Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? (https://www.trojaner-board.de/138348-found-komische-log-dateien-habe-uebles-feeling-mir-erklaeren.html)

lydia_eule 17.07.2013 02:11

found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?
 
Hi an alle, sorry, wenn ich einfach zur Sache komme, statt mich erstmal vorzustellen.

Beim Aufräumen der Festplatte meines "kleinen" Rechners (asus 1005 PX, Win7 starter) fand ich vor ca 4 Tagen ein paar txt-Dateien, die dem Anschein nach logs eines Einbruchs in den Rechner darstellen. Daraufhin habe ich eine ganze Reihe verschiedener Scans durchgeführt (Defender, Agnitum, Avira, HijackThis, Malwarebytes, Rootkit Revealer, Rootkit Buster, RU Botted, OTL, gmer, ein Tool von Microsoft, und ein paar mehr// alles auch nochmal im abgesicherten Modus), die mir alle nichts unbekanntes anzeigten. Naja, ein paar Kleinigkeiten hat man auch immer mal in Quarantäne und irgendwo liegt auch noch ein Dummy, um die eigenen Scanner zu testen. Da die logs schon etwas älter sind mache ich mir wenig Sorgen, daß sich besonders schnell irgendwas ändert, zumal sich im text genannte Dateien/Folder teils nicht finden lassen, teils wohl zum System gehören.

Die Dateien heißen:
dd_vcredistMSI4C60.txt
dd_vcredistMSI47C1.txt
dd_vcredistUI4C60.txt
dd_vcredistUI47C1.txt

ich habe noch keine Ahnung, wie man hier uploadet, und gerade die beiden erstgenannten sind etwas größer (373/374 KB) und ich kann sie nicht einfach als quote posten.

cosinus 17.07.2013 02:14

Hallo und :hallo:

Zitat:

die dem Anschein nach logs eines Einbruchs in den Rechner darstellen.
Wie bitte kommst du auf sowas?
Man wachst doch nicht einfach so auf und durchsucht den Rechner nach TXT-Dateien :wtf:
Selbst wenn, welcher schlaue Einbrecher würde solch offentsichtliche Spuren hinterlassen?

Zitat:

Die Dateien heißen:
dd_vcredistMSI4C60.txt
dd_vcredistMSI47C1.txt
dd_vcredistUI4C60.txt
dd_vcredistUI47C1.txt
Google mal nach vcredist, vllt geht dann ein Licht auf :)

lydia_eule 17.07.2013 02:40

Öhm, sorry, aber ich wache schonmal auf und denke mir, na gucken wir mal, ob sich die temporären Dateien mal wieder bis an die Decke stapeln, gucken wir mal in ein paar rein und misten gründlich aus.
Das mag ja seltsam sein, aber ich selbst bin auch seltsam, warum also nicht auch einige meiner habits :crazy:

Was mich an den logs halt etwas stutzig machte sind reihenweise Manipulationen der Policies.

Grüße,

die eule

cosinus 17.07.2013 02:57

Zitat:

ob sich die temporären Dateien mal wieder bis an die Decke stapeln, gucken wir mal in ein paar rein und misten gründlich aus.
Nicht dein Ernst? :D
Du gehst dann JEDE temp Datei durch um auf Einbruchspuren zu prüfen oder wie? :lach:
Gehst du jedem Fitzel Müll in deiner Mülltonne auch erst nochmal durch bevor die Tonne von der Abfuhr abgeholt wird? ;)


Zitat:

Was mich an den logs halt etwas stutzig machte sind reihenweise Manipulationen der Policies.
Was bitte für Policies, geht das auch konkreter?
Wo sind die Logs der bisher ausgeführten Tools, Funde waren ja dabei!

lydia_eule 17.07.2013 03:36

also erstmal vielen Dank für die prompte Bearbeitung.

Ich schnuffel einfach ab und zu mal ganz gerne in log-Dateien rum, um zu sehen, was der Compi so macht, wenn ich nicht hinschaue :crazy:. Ein eigentlich harmloses Hobby, finde ich. :singsing:

zu den "policies" hier ein Ausschnitt:
Zitat:

=== Verbose logging started: 26.11.2012 16:04:36 Build type: SHIP UNICODE 5.00.7601.00 Calling process: c:\987625cefd685ed45c\install.exe ===
MSI (c) (DC:00) [16:04:39:113]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (DC:00) [16:04:39:113]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (DC:58) [16:04:39:236]: Resetting cached policy values
MSI (c) (DC:58) [16:04:39:236]: Machine policy value 'Debug' is 0
MSI (c) (DC:58) [16:04:39:236]: ******* RunEngine:
******* Product: c:\987625cefd685ed45c\vc_red.msi
******* Action:
******* CommandLine: **********
MSI (c) (DC:58) [16:04:39:239]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (DC:58) [16:04:39:239]: Grabbed execution mutex.
MSI (c) (DC:58) [16:04:42:849]: Cloaking enabled.
MSI (c) (DC:58) [16:04:42:849]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (DC:58) [16:04:42:884]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:FC) [16:04:42:952]: Running installation inside multi-package transaction c:\987625cefd685ed45c\vc_red.msi
MSI (s) (DC:FC) [16:04:42:952]: Grabbed execution mutex.
MSI (s) (DC:C8) [16:04:42:964]: Resetting cached policy values
MSI (s) (DC:C8) [16:04:42:964]: Machine policy value 'Debug' is 0
MSI (s) (DC:C8) [16:04:42:964]: ******* RunEngine:
******* Product: c:\987625cefd685ed45c\vc_red.msi
******* Action:
******* CommandLine: **********
MSI (s) (DC:C8) [16:04:42:969]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (DC:C8) [16:04:43:031]: Machine policy value 'LimitSystemRestoreCheckpointing' is 0
MSI (s) (DC:C8) [16:04:43:032]: SRSetRestorePoint skipped for this transaction.
MSI (s) (DC:C8) [16:04:43:037]: End dialog not enabled
MSI (s) (DC:C8) [16:04:43:037]: Original package ==> c:\987625cefd685ed45c\vc_red.msi
MSI (s) (DC:C8) [16:04:43:037]: Package we're running from ==> C:\windows\Installer\108b0550.msi
MSI (s) (DC:C8) [16:04:43:042]: APPCOMPAT: Uninstall Flags override found.
MSI (s) (DC:C8) [16:04:43:042]: APPCOMPAT: Uninstall VersionNT override found.
MSI (s) (DC:C8) [16:04:43:042]: APPCOMPAT: Uninstall ServicePackLevel override found.
MSI (s) (DC:C8) [16:04:43:044]: APPCOMPAT: looking for appcompat database entry with ProductCode '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'.
MSI (s) (DC:C8) [16:04:43:044]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (DC:C8) [16:04:43:070]: MSCOREE not loaded loading copy from system32
MSI (s) (DC:C8) [16:04:43:109]: Machine policy value 'DisablePatch' is 0
MSI (s) (DC:C8) [16:04:43:110]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (DC:C8) [16:04:43:110]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (DC:C8) [16:04:43:110]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (DC:C8) [16:04:43:116]: APPCOMPAT: looking for appcompat database entry with ProductCode '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'.
MSI (s) (DC:C8) [16:04:43:116]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (DC:C8) [16:04:43:116]: Transforms are not secure.
MSI (s) (DC:C8) [16:04:43:117]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\asl\AppData\Local\Temp\dd_vcredistMSI4C60.txt'.
MSI (s) (DC:C8) [16:04:43:117]: Command Line: USING_EXUIH_SILENT=1 REBOOT=ReallySuppress FILESINUSETEXT= LOCPRODUCTNAME=Microsoft Visual C++ 2008 Redistributable REINSTALL=ALL REINSTALLMODE=emusc LOCPRODUCTNAME=Microsoft Visual C++ 2008 Redistributable CURRENTDIRECTORY=c:\987625cefd685ed45c CLIENTUILEVEL=2 MSICLIENTUSESEXTERNALUI=1 CLIENTPROCESSID=2524
MSI (s) (DC:C8) [16:04:43:117]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{00073E4B-0EA7-48DB-9C41-FDA7E9BB4839}'.
MSI (s) (DC:C8) [16:04:43:117]: Product Code passed to Engine.Initialize: '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'
MSI (s) (DC:C8) [16:04:43:117]: Product Code from property table before transforms: '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'
MSI (s) (DC:C8) [16:04:43:117]: Product Code from property table after transforms: '{9BE518E6-ECC6-35A9-88E4-87755C07200F}'
MSI (s) (DC:C8) [16:04:43:117]: Product registered: entering maintenance mode
MSI (s) (DC:C8) [16:04:43:117]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI (s) (DC:C8) [16:04:43:118]: PROPERTY CHANGE: Modifying ALLUSERS property. Its current value is '2'. Its new value: '1'.
MSI (s) (DC:C8) [16:04:43:118]: Product {9BE518E6-ECC6-35A9-88E4-87755C07200F} is admin assigned: LocalSystem owns the publish key.
MSI (s) (DC:C8) [16:04:43:118]: Product {9BE518E6-ECC6-35A9-88E4-87755C07200F} is managed.

