 2013-03-14 13:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 18:40 - 2013-10-09 18:40 - 00001359 _____ C:\Users\42\Desktop\Dropbox.lnk
2013-10-09 18:38 - 2009-12-10 20:39 - 00000000 ___RD C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-09 18:37 - 2013-04-21 21:44 - 00001335 _____ C:\Users\42_2\Desktop\Dropbox.lnk
2013-10-09 18:17 - 2009-12-10 23:07 - 00000000 ____D C:\Users\42\AppData\Local\Mozilla
2013-10-09 18:02 - 2011-01-26 07:32 - 01597892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 17:54 - 2013-08-20 01:06 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 17:52 - 2009-12-10 23:44 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 17:50 - 2009-12-10 23:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-09 17:20 - 2010-03-11 18:20 - 00000000 ___RD C:\Users\42\Virtual Machines
2013-10-09 17:20 - 2009-12-10 20:39 - 00000000 ___RD C:\Users\42\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-08 21:15 - 2012-04-14 16:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:15 - 2012-04-14 16:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:15 - 2011-05-17 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 06:50 - 2013-10-21 18:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 06:46 - 2013-10-21 18:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 06:46 - 2013-10-21 18:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 06:46 - 2013-10-21 18:36 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

Some content of TEMP:
====================
C:\Users\42\AppData\Local\Temp\20131021074457569jniverify.dll
C:\Users\42\AppData\Local\Temp\20131021084055623jniverify.dll
C:\Users\42\AppData\Local\Temp\20131022061947424jniverify.dll
C:\Users\42\AppData\Local\Temp\20131022072627992jniverify.dll
C:\Users\42\AppData\Local\Temp\20131023073020139jniverify.dll
C:\Users\42\AppData\Local\Temp\Quarantine.exe
C:\Users\42_2\AppData\Local\Temp\20131021072517332jniverify.dll
C:\Users\42_2\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\42_2\AppData\Local\Temp\Foxit Updater.exe
C:\Users\42_2\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\42_2\AppData\Local\Temp\SIntf16.dll
C:\Users\42_2\AppData\Local\Temp\SIntf32.dll
C:\Users\42_2\AppData\Local\Temp\SIntfNT.dll
C:\Users\42_2\AppData\Local\Temp\SkypeSetup.exe
C:\Users\42_2\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\42_2\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\42_2\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-03 15:06

==================== End Of Log ============================
         
--- --- ---


Frst-Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by 42 at 2013-11-06 23:01:27
Running from C:\Users\42\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Age Of Pirates - Caribbean Tales 1.41 (x32)
avast! Free Antivirus (x32 Version: 9.0.2006)
AVM FRITZ!WLAN (x32)
BlueStacks App Player (x32 Version: 0.7.12.896)
BlueStacks Notification Center (x32 Version: 0.7.12.896)
CCleaner (Version: 3.16)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04059)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Dawn of War - Dark Crusade (x32 Version: 1.00.0000)
Dawn Of War - Winter Assault (x32 Version: 1.4)
DawnOfWar (x32 Version: 1.00.00000)
EndNote X6 (x32 Version: 16.0.1.6599)
Foxit Reader (x32 Version: 6.0.5.618)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (HKCU Version: 30.0.1599.101)
Half-Life (x32)
HP Install Network Printer Wizard (x32 Version: 8.1.03)
ICQ7.6 (x32 Version: 7.6)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Liveupdate4 (x32)
Max Payne 3 (x32 Version: 1.0.0.0)
MEDUSA NX USB 5.1 Gaming Headset
Metro 2033 (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Small Business Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft StarLancer (x32)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 21.0)
Mp3tag v2.49 (x32 Version: v2.49)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Controller-Treiber 306.97 (Version: 306.97)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Drivers (Version: 1.4)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
OpenAL (x32)
Paint.NET v3.5.11 (Version: 3.61.0)
PDFCreator (x32 Version: 1.7.1)
pdfsam (x32 Version: 2.2.0)
Portal (x32)
Portal 2 (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6151)
ResearchSoft Direct Export Helper (x32)
Rockstar Games Social Club (x32 Version: 1.0.9.5)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 6.1 (x32 Version: 6.1.129)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StarCraft II (x32 Version: 1.3.6.19269)
Steam (x32 Version: 1.0.0.0)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (x32)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay  (x32)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan  (x32)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood  (x32)
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Warhammer® 40,000™: Dawn of War® II (x32)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
Wireshark 1.10.2 (64-bit) (x32 Version: 1.10.2)