naja, hier erstmal das OTL-log:
OTL Logfile:
Code:

OTL logfile created on: 7/16/2013 4:12:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\asl\Downloads\ipcop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.32% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 14.63 Gb Free Space | 14.63% Space Free | Partition Type: NTFS
Drive F: | 29.71 Gb Total Space | 5.99 Gb Free Space | 20.18% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 318.24 Gb Free Space | 34.16% Space Free | Partition Type: NTFS
 
Computer Name: NODE0009 | User Name: asl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/16 04:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asl\Downloads\ipcop\OTL.exe
PRC - [2013/07/16 01:59:42 | 085,270,800 | ---- | M] (Microsoft Corporation) -- C:\Users\asl\AppData\Local\Opera\Opera\temporary_downloads\msert.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/15 22:32:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/21 19:43:19 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/24 16:52:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/24 16:49:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 01:36:03 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/09 06:24:21 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 00:12:35 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 00:12:32 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 00:12:28 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 00:09:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 00:07:04 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 00:06:35 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 00:05:32 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/23 00:32:49 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/11/13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/24 22:26:24 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.21078__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010/09/02 13:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll
MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/02 04:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.PropSheetExtensionHelper.dll
MOD - [2009/03/02 04:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\LogicNP.PropSheetExtensionHelper.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo)
SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe -- (MVRBXYMUKTY)
SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\FTAAG.exe -- (FTAAG)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\AVANQU~1\Fix-It\MxTask.exe -- (Fix-It Task Manager)
SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\BV.exe -- (BV)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2013/07/12 20:30:46 | 000,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\asl\AppData\Local\Temp\VHDWQBLKZ.exe -- (VHDWQBLKZ)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 04:13:01 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/23 23:54:31 | 000,379,776 | ---- | M] (Sysinternals - www.sysinternals.com) [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\QKHKZJ.exe -- (QKHKZJ)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/02/07 15:23:00 | 002,072,592 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe -- (acssrv)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/05/24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [On_Demand | Stopped] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tunnel.sys -- (tunnel)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS -- (PORTMON)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Ca1528av.sys -- (Ca1528av)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Bulk1528.sys -- (Bulk1528)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/01/13 13:48:32 | 000,017,944 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\AQFileRestore.sys -- (AQFileRestore)
DRV - [2011/12/03 14:46:29 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV - [2011/10/05 10:54:44 | 000,564,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/02/02 17:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2011/02/02 16:52:40 | 000,710,824 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/02/02 16:51:36 | 000,036,288 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/02/02 16:51:26 | 000,072,352 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2010/12/07 04:12:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/11/21 19:43:19 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/27 16:37:40 | 000,328,296 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/07/01 12:10:00 | 000,188,392 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2010/07/01 12:10:00 | 000,032,872 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/20 16:01:46 | 000,034,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2010/04/13 04:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/01/15 22:20:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/08/05 11:25:52 | 000,016,024 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\inidvd.sys -- (INIDVD)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/10/27 15:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/08 11:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/07/27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/07/27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007/04/13 20:24:04 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/09/27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2004/07/26 15:36:08 | 000,316,192 | R--- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/11/26 17:15:20 | 000,000,000 | ---D | M]
 
 
[2013/07/02 21:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asl\AppData\Roaming\mozilla\Extensions
[2013/03/21 16:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asl\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223D3DB-A5CA-48EF-A348-62068B6261CC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F66DFF8B-0C17-4FAD-ABEE-695A8CAEA52E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea27e782-35f0-11e1-b61f-20cf303d6b5d}\Shell - "" = AutoRun
O33 - MountPoints2\{ea27e782-35f0-11e1-b61f-20cf303d6b5d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f4ab93d9-04d6-11e0-b056-20cf303d6b5d}\Shell - "" = AutoRun
O33 - MountPoints2\{f4ab93d9-04d6-11e0-b056-20cf303d6b5d}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/14 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Malwarebytes
[2013/07/14 21:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/14 21:10:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/07/12 17:48:17 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/07/11 14:33:21 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/07/06 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Avanquest
[2013/07/05 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2013/07/05 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\asl\Documents\Freemake
[2013/06/24 17:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monjas Breakout
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/16 00:26:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 00:26:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 23:23:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/15 23:23:00 | 1602,867,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/15 23:14:49 | 000,065,992 | ---- | M] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf
[2013/07/15 01:05:22 | 000,684,248 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/07/15 01:05:22 | 000,625,430 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/15 01:05:22 | 000,139,718 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/07/15 01:05:22 | 000,115,168 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/14 19:33:59 | 000,000,919 | ---- | M] () -- C:\Users\asl\Desktop\MySyncFolder.lnk
[2013/07/14 15:11:12 | 208,541,524 | ---- | M] () -- C:\Users\asl\regbckup.2013.07.14.reg
[2013/07/06 03:01:51 | 207,852,946 | ---- | M] () -- C:\Users\asl\reg-bckup.05.07.2013.reg
[2013/06/27 03:41:35 | 000,015,872 | ---- | M] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 17:05:27 | 330,030,432 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/06/26 15:29:52 | 000,000,216 | ---- | M] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/15 23:14:49 | 000,065,992 | ---- | C] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf
[2013/07/14 15:08:12 | 208,541,524 | ---- | C] () -- C:\Users\asl\regbckup.2013.07.14.reg
[2013/07/06 03:00:41 | 207,852,946 | ---- | C] () -- C:\Users\asl\reg-bckup.05.07.2013.reg
[2013/07/05 23:44:33 | 000,001,984 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.inf
[2013/07/05 23:44:26 | 000,017,944 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.sys
[2013/06/26 17:05:27 | 330,030,432 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/06/26 15:29:56 | 000,000,216 | ---- | C] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml
[2013/02/17 18:43:33 | 000,000,756 | ---- | C] () -- C:\Users\asl\.recently-used.xbel
[2013/01/31 17:09:00 | 000,014,115 | ---- | C] () -- C:\windows\twspmm.ini
[2012/12/12 04:53:17 | 000,001,776 | ---- | C] () -- C:\windows\Sandboxie.ini
[2012/01/03 03:40:12 | 000,000,867 | ---- | C] () -- C:\Users\asl\RPSTD2010.lic
[2012/01/03 03:39:59 | 000,000,019 | ---- | C] () -- C:\Users\asl\rp.ini
[2011/12/10 21:26:45 | 000,000,926 | ---- | C] () -- C:\windows\ARPR.INI
[2011/11/15 20:26:07 | 000,084,616 | ---- | C] () -- C:\windows\StkUnist.exe
[2011/10/26 06:04:54 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2011/09/23 02:44:26 | 000,000,649 | ---- | C] () -- C:\Users\asl\asl - Verknüpfung.lnk
[2011/09/10 08:31:31 | 000,044,398 | ---- | C] () -- C:\Users\asl\Nokia 6700 classic (1).pdf
[2011/09/09 02:03:05 | 000,310,550 | ---- | C] () -- C:\Users\asl\metalldetector.jpg
[2011/03/24 03:20:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/21 22:20:07 | 001,835,008 | ---- | C] () -- C:\Users\asl\truecryptrescue.iso
[2010/10/23 14:37:50 | 000,015,872 | ---- | C] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 20:36:39 | 000,007,610 | ---- | C] () -- C:\Users\asl\AppData\Local\Resmon.ResmonCfg
[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/02/14 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Advanced Chemistry Development
[2011/02/16 23:57:26 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Agnitum
[2011/01/08 06:45:09 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\AnvSoft
[2010/11/13 12:52:07 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Asus
[2013/07/14 19:33:58 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ASUS WebStorage
[2013/05/08 02:43:03 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Audacity
[2013/07/06 01:28:18 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Avanquest
[2011/09/28 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\calibre
[2011/02/25 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Canon
[2012/09/10 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\CasaPortale.de
[2011/10/15 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\CCS64
[2010/10/30 09:44:10 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Clonk
[2011/01/08 06:38:01 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Cuttermaran
[2010/12/07 06:12:32 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\DAEMON Tools Lite
[2011/01/15 12:41:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Echo Software
[2010/12/21 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\freac
[2011/09/20 09:09:46 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\GetRightToGo
[2012/11/30 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\GoBoingo
[2011/11/16 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\gtk-2.0
[2011/10/23 09:44:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ibf
[2010/12/12 13:29:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ImgBurn
[2011/11/30 04:59:07 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\IrfanView
[2013/07/08 14:29:09 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\JonDo
[2010/11/08 14:24:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Leadertech
[2011/09/13 04:58:00 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Nokia
[2011/03/05 22:28:34 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\OpenOffice.org
[2012/02/05 02:50:57 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Opera
[2011/09/13 04:57:59 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\PC Suite
[2011/09/18 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\PeaZip
[2013/07/05 18:45:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Philipp Winterberg
[2010/12/06 01:11:42 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ProtectDisc
[2012/01/26 22:19:47 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ScreeNet iSaver
[2012/02/21 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ScummVM
[2013/03/20 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\SoftGrid Client
[2011/02/12 08:16:21 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\temp
[2013/06/26 15:30:03 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\TrueCrypt
[2011/11/15 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Ulead Systems
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

--- --- ---

hmm, ist etwas lang geworden, sorry.

cosinus 17.07.2013 03:49

Was ist denn mit anderen Logs wie zB Malwarebytes und anderen Scannern, gab es da keine Funde oder doch?

lydia_eule 17.07.2013 04:21

So, also Nachtrag zu OTL. Die "extras.txt" hatte ich nicht gleich zugeordnet.
OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 7/16/2013 4:12:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\asl\Downloads\ipcop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.32% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 14.63 Gb Free Space | 14.63% Space Free | Partition Type: NTFS
Drive F: | 29.71 Gb Total Space | 5.99 Gb Free Space | 20.18% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 318.24 Gb Free Space | 34.16% Space Free | Partition Type: NTFS
 
Computer Name: NODE0009 | User Name: asl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A33356-0587-4D74-BB22-21E576014920}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BEF8CB8-8CA4-43B1-9668-7C72158545D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C5CA9D8-57EA-415E-AEF3-C949BF5B3572}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4931F79B-55AA-401C-99A4-0412BD6ABD68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5202E24D-848F-43F0-8534-912DD3048FC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{677A1AEC-6325-4CC8-B75B-6F510402B953}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C05E1E0C-1460-433A-AFE5-DC3F66D192FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C1FC242C-FD0B-4D86-A4DD-86DEA92B063B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA620C21-2E83-4CD7-A21C-21E6E1701AC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2C28083-BEC5-4255-811A-7718186C8963}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEB03C-4171-4F5F-9C96-552482B12166}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{3B3BE582-6596-4219-B587-0C0B7F6FAC53}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5F253DE5-76CE-4684-AD2B-F28F1C14812F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73F45AA2-31FE-4EAE-9056-594B82D51BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7F3DF2D-1052-42DD-81FA-FEBEEA286D92}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C228351A-4DEE-4469-A243-1EB415E744F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D711E0A2-4CCB-4AFE-AD14-B79BF3E7FA3D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E085D794-D6CC-447A-BF71-48641FDE671C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E2A938A9-D73C-45F1-8F8F-A914F4AA8B0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{66E77097-82E9-4227-B119-904CEA528BD2}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{57855919-A915-4646-BCCD-8653190AC344}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CB5027-1915-4830-909C-C6E69AA6ECFE}" = Monjas Breakout
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1B66191A-B8CD-4F53-AB9B-0B4AAE2235BA}" = calibre
"{1BAE5C85-A6D3-430C-842B-EAA27AC0C2E8}" = ArcSoft TotalMedia 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021F0}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BD90AED-0FF2-4A69-B84D-DC0679991FB7}" = Evince 2.30.3
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.8
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVR Studio 4
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Conceptronic CTVDIGUSB2 Device Utilities
"{DF1B8AA2-3231-498F-8136-2171D1FD1A65}" = ArcSoft WebCam Companion 2
"{E5026CE8-B6E0-46CB-A63C-040B920C8611}" = inSSIDer 2.0
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agnitum Outpost Security Suite Free_is1" = Outpost Security Suite 7.1
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Bridge Builder" = Bridge Builder
"Bug Brain" = Bug Brain
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"ChemToolBox_is1" = ChemToolBox version 1.1.0
"Clonk Endeavour" = Clonk Endeavour 4.95.5
"Eee Docking_is1" = Eee Docking 3.7.0
"ELECTRA_is1" = ELECTRA 2.8
"EncVorbis" = EncVorbis 1.1
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Frhed" = Frhed 1.7.1
"GIF Animator" = Microsoft GIF Animator
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LG USB Booster_is1" = Booster 1.05A02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mp3parse" = MP3 Parser DirectShow Filter (remove only)
"Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0
"NetPbm-10.27_is1" = GnuWin32: NetPbm version 10.27
"Nmap" = Nmap 5.20
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
"Oolite" = Oolite 1.76.0.4679
"Opera 12.15.1748" = Opera 12.15
"PosteRazor_is1" = PosteRazor
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ReOrganize_is1" = ReOrganize!
"SMPlayer" = SMPlayer 0.6.8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Target 3001! V15 discover" = Target 3001! V15 discover
"TrueCrypt" = TrueCrypt
"TVRTLDrv" = DVB-T USB BDA Driver
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/15/2013 4:45:51 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xd70  Startzeit der fehlerhaften Anwendung: 0x01ce819c4a583723  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 888aa3f6-ed8f-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 4:46:00 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xef0  Startzeit der fehlerhaften Anwendung: 0x01ce819c4fd344b0  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 8e077252-ed8f-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 4:46:09 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xa9c  Startzeit der fehlerhaften Anwendung: 0x01ce819c55469cf2  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 937f4b24-ed8f-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 4:56:30 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01ce819dc322ef19  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 055396a6-ed91-11e2-8804-20cf303d6b5d
 
Error - 7/15/2013 5:25:32 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0x5e8  Startzeit der fehlerhaften Anwendung: 0x01ce81a1a00b558c  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 14016be5-ed95-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 5:26:57 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce81a1e90a7576  Pfad der
 fehlerhaften Anwendung: C:\windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 4684177f-ed95-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 5:27:05 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xb7c  Startzeit der fehlerhaften Anwendung: 0x01ce81a20a78f9a6  Pfad der
 fehlerhaften Anwendung: C:\windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 4b0899cd-ed95-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 5:34:50 PM | Computer Name = node0009 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Job does not exist
 
Error - 7/15/2013 5:41:45 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xd28  Startzeit der fehlerhaften Anwendung: 0x01ce81a2306ef718  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: 57ff56bb-ed97-11e2-b8d8-20cf303d6b5d
 
Error - 7/15/2013 6:06:55 PM | Computer Name = node0009 | Source = System Restore | ID = 8193
Description =
 
Error - 7/15/2013 6:22:14 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000aba6  ID des fehlerhaften
 Prozesses: 0xb1c  Startzeit der fehlerhaften Anwendung: 0x01ce81a9bd9bf3fb  Pfad der
 fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\system32\msvcrt.dll  Berichtskennung: ffac1ae1-ed9c-11e2-b8d8-20cf303d6b5d
 
[ System Events ]
Error - 7/15/2013 6:53:52 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnoserichtliniendienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1079
 
Error - 7/15/2013 6:55:56 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Fix-It Task Manager" wurde aufgrund folgenden Fehlers
nicht gestartet:  %%2
 
Error - 7/15/2013 6:56:09 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Fix-It Utilities Prozess-Monitor" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 7/15/2013 9:00:14 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 7/15/2013 9:00:14 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 7/15/2013 9:01:38 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 7/15/2013 9:01:38 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
 
< End of report >

--- --- ---


Die Datei von Malwarebytes finde ich sicher gleich, einen Moment.

hier also die log von Malwarebytes:
Zitat:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
asl :: NODE0009 [Administrator]

Schutz: Aktiviert

14.07.2013 21:19:28
mbam-log-2013-07-14 (21-19-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244462
Laufzeit: 31 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
sorry, daß das etwas gedauert hat.