==================== Restore Points  =========================

25-10-2013 16:52:49 Windows Update
26-10-2013 14:29:39 avast! antivirus system restore point
26-10-2013 14:33:57 Windows Update
29-10-2013 18:15:31 Windows Update
02-11-2013 21:36:36 Windows Update
06-11-2013 18:59:21 Removed Cisco AnyConnect Secure Mobility Client
06-11-2013 19:00:41 Installed Cisco AnyConnect Secure Mobility Client
06-11-2013 20:06:19 avast! antivirus system restore point
06-11-2013 20:09:14 Removed Cisco AnyConnect Secure Mobility Client
06-11-2013 20:17:23 Windows Update
06-11-2013 20:17:37 Installed Cisco AnyConnect Secure Mobility Client
06-11-2013 20:55:07 avast! antivirus system restore point
06-11-2013 21:00:30 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-24 19:33 - 00481797 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	www.123moviedownload.com
127.0.0.1	123moviedownload.com
127.0.0.1	123simsen.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1E111526-5B69-4807-A9B0-6B2ED59BA348} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {30E3AAA7-F2F9-4F73-9845-30388A0DFF1E} - System32\Tasks\{AB2C7417-7F4A-45B9-B208-2E0EA15529BB} => C:\Program Files (x86)\BlueStacks\HD-RunApp.exe [2013-05-13] (BlueStack Systems, Inc.)
Task: {36A8183D-A23B-4EF5-8BA2-CF085524921B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {446F46CF-F5F4-4EA8-8785-EB1EDE6CD415} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {4A7792D5-278F-49FC-9B54-67D1EB99F0C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {5077AD23-1ED7-4F52-941B-6E2F4E756AD8} - System32\Tasks\{7516A115-52F7-4E2D-8BDF-A1A0BFB65525} => M:\Studium\SS12\lj631ge.exe
Task: {72018DC6-31FA-4EE0-97C9-481940B477CC} - System32\Tasks\{C7EA6CC9-6D81-4906-BF31-71CB90164604} => E:\setup.exe [2009-07-15] (Microsoft Corporation)
Task: {D769BBB8-4CD7-4803-AAEE-751561D84812} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {D98886BF-CE76-4A13-AA06-6C97239400A1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F1CDACEE-24CB-4E22-91C2-B918F446775E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000Core.job => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1000UA.job => C:\Users\42\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006Core.job => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3888471740-3113341665-555123505-1006UA.job => C:\Users\42_2\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-06 21:59 - 2013-11-06 19:06 - 02139648 _____ () C:\Program Files\AVAST Software\Avast\defs\13110602\algo.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\42_2\AppData\Roaming\Dropbox\bin\libcef.dll
2012-06-28 23:24 - 2006-09-13 13:08 - 00491520 ____N () C:\Windows\system\CmAu106.dll
2013-10-23 19:56 - 2013-10-23 19:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-21 18:42 - 2013-10-09 01:02 - 04055504 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-21 18:42 - 2013-10-09 01:02 - 00415184 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-21 18:42 - 2013-10-09 01:01 - 01604560 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-21 18:42 - 2013-10-09 01:01 - 00698832 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-21 18:42 - 2013-10-09 01:01 - 00099792 _____ () C:\Users\42\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2013 11:00:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x488
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/06/2013 10:59:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4db
ID des fehlerhaften Prozesses: 0x1348
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3

Error: (11/06/2013 10:58:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vpnagent.exe, Version: 3.1.4059.0, Zeitstempel: 0x51c1c669
Name des fehlerhaften Moduls: Dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b4cf
ID des fehlerhaften Prozesses: 0x220
Startzeit der fehlerhaften Anwendung: 0xvpnagent.exe0
Pfad der fehlerhaften Anwendung: vpnagent.exe1
Pfad des fehlerhaften Moduls: vpnagent.exe2
Berichtskennung: vpnagent.exe3