Avira moniert nur, daß es die hosts-datei nicht öffnen kann, das aber auch schon seit Jahren.

und hier noch den rootkit-Buster:
Zitat:

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1129
| Computer Name: NODE0009
| OS version: 6.1-7601
| User Name: asl
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1c4bd6048c8d
SubKey : 1c4bd6048c8d
FullLength: 89
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : s1
Data : 771343423
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : s2
Data : 285507792
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : g0
Data : 38 23 E8 D0 BF F2 2D 6F ...
ValueType : 3
AccessType: 0
FullLength: 61
DataSize : 32
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 9c2bf94
SubKey : Cfg
ValueName : h0
Data : 1
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
SubKey : 14919EA49A8F3B4AA3CF1058D9A64CEC
FullLength: 94
6 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAllocateVirtualMemory
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82236cbc
CurrentHandler : 0x8ca836e0
ServiceNumber : 0x13
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcConnectPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8228256e
CurrentHandler : 0x8ca83b60
ServiceNumber : 0x16
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcSendWaitReceivePort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8225f211
CurrentHandler : 0x8ca83df0
ServiceNumber : 0x27
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAssignProcessToJobObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8220c0be
CurrentHandler : 0x8ca83610
ServiceNumber : 0x2b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwClose
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822515c8
CurrentHandler : 0x8ca817e0
ServiceNumber : 0x32
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwConnectPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82285070
CurrentHandler : 0x8ca83980
ServiceNumber : 0x3b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8225c470
CurrentHandler : 0x8ca811b0
ServiceNumber : 0x42
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8220dffb
CurrentHandler : 0x8ca81b90
ServiceNumber : 0x46
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822e91d9
CurrentHandler : 0x8ca82ab0
ServiceNumber : 0x4f
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateProcessEx
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822e9224
CurrentHandler : 0x8ca82ba0
ServiceNumber : 0x50
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSection
Image Path :
OriginalHandler : 0x8223013d
CurrentHandler : 0x8cc68a06
ServiceNumber : 0x54
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8220e9c6
CurrentHandler : 0x8ca81ab0
ServiceNumber : 0x56
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822e8fe2
CurrentHandler : 0x8ca828f0
ServiceNumber : 0x57
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThreadEx
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8227d49b
CurrentHandler : 0x8ca829d0
ServiceNumber : 0x58
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateUserProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8227b3cd
CurrentHandler : 0x8ca82ca0
ServiceNumber : 0x5d
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDebugActiveProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822baeaa
CurrentHandler : 0x8ca83fb0
ServiceNumber : 0x60
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x821f8a4a
CurrentHandler : 0x8ca81d50
ServiceNumber : 0x67
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x821ea453
CurrentHandler : 0x8ca82680
ServiceNumber : 0x6a
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82273dd0
CurrentHandler : 0x8ca81e10
ServiceNumber : 0x74
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82276236
CurrentHandler : 0x8ca81ef0
ServiceNumber : 0x77
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFsControlFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82262a39
CurrentHandler : 0x8ca810c0
ServiceNumber : 0x86
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x821d2c32
CurrentHandler : 0x8ca86000
ServiceNumber : 0x9b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMakeTemporaryObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82218a22
CurrentHandler : 0x8ca819f0
ServiceNumber : 0xa4
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8223ed81
CurrentHandler : 0x8ca81640
ServiceNumber : 0xb3
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822588d2
CurrentHandler : 0x8ca81c80
ServiceNumber : 0xb6
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8221eb93
CurrentHandler : 0x8ca82e90
ServiceNumber : 0xbe
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822769eb
CurrentHandler : 0x8ca80eb0
ServiceNumber : 0xc2
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8226b0ee
CurrentHandler : 0x8ca82d90
ServiceNumber : 0xc6
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwProtectVirtualMemory
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8224f651
CurrentHandler : 0x8ca838a0
ServiceNumber : 0xd7
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82258f3e
CurrentHandler : 0x8ca81fd0
ServiceNumber : 0xf4
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82257695
CurrentHandler : 0x8ca820b0
ServiceNumber : 0x10a
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueueApcThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x82208e42
CurrentHandler : 0x8ca83540
ServiceNumber : 0x10d
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRenameKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a90bb
CurrentHandler : 0x8ca825b0
ServiceNumber : 0x122
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwReplaceKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a8c08
CurrentHandler : 0x8ca82270
ServiceNumber : 0x124
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRequestPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8228d79b
CurrentHandler : 0x8ca83c50
ServiceNumber : 0x12a
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRequestWaitReplyPort
Image Path :
OriginalHandler : 0x8224ab22
CurrentHandler : 0x8cc68a10
ServiceNumber : 0x12b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRestoreKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8229ec72
CurrentHandler : 0x8ca824e0
ServiceNumber : 0x12e
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSaveKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a04e4
CurrentHandler : 0x8ca82340
ServiceNumber : 0x135
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSaveKeyEx
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8229fc8a
CurrentHandler : 0x8ca82410
ServiceNumber : 0x136
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSecureConnectPort
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8226b123
CurrentHandler : 0x8ca83a70
ServiceNumber : 0x138
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetContextThread
Image Path :
OriginalHandler : 0x822ea851
CurrentHandler : 0x8cc68a0b
ServiceNumber : 0x13c
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationDebugObject
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822bb72d
CurrentHandler : 0x8ca84080
ServiceNumber : 0x147
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSecurityObject
Image Path :
OriginalHandler : 0x8220e7f7
CurrentHandler : 0x8cc68a15
ServiceNumber : 0x15b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8225b37a
CurrentHandler : 0x8ca82760
ServiceNumber : 0x15e
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822175f8
CurrentHandler : 0x8ca82190
ServiceNumber : 0x166
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendProcess
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822eacdf
CurrentHandler : 0x8ca832a0
ServiceNumber : 0x16e
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822a219b
CurrentHandler : 0x8ca83360
ServiceNumber : 0x16f
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path :
OriginalHandler : 0x822927d2
CurrentHandler : 0x8cc68a1a
ServiceNumber : 0x170
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path :
OriginalHandler : 0x82267d86
CurrentHandler : 0x8cc689a7
ServiceNumber : 0x172
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8228569b
CurrentHandler : 0x8ca83150
ServiceNumber : 0x173
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwUnloadDriver
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x822c6577
CurrentHandler : 0x8ca82830
ServiceNumber : 0x17b
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteFile
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8227c2a2
CurrentHandler : 0x8ca80fb0
ServiceNumber : 0x18c
ModuleName : SandBox.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path : C:\windows\system32\drivers\SandBox.sys
OriginalHandler : 0x8226ca83
CurrentHandler : 0x8ca837c0
ServiceNumber : 0x18f
ModuleName : SandBox.sys
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
[KERNEL_CODE][DEVICE_OBJECT]:
Driver Name : iaStor
DeviceObject at : 09A408E0
[KERNEL_CODE][DEVICE_OBJECT]:
Driver Name : au6yrt75
DeviceObject at : 09A40930
2 Kernel code patching found.

--== Dump Hidden Services ==--
No hidden services found.
so, mehr finde ich jetzt nicht, aber das dürfte wohl ein kleiner Rundumschlag gewesen sein.

cosinus 17.07.2013 14:04

Bislang alles unauffällig und Virenfunde gab es bisher auch nicht.
Ein Log noch:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


lydia_eule 17.07.2013 15:54

hier mal FRST.txt
FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by asl (administrator) on 17-07-2013 16:08:01
Running from C:\Users\asl\Downloads\ipcop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Windows\System32\AsusService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

MountPoints2: {ea27e782-35f0-11e1-b61f-20cf303d6b5d} - G:\LaunchU3.exe -a
MountPoints2: {f4ab93d9-04d6-11e0-b056-20cf303d6b5d} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\AP\Reboot.exe 60 [x]
\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [751592 2010-01-29] ()
HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-03-30] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-06-24] (ASUSTek Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [OutpostFeedBack] - C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe [517056 2011-02-07] (Agnitum Ltd.)
HKLM\...\Run: [OutpostMonitor] - C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [3107736 2011-02-07] (Agnitum Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] -  [x]
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1496528 2010-11-21] (TrueCrypt Foundation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 acssrv; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2072592 2011-02-07] (Agnitum Ltd.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 QKHKZJ; C:\Users\asl\AppData\Local\Temp\QKHKZJ.exe [379776 2012-05-23] (Sysinternals - www.sysinternals.com)
S3 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
S3 VHDWQBLKZ; C:\Users\asl\AppData\Local\Temp\VHDWQBLKZ.exe [592768 2013-07-12] (Sysinternals - www.sysinternals.com)
S3 .AVQWindowsMonitorService; C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe [x]
S4 AQFileRestoreSrv; "C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe" [x]
S4 BV; C:\Users\asl\AppData\Local\Temp\BV.exe [x]
S3 Fix-It Task Manager; C:\PROGRA~1\AVANQU~1\Fix-It\MxTask.exe -Service [x]
S4 FTAAG; C:\Users\asl\AppData\Local\Temp\FTAAG.exe [x]
S4 MVRBXYMUKTY; C:\Users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe [x]
S4 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 acedrv10; C:\windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
S2 acehlp10; C:\windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 afw; C:\Windows\System32\DRIVERS\afw.sys [34920 2010-04-20] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [328296 2010-09-27] (Agnitum Ltd.)
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [17944 2012-01-13] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-06-21] ()
S3 ASWFilt; C:\windows\system32\Filt\ASWFilt.dll [72352 2011-02-02] (Agnitum Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
S3 INIDVD; C:\Windows\System32\DRIVERS\inidvd.sys [16024 2009-08-05] (Initio Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2010-04-13] ( )
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2010-01-15] (CACE Technologies, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
R1 SandBox; C:\windows\system32\drivers\SandBox.sys [710824 2011-02-02] (Agnitum Ltd.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-13] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-07] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
S3 TrufosAlt; C:\Windows\System32\DRIVERS\TrufosAlt.sys [309320 2011-12-03] (BitDefender S.R.L.)
S3 VBEngNT; C:\windows\system32\drivers\VBEngNT.sys [242040 2011-02-02] (VirusBuster Kft.)
S3 VBFilt; C:\windows\system32\Filt\VBFilt.dll [36288 2011-02-02] (Agnitum Ltd.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [316192 2004-07-26] (Jungo)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 Bulk1528; System32\Drivers\Bulk1528.sys [x]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [x]
S3 PORTMON; \??\C:\Users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS [x]
S3 tunnel; system32\DRIVERS\tunnel.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-17 16:06 - 2013-07-17 16:06 - 00000000 ____D C:\FRST
2013-07-16 01:11 - 2013-07-16 01:11 - 05030933 _____ C:\Users\asl\Downloads\RSW-Portable.zip
2013-07-15 01:05 - 2013-07-15 01:05 - 00005346 _____ C:\windows\system32\PerfStringBackup.TMP
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Users\asl\AppData\Roaming\Malwarebytes
2013-07-14 21:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-14 15:08 - 2013-07-14 15:11 - 208541524 _____ C:\Users\asl\regbckup.2013.07.14.reg
2013-07-11 23:13 - 2013-07-11 23:13 - 00000000 ____D C:\Users\asl\Downloads\backups
2013-07-11 22:03 - 2013-07-11 22:03 - 00007219 _____ C:\Users\asl\Desktop\hijackthis.2013.07.11.log
2013-07-11 14:33 - 2013-07-11 14:43 - 00000000 ____D C:\windows\system32\MRT
2013-07-09 01:12 - 2013-07-09 01:12 - 00000499 _____ C:\Users\asl\Desktop\Krabben mit Ananas und Gemüse. 1portion.txt
2013-07-06 03:00 - 2013-07-06 03:01 - 207852946 _____ C:\Users\asl\reg-bckup.05.07.2013.reg
2013-07-06 01:28 - 2013-07-06 01:28 - 00000000 ____D C:\Users\asl\AppData\Roaming\Avanquest
2013-07-05 23:44 - 2012-01-13 13:48 - 00017944 _____ C:\windows\system32\Drivers\AQFileRestore.sys
2013-07-05 23:43 - 2013-07-06 01:28 - 00000000 ____D C:\ProgramData\Avanquest
2013-07-05 23:39 - 2013-06-28 01:47 - 00000677 _____ C:\Users\asl\Desktop\leslichk.k-.na-.carb.nitrate.txt
2013-07-05 18:27 - 2013-07-05 18:27 - 00000000 ____D C:\Users\asl\Documents\Freemake
2013-07-05 03:15 - 2013-07-12 20:29 - 00000000 ____D C:\Users\asl\Downloads\winFAQ
2013-06-26 19:09 - 2013-06-26 19:05 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-26 19:07 - 2013-06-26 19:06 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-26 19:07 - 2013-06-26 19:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-26 19:07 - 2013-06-26 19:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-26 17:05 - 2013-06-26 17:05 - 330030432 _____ C:\windows\MEMORY.DMP
2013-06-26 17:05 - 2013-06-26 17:05 - 00145280 _____ C:\windows\Minidump\062613-33571-01.dmp
2013-06-26 15:29 - 2013-06-26 15:29 - 00000216 _____ C:\windows\system32\TrueCrypt System Favorite Volumes.xml
2013-06-24 22:55 - 2013-05-08 07:38 - 01293672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