System errors:
=============
Error: (11/06/2013 11:00:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 15 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/06/2013 10:59:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 14 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/06/2013 10:58:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 13 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (11/06/2013 11:00:53 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf48801cedb3ba8cb60bfC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dlle70fea83-472e-11e3-b635-bc0543014aad

Error: (11/06/2013 10:59:51 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4db134801cedb3b84097192C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dllc25a7fae-472e-11e3-b635-bc0543014aad

Error: (11/06/2013 10:58:50 PM) (Source: Application Error)(User: )
Description: vpnagent.exe3.1.4059.051c1c669Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004b4cf22001cedb3b5ee84a7bC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll9dbab029-472e-11e3-b635-bc0543014aad


CodeIntegrity Errors:
===================================
  Date: 2013-08-19 19:13:40.539
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-19 18:25:13.381
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-19 17:58:39.131
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-19 16:50:45.324
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 15:06:07.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 14:58:01.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 14:34:55.222
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 14:15:15.303
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-13 12:36:32.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-12 01:22:50.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 6143.24 MB
Available physical RAM: 4154.36 MB
Total Pagefile: 12284.66 MB
Available Pagefile: 9975.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:367.84 GB) (Free:119.96 GB) NTFS
Drive e: (GRMCPRXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive f: (Volume) (Fixed) (Total:465.76 GB) (Free:151.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:97.82 GB) (Free:61.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 69205244)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 06.11.2013, 22:07   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.11.2013, 20:56   #10
m42ch
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.08.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
42 :: 42-PC [Administrator]

08.11.2013 15:46:16
MBAM-log-2013-11-08 (17-41-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 626735
Laufzeit: 1 Stunde(n), 54 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files (x86)\ICQ7.5\upgrade\53e83dd5315bfb1f928441c9b4618b68 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ICQ7.6\install_dll\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=31b4f800f9155948993e6e322036a721
# engine=15811
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-08 08:07:03
# local_time=2013-11-08 09:07:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 173298 1386613 0 0
# compatibility_mode=1797 16774142 0 1 94251332 94251332 0 0
# compatibility_mode=5893 16776573 100 94 26249 135571073 0 0
# scanned=383139
# found=5
# cleaned=0
# scan_time=11733
sh=F2A87196D77D693502A08EB1D511911EA12C0956 ft=0 fh=0000000000000000 vn="a variant of Android/Adware.AirPush.G application" ac=I fn="C:\ProgramData\BlueStacks\UserData\AppSync\done\eu.aagames.dragopet_1422.apk"
sh=18FB14804BAD6E24322A117985F2579C61C28A3E ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip"
sh=F2A87196D77D693502A08EB1D511911EA12C0956 ft=0 fh=0000000000000000 vn="a variant of Android/Adware.AirPush.G application" ac=I fn="C:\Users\All Users\BlueStacks\UserData\AppSync\done\eu.aagames.dragopet_1422.apk"
sh=18FB14804BAD6E24322A117985F2579C61C28A3E ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip"
sh=1E6492DC34B2374E4673733D8E91A5C8C24734D4 ft=1 fh=c4641876c01c22e8 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="G:\RECYCLER\S-1-5-21-1220945662-1788223648-682003330-1003\Df9.exe"
         

vielen Dank für die Hilfe soweit!

Ein paar meiner Windows-Dienste sind aber wohl noch immer durcheinander/starten nicht...
Könnt ihr mir auch dabei helfen?

Alt 09.11.2013, 15:34   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Sagen dir die Funde von ESET was? Hast du die Funde mit Malwarebytes entfernt?

Zitat:
Ein paar meiner Windows-Dienste sind aber wohl noch immer durcheinander/starten nicht...
Könnt ihr mir auch dabei helfen?
Bitte präzisieren, was genau startet nicht, welche Fehlermeldungen etc.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.11.2013, 17:56   #12
m42ch
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Was Malwarebytes gefunden hat, habe ich entfernt.

Die Eset-Funde 1-4 finde ich nicht bedrohlich:
Mit Spybot schütze ich zusätzlich noch mein System und 2 Funde scheinen Backup zu sein, welche Spybot angelegt hat..
DragoPat ist ein Spiel für Android, welches ich auf dem PC über BlueStacks laufen lassen kann. Auf dem PC brauch ich es nicht, aber beim synchronisieren ist es wohl mit vom Handy gekommen.