==================== One Month Modified Files and Folders =======

2013-07-17 16:06 - 2013-07-17 16:06 - 00000000 ____D C:\FRST
2013-07-17 16:06 - 2011-02-17 00:01 - 00083668 _____ C:\windows\system32\config\rules.rdb
2013-07-17 15:57 - 2013-03-21 16:49 - 00000000 ____D C:\Users\asl\AppData\Roaming\Mozilla
2013-07-17 15:45 - 2011-10-13 21:27 - 00000000 ____D C:\Users\asl\Downloads\ipcop
2013-07-17 15:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 15:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 06:13 - 2009-07-14 06:39 - 00100772 _____ C:\windows\setupact.log
2013-07-17 01:12 - 2010-12-23 12:52 - 00000000 ___RD C:\Users\asl\Downloads\mplayer
2013-07-16 23:56 - 2011-02-16 23:57 - 00000000 ____D C:\windows\system32\Filt
2013-07-16 19:46 - 2010-10-17 23:53 - 01110126 _____ C:\windows\WindowsUpdate.log
2013-07-16 01:11 - 2013-07-16 01:11 - 05030933 _____ C:\Users\asl\Downloads\RSW-Portable.zip
2013-07-15 23:24 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 23:17 - 2011-02-20 17:24 - 00267890 _____ C:\windows\system32\config\afw_db.conf
2013-07-15 23:17 - 2011-02-20 17:24 - 00016460 _____ C:\windows\system32\config\afw_hm.conf
2013-07-15 23:14 - 2010-10-17 09:17 - 00000000 ___RD C:\Users\asl\Desktop
2013-07-15 19:27 - 2010-10-18 12:08 - 00620492 _____ C:\windows\PFRO.log
2013-07-15 01:05 - 2013-07-15 01:05 - 00005346 _____ C:\windows\system32\PerfStringBackup.TMP
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Users\asl\AppData\Roaming\Malwarebytes
2013-07-14 21:10 - 2010-12-08 22:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 19:33 - 2010-10-24 22:30 - 00000919 _____ C:\Users\asl\Desktop\MySyncFolder.lnk
2013-07-14 19:33 - 2010-10-17 09:17 - 00000000 ____D C:\Users\asl\AppData\Roaming\ASUS WebStorage
2013-07-14 15:11 - 2013-07-14 15:08 - 208541524 _____ C:\Users\asl\regbckup.2013.07.14.reg
2013-07-14 15:08 - 2010-10-17 09:17 - 00000000 ____D C:\Users\asl
2013-07-14 14:52 - 2010-12-21 02:06 - 00000000 ____D C:\Users\asl\html
2013-07-14 02:23 - 2009-07-25 09:50 - 01528514 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-12 20:29 - 2013-07-05 03:15 - 00000000 ____D C:\Users\asl\Downloads\winFAQ
2013-07-12 18:54 - 2010-06-24 18:03 - 00055380 _____ C:\windows\DPINST.LOG
2013-07-12 18:53 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\DriverStore
2013-07-11 23:13 - 2013-07-11 23:13 - 00000000 ____D C:\Users\asl\Downloads\backups
2013-07-11 22:03 - 2013-07-11 22:03 - 00007219 _____ C:\Users\asl\Desktop\hijackthis.2013.07.11.log
2013-07-11 20:50 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-11 14:43 - 2013-07-11 14:33 - 00000000 ____D C:\windows\system32\MRT
2013-07-09 01:12 - 2013-07-09 01:12 - 00000499 _____ C:\Users\asl\Desktop\Krabben mit Ananas und Gemüse. 1portion.txt
2013-07-08 14:29 - 2010-12-23 14:09 - 00000000 ____D C:\Users\asl\AppData\Roaming\JonDo
2013-07-07 02:24 - 2013-01-19 13:10 - 00000000 ____D C:\Users\asl\AppData\Roaming\vlc
2013-07-06 19:05 - 2011-08-05 01:08 - 00000000 ____D C:\Users\asl\Downloads\_out
2013-07-06 03:01 - 2013-07-06 03:00 - 207852946 _____ C:\Users\asl\reg-bckup.05.07.2013.reg
2013-07-06 01:28 - 2013-07-06 01:28 - 00000000 ____D C:\Users\asl\AppData\Roaming\Avanquest
2013-07-06 01:28 - 2013-07-05 23:43 - 00000000 ____D C:\ProgramData\Avanquest
2013-07-06 00:17 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 23:43 - 2010-06-24 18:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-05 18:52 - 2011-11-15 20:45 - 00000000 ____D C:\ProgramData\Ulead Systems
2013-07-05 18:45 - 2010-12-07 03:57 - 00000000 ____D C:\Users\asl\AppData\Roaming\Philipp Winterberg
2013-07-05 18:38 - 2010-11-10 09:48 - 00000000 ____D C:\ProgramData\FreePDF
2013-07-05 18:38 - 2010-11-10 09:48 - 00000000 ____D C:\Program Files\FreePDF_XP
2013-07-05 18:29 - 2011-03-05 16:35 - 00000000 ____D C:\windows\tessdata
2013-07-05 18:27 - 2013-07-05 18:27 - 00000000 ____D C:\Users\asl\Documents\Freemake
2013-07-05 18:23 - 2010-10-26 19:30 - 00000000 ____D C:\Users\asl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
2013-07-05 18:08 - 2010-06-24 18:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-03 02:03 - 2010-12-16 11:32 - 00000000 ____D C:\Users\asl\Downloads\64
2013-06-28 01:47 - 2013-07-05 23:39 - 00000677 _____ C:\Users\asl\Desktop\leslichk.k-.na-.carb.nitrate.txt
2013-06-27 14:15 - 2011-01-15 04:42 - 00000000 ____D C:\Users\asl\Downloads\pn
2013-06-27 03:41 - 2010-10-23 14:37 - 00015872 _____ C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-26 19:06 - 2013-06-26 19:07 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-26 19:05 - 2013-06-26 19:09 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-26 19:05 - 2013-06-26 19:07 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-26 19:05 - 2013-06-26 19:07 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-26 19:05 - 2013-03-08 03:11 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-06-26 19:05 - 2010-10-26 12:27 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-06-26 19:02 - 2011-02-17 00:01 - 95658496 _____ C:\windows\system32\config\fsdb.sdb
2013-06-26 17:05 - 2013-06-26 17:05 - 330030432 _____ C:\windows\MEMORY.DMP
2013-06-26 17:05 - 2013-06-26 17:05 - 00145280 _____ C:\windows\Minidump\062613-33571-01.dmp
2013-06-26 17:05 - 2010-11-02 22:39 - 00000000 ____D C:\windows\Minidump
2013-06-26 15:30 - 2010-11-21 21:46 - 00000000 ____D C:\Users\asl\AppData\Roaming\TrueCrypt
2013-06-26 15:29 - 2013-06-26 15:29 - 00000216 _____ C:\windows\system32\TrueCrypt System Favorite Volumes.xml
2013-06-25 16:39 - 2010-11-09 11:16 - 00000000 ____D C:\Users\asl\games
2013-06-24 15:32 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-24 00:37 - 2010-10-18 11:48 - 75733144 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 21:16

==================== End Of Log ============================

--- --- ---

--- --- ---


und hier das Additional:
Zitat:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2013 02
Ran by asl at 2013-07-17 16:11:31
Running from C:\Users\asl\Downloads\ipcop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 1.1.0)
ACD/Labs Software in C:\Program Files\ACDFREE12\ (Version: v12.00, FREE)
Acrobat.com (Version: 1.6.65)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader 9.4.1 MUI (Version: 9.4.1)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe SVG Viewer 3.0 (Version: 3.0)
ArcSoft TotalMedia 3.5
ArcSoft WebCam Companion 2
ASUS VIBE (Version: 1.0.187)
ASUS WebStorage (Version: 3.0.84.161)
ASUSUpdate for Eee PC (Version: 1.04.01)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
Audacity 1.3.12 (Unicode)
Avira Free Antivirus (Version: 12.1.9.1236)
AVR Studio 4 (Version: 4.10.356)
Booster 1.05A02
Bridge Builder
Bug Brain
calibre (Version: 0.8.12)
Canon CanoScan Toolbox 5.0
CanoScan 4400F
CapsHook (Version: 1.0.0.5)
CCS64 V3.8 (Version: 1.0.0)
ChemToolBox version 1.1.0
Clonk Endeavour 4.95.5 (Version: 4.95.5)
Conceptronic CTVDIGUSB2 Device Utilities (Version: 3.0.0.0)
DVB-T USB BDA Driver
ebi.BookReader3J (Version: 3.75.14)
Eee Docking 3.7.0 (Version: 3.7.0)
EeeSplendid (Version: 5.1.2.0011)
ELECTRA 2.8
EncVorbis 1.1 (Version: 1.1)
eReg (Version: 1.20.138.34)
Evince 2.30.3 (Version: 2.30.3)
FontResizer (Version: 1.01.0011)
Free CD to MP3 Converter
Frhed 1.7.1 (Version: 1.7.1)
GnuWin32: NetPbm version 10.27 (Version: 10.27)
GPL Ghostscript 9.00
Hotkey Service (Version: 1.27)
ImgBurn (Version: 2.5.3.0)
inSSIDer 2.0 (Version: 2.0.2)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.27)
JAP (Version: 00.13.001)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 21 (Version: 6.0.210)
Java(TM) 6 Update 22 (Version: 6.0.220)
KONICA MINOLTA magicolor 2430DL
LAME v3.98.3 for Audacity
LG CyberLink Power2Go (Version: 6.2.3325)
LG Power Tools (Version: 6.0.3316)
LiveUpdate (Version: 1.21)
LocaleMe (Version: 1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft GIF Animator
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Monjas Breakout (Version: 1.1.34.0)
MP3 Parser DirectShow Filter (remove only)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Musik & Audio Restaurator Pro 5.0 (Version: 5.0)
Nmap 5.20
Nokia Connectivity Cable Driver (Version: 7.1.45.0)
Oolite 1.76.0.4679
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opera 12.15 (Version: 12.15.1748)
Outpost Security Suite 7.1 (Version: 7.1)
PC Connectivity Solution (Version: 11.4.21.0)
PL-2303 USB-to-Serial (Version: 1.00.000)
PL-2303 Vista Driver Installer (Version: 3.0.1.0)
PosteRazor (Version: 1.5.2)
Programmer's Notepad 2 (Version: 2.2.0.2240)
ProtectDisc Helper Driver 10 (Version: 10.0.0.3)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
Realtek High Definition Audio Driver (Version: 6.0.1.6098)
ReOrganize! (Version: 2.3.1)
Scope (Version: 1.22.0)
Sid Meier's Civilization 4 Complete (HKCU Version: 1.74)
Skype™ 5.10 (Version: 5.10.116)
SMPlayer 0.6.8 (Version: 0.6.8)
SPCA1528 PC Driver (Version: 2.2.3.7)
Super Hybrid Engine (Version: 2.16)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.16.0)
Target 3001! V15 discover (Version: )
Telescope Driver (Version: 10.30.09)
TrueCrypt (Version: 7.0a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
USB PC Camera Plus (Version: 5.21.1.000)
VLC media player 2.0.5 (Version: 2.0.5)
Winamp (Version: 5.581 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Winamp Toolbar
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xiph.Org Ogg Codecs 0.83.17220 32-bit (Version: 0.83.17220)