Der letzte Eintrag betrifft eine Datei die auf meiner WinXP-Partition im Mülleimer liegt.
Kann die mir unter Win7 schaden, wenn ich sie nicht öffne? Werde wohl den Papierkorb bei XP leeren...

Probleme gab's noch mit den Diensten "Peer Name Resolution-Protokoll" und "Peernetzwerk-Gruppenzuordnung". Nach dem Löschen von idstore.sst wie vielfach in Foren beschrieben, starten diese wieder.

Probleme habe ich noch mit dem VPN-Clienten von Cisco.
Wahrscheinlich muss ich dann wohl dort ins Forum.
Die Fehler hab ich als Ereignisprotokoll aus Windows abgespeichert.
Ich hänge das einfach noch einmal an.

Alt 09.11.2013, 21:46   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Standard

Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)



Zitat:
Werde wohl den Papierkorb bei XP leeren...
Gute Idee. Wozu brauchst du überhaupt noch ein XP wenn du ein Win7 Professional hast?

Probier mal wegen der Dienst-Probleme dieses Reparaturtool => http://www.trojaner-board.de/126216-...tml#post946713

Die VPN-Logs kann ich nahher erst anschauen, da ich hier unter Linux unterwegs bin und auf die Schnelle keinen Viewer für evtx-Dateien hab
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)
adobe, android/adware.airpush.g, antivirus, avast, bluestacks, error, explorer, firefox, flash player, google, microsoft office 2003, nvidia, programme, pup.optional.opencandy, realtek, safer networking, spotify web helper, starten, win32/bagle.gen.zip, win32/bundled.toolbar.ask.d, windows, wireshark



Ähnliche Themen: Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)


  1. Win 7 / Verdacht auf Virus / Probleme mit Benutzerprofildienst /
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (16)
  2. PC lahmt, Spiele hacken, stürzen ab, Verdacht: Winmsg Balloon und andere Probleme
    Log-Analyse und Auswertung - 11.12.2014 (8)
  3. Zahlreiche Probleme mit Win 7 Explorer, Booten, Maus, Tastatur - Malware-Verdacht
    Log-Analyse und Auswertung - 14.07.2014 (17)
  4. Verdacht auf Trojaner > Java Probleme?
    Log-Analyse und Auswertung - 22.05.2014 (4)
  5. Windows 7: Verdacht auf Trojaner (Probleme über Probleme)
    Log-Analyse und Auswertung - 18.03.2014 (10)
  6. Ungewollter Traffic
    Log-Analyse und Auswertung - 27.01.2010 (11)
  7. Seid Win 7 Update Extreme Ping Probleme. Verdacht auf Virus
    Log-Analyse und Auswertung - 21.01.2010 (0)
  8. Probleme mit Programmen und CDs(starker Verdacht auf Virus)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2009 (0)
  9. Trojaner: Traffic überwachen
    Plagegeister aller Art und deren Bekämpfung - 08.02.2009 (0)
  10. Probleme beim Entfernen von Minibug und Verdacht auf Verseuchung
    Log-Analyse und Auswertung - 06.02.2008 (1)
  11. Hilfe, 100% Traffic Auslastung, ganz frisch Trojaner bekommen.
    Log-Analyse und Auswertung - 04.02.2008 (5)
  12. Tojaner Verdacht - probleme mit Outlook
    Log-Analyse und Auswertung - 04.09.2007 (1)
  13. upload traffic - kein virus/trojaner gefunden
    Log-Analyse und Auswertung - 04.04.2007 (2)
  14. Traffic auf UDP 161 ?
    Plagegeister aller Art und deren Bekämpfung - 16.03.2007 (1)
  15. Hoher Traffic
    Netzwerk und Hardware - 30.03.2006 (7)
  16. Traffic by traffichome?
    Plagegeister aller Art und deren Bekämpfung - 25.10.2004 (11)
  17. Ist Pro-Traffic seriös?
    Alles rund um Windows - 18.12.2003 (3)

Zum Thema Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) - Hallo, als Student habe ich eigentlich die Möglichkeit mich per VPN in die Uni einzuklinken. Da dies auf einmal nicht mehr funktioniert, habe ich mich an den Helpdesk der Uni - Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)...
Archiv
Du betrachtest: Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.