==================== Restore Points =========================

14-07-2013 13:40:14 Windows Update
14-07-2013 15:39:04 Windows Update
14-07-2013 15:47:48 Windows Update
14-07-2013 15:56:11 Windows Update
14-07-2013 16:19:25 PC Connectivity Solution wird entfernt
15-07-2013 21:02:04 Windows Update
15-07-2013 21:46:03 Windows Update
15-07-2013 21:57:10 Windows Update
15-07-2013 22:06:59 Windows Modules Installer
15-07-2013 22:15:38 Windows Update
15-07-2013 22:23:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03B1E017-ADAD-4F6C-9FFF-F3FF1263B9B3} - System32\Tasks\{40231726-2AD1-4DDF-802B-B3592288EDF9} => C:\Users\asl\games\CCS64\ccs64109\CCS64.EXE [1997-10-19] ()
Task: {0B1D4333-A969-48B4-B66A-F8FA9459B107} - System32\Tasks\{3A4B8E9E-3491-4753-AA5B-4D963D0335CC} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {293AC247-9FEE-4B2E-8819-2408640F3744} - System32\Tasks\{8F6B01B5-DD6B-4F94-BDF3-5FCC6C2F4825} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {2D8DCBBD-DBF9-4B8C-9641-94AA1D73BCDC} - System32\Tasks\{6E18611D-A9BF-46D1-80E2-34C418CD88CD} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {3674CDBE-2E30-4559-A98D-615183B6E07A} - System32\Tasks\{7115B069-7D1D-43D7-B928-D4C346E7C4B7} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {39A74D49-2E87-4D8F-8998-54836FAFEC73} - System32\Tasks\{F50075FE-EDB8-4730-914C-A9F8493BC816} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software)
Task: {47C5E7EA-0F15-4384-A0F2-B5D5AC4E4EFD} - System32\Tasks\{6E818BBE-FD87-4A3F-A1C9-868D6639A427} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {557E4D75-B3DD-4129-A026-03A38095DC18} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {7122C574-17F2-41EA-950B-0F4DFDF3AEF1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {7DF999DB-DFBB-4B96-AFBB-08A846C20FAF} - System32\Tasks\{D4C09B2F-F973-4EA7-9A45-ED71478418CB} => C:\windows\divpcam.exe No File
Task: {8F9F3C9D-27D1-40EB-AE25-41D558FC7FC7} - System32\Tasks\{EB06576D-1FB8-4C14-9E23-D871D30D8497} => C:\Franzis\AVR\AvrStudio4\AVRStudio.exe [2004-08-20] ()
Task: {99CD4632-F462-480A-AFB4-45EA4E679EAD} - System32\Tasks\{63E4BB1D-0171-494D-BBF1-12E3ECB51654} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {9B0BC181-4244-4940-90C2-88D404AB44DB} - System32\Tasks\{499A9D13-BA7F-42E1-B8F2-B447F5B5648C} => C:\Franzis\AVR\AvrStudio4\AVRStudio.exe [2004-08-20] ()
Task: {ADE0237C-7293-405E-B7B3-929CAB865F26} - System32\Tasks\{6F4FCA60-4D99-4CE2-A1D6-DEBF29286278} => C:\Users\asl\games\CCS64\ccs64109\CCS64.EXE [1997-10-19] ()
Task: {B2604337-5581-42FC-9F2C-C6BFD76BF951} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {CC267A72-326B-405D-A724-233655919F38} - System32\Tasks\{3F7079CF-A8DD-40E5-A444-C5BB74D6ED31} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {CD61100B-E4E9-4E92-BFBE-ADD86DA9FDAC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {E0A49F5F-1924-463F-9612-FA3527CF4D51} - System32\Tasks\{E214E448-29F2-4EBE-8CE6-AA894092ADEB} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {E3CFDE65-39F9-4C66-8ECB-55ED5455B0F5} - System32\Tasks\{5CA95D23-D5BE-4F50-BDC9-84C28E911DA1} => C:\Users\asl\games\CCS64\ccs32\ccs.exe [2000-01-24] ()
Task: {E550E20B-71C5-4500-8C08-153AE7111B2D} - System32\Tasks\{C964DC32-D255-4EFF-9D34-7D3DF95DC30E} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {E7A05E30-A508-4B3E-9C6A-F8437C0125C9} - System32\Tasks\{081D8737-4B15-49F6-A79F-833025871DBE} => C:\Program Files\IrfanView\i_view32.exe [2010-10-20] (Irfan Skiljan)
Task: {EFC83B69-FDCF-406C-B89D-BC6B8528BBEF} - System32\Tasks\{03DF4B75-1EAC-4C89-8399-B2A983CF45A2} => C:\Program Files\IrfanView\i_view32.exe [2010-10-20] (Irfan Skiljan)
Task: {F1B91D14-2453-440D-9BAB-A9D1771D5900} - System32\Tasks\{D95EA9D2-3154-4D80-A5B4-BD0730A36B74} => C:\Franzis\AVR\AvrStudio4\AVRStudio.exe [2004-08-20] ()
Task: {F3AC650F-D259-4F35-B7F1-B2710F13C1FB} - System32\Tasks\{BDFEC4C0-FD3D-496D-927F-01827624A0BD} => C:\Users\asl\games\simon5\simon5.exe No File
Task: {F6D37DDD-B9F0-434C-AFB3-6A0BEFC8C620} - System32\Tasks\{F9CDFE2D-E431-45E8-AFF9-444C3E3C4CC1} => C:\Users\asl\games\CCS64\ccs64109\CCS64.EXE [1997-10-19] ()
Task: {F8543B71-B76B-44C1-A2DA-09F3DC015BED} - System32\Tasks\{55F0F4C8-2DC8-4B0A-97D5-7863D5C2B04B} => C:\Users\asl\games\simon5\simon5.exe No File

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (L2TP)
Description: WAN-Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (Netzwerkmonitor)
Description: WAN-Miniport (Netzwerkmonitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (IP)
Description: WAN-Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (IPv6)
Description: WAN-Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (PPPOE)
Description: WAN-Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (PPTP)
Description: WAN-Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (SSTP)
Description: WAN-Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2013 07:28:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0x508
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/16/2013 00:22:14 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xb1c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/16/2013 00:06:55 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070005).

Error: (07/15/2013 11:41:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xd28
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 11:34:50 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (07/15/2013 11:27:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xb7c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 11:26:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xf7c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 11:25:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0x5e8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 10:56:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xcd4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3

Error: (07/15/2013 10:46:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000aba6
ID des fehlerhaften Prozesses: 0xa9c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3


System errors:
=============
Error: (07/17/2013 04:07:26 PM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 04:07:26 PM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 04:06:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (07/17/2013 04:06:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (07/17/2013 04:06:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Kryptografiedienste" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (07/17/2013 03:51:54 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/17/2013 08:55:58 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 08:55:50 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 08:55:34 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (07/17/2013 08:55:28 AM) (Source: NetBT) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.


Microsoft Office Sessions:
=========================
Error: (07/16/2013 07:28:57 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba650801ce81aae6852570C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll31943df6-ee3d-11e2-b8d8-20cf303d6b5d

Error: (07/16/2013 00:22:14 AM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6b1c01ce81a9bd9bf3fbC:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dllffac1ae1-ed9c-11e2-b8d8-20cf303d6b5d

Error: (07/16/2013 00:06:55 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070005

Error: (07/15/2013 11:41:45 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6d2801ce81a2306ef718C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll57ff56bb-ed97-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 11:34:50 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (07/15/2013 11:27:05 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6b7c01ce81a20a78f9a6C:\windows\System32\svchost.exeC:\windows \system32\msvcrt.dll4b0899cd-ed95-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 11:26:57 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6f7c01ce81a1e90a7576C:\windows\System32\svchost.exeC:\windows \system32\msvcrt.dll4684177f-ed95-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 11:25:32 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba65e801ce81a1a00b558cC:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll14016be5-ed95-11e2-b8d8-20cf303d6b5d

Error: (07/15/2013 10:56:30 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6cd401ce819dc322ef19C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll055396a6-ed91-11e2-8804-20cf303d6b5d

Error: (07/15/2013 10:46:09 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc100msvcrt.dll7.0.7601.177444eeaf722c00000050000aba6a9c01ce819c55469cf2C:\windows\system32\svchost.exeC:\windows \system32\msvcrt.dll937f4b24-ed8f-11e2-8804-20cf303d6b5d


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2038.15 MB
Available physical RAM: 1007.04 MB
Total Pagefile: 4076.3 MB
Available Pagefile: 2816.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:15.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:29.71 GB) (Free:5.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 29133921)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

cosinus 18.07.2013 00:34

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


lydia_eule 18.07.2013 04:22

done. hier nun also das log von combofix:
Code:

ComboFix 13-07-16.01 - asl 18.07.2013  1:55.1.2 - x86
Microsoft Windows 7 Starter  6.1.7601.1.1252.49.1031.18.2038.1358 [GMT 2:00]
ausgeführt von:: c:\users\asl\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-18 bis 2013-07-18  ))))))))))))))))))))))))))))))
.
.
2013-07-18 01:26 . 2013-07-18 01:39        --------        d-----w-        c:\users\asl\AppData\Local\temp
2013-07-18 01:26 . 2013-07-18 01:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-17 23:16 . 2013-07-15 01:34        7143960        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{04A5E7AF-81F8-4A9D-B98E-825481AC5DEA}\mpengine.dll
2013-07-17 14:06 . 2013-07-17 14:06        --------        d-----w-        C:\FRST
2013-07-14 19:11 . 2013-07-14 19:11        --------        d-----w-        c:\users\asl\AppData\Roaming\Malwarebytes
2013-07-14 19:10 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-14 13:08 . 2013-07-14 13:11        208541524        ----a-w-        c:\users\asl\regbckup.2013.07.14.reg
2013-07-11 12:33 . 2013-07-11 12:43        --------        d-----w-        c:\windows\system32\MRT
2013-07-06 01:00 . 2013-07-06 01:01        207852946        ----a-w-        c:\users\asl\reg-bckup.05.07.2013.reg
2013-07-05 23:28 . 2013-07-05 23:28        --------        d-----w-        c:\users\asl\AppData\Roaming\Avanquest
2013-07-05 21:44 . 2012-01-13 11:48        17944        ----a-w-        c:\windows\system32\drivers\AQFileRestore.sys
2013-07-05 21:43 . 2013-07-05 23:28        --------        d-----w-        c:\programdata\Avanquest
2013-06-26 17:07 . 2013-06-26 17:06        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 20:55 . 2013-05-08 05:38        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 17:05 . 2013-03-08 01:11        867240        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-06-26 17:05 . 2010-10-26 10:27        789416        ----a-w-        c:\windows\system32\deployJava1.dll
2013-05-05 19:12 . 2013-05-22 15:18        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-02 00:06 . 2010-12-08 21:00        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 11:09 . 2013-05-01 11:07        211753182        ----a-w-        c:\windows\system32\2013.05.01.registry.bck.reg
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-02-07 13:14        468128        ----a-w-        c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-11-21 1496528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-29 415920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-06-24 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-02-07 517056]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-02-07 3107736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-15 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 .AVQWindowsMonitorService;Fix-It Utilities Prozess-Monitor;c:\program files\Avanquest\Fix-It\AVQWinMonEngine.exe [x]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [2012-01-13 17944]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2011-02-02 72352]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [x]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\DRIVERS\inidvd.sys [2009-08-05 16024]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]
R3 PORTMON;PORTMON;c:\users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 188392]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 32872]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-12-03 309320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-02-02 242040]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [2011-02-02 36288]
R3 VHDWQBLKZ;VHDWQBLKZ;c:\users\asl\AppData\Local\Temp\VHDWQBLKZ.exe [x]
R4 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\Avanquest\Fix-It\AQFileRestoreSrv.exe [x]
R4 BV;BV;c:\users\asl\AppData\Local\Temp\BV.exe [x]
R4 FTAAG;FTAAG;c:\users\asl\AppData\Local\Temp\FTAAG.exe [x]
R4 MVRBXYMUKTY;MVRBXYMUKTY;c:\users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe [x]
R4 QKHKZJ;QKHKZJ;c:\users\asl\AppData\Local\Temp\QKHKZJ.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-07 691696]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-04-20 34920]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-21 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-02-02 710824]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2011-02-07 2072592]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-15 50704]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-09-27 328296]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-13 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
AddRemove-IrfanView - e:\portable\IrfanView\iv_uninstall.exe
AddRemove-Musik & Audio Restaurator Pro 5_is1 - c:\program files\softfeld\Musik und Audio Restaurator Pro 5\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3532)
c:\progra~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WerFault.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-18  04:45:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-18 02:45
.
Vor Suchlauf: 11 Verzeichnis(se), 16.325.795.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 17.673.228.288 Bytes frei
.
- - End Of File - - 4A2F52C95A6B6C113BE9A6E99CBD8787
EF6DF11655F8FD600A5BE866AE01AAFC


cosinus 18.07.2013 04:25

Zitat:

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
Das ist schonmal sehr kontraproduktiv. Wozu hast du Avira und Outpost installiert?
Belass es einfach bei einem reinem Virenscanner plus Windows-Firewall, mehr ist nicht nötig. Anders gesagt, mehr verursacht mehr Komplikationen. Deinstalliere Outpost.

lydia_eule 18.07.2013 04:41

sorry, aber gemäß der Anweisung, ich sollte son Zeug für den Scan ausmachen tat ich mein Bestes, es abzuschalten. Wenn das falsch war habe ich wohl die Anweisungen falsch verstanden. Vllt bin ich aber auch einfach zu blöd und du meinst was anderes.

Gruß,

die eule

cosinus 18.07.2013 04:44

Du hast richtig gelesen und auch nichts falsch gemacht. Nun solltest du jetzt Outpost deinstallieren.

Einen Vorwurf gab es nit und ich mach uns auch gern einen Kaffee jetzt :lach: :kaffee:

lydia_eule 18.07.2013 05:14

Das mag sich für dich jetzt evtl komisch anhören, aber kann ich nicht stattdessen lieber die M$-Firewall rauswerfen statt Outpost? Irgendwie hänge ich daran, seit ich unter Win98 vieles probiert habe und diese am angenehmsten fand. :o Die sieht knuffelig aus und fühlt sich eben einfach "richtig" an. :confused:

achja: thx 4 coffee

cosinus 18.07.2013 05:23

*Kaffee rüberreich* :party:

Oh sry das ist der richtige Smilie :lach: => :kaffee:

Zitat:

seit ich unter Win98 vieles probiert habe und diese am angenehmsten fand
W98 ist FÜNFZEHN Jahre her :wtf: und kann mit heutigen OS nicht mehr verglichen werden. Das MS-OS hat schon eine recht gut funktionierende Firewall seit WinXP SP2. Mehr braucht es nicht. Fordere mich nicht heraus Beweise zu liefern :zunge:

lydia_eule 18.07.2013 05:38

hmm nagut, auch wenn es mir schwerfällt werfe ich mein geliebtes Outpost mal raus. btw wo wir gerade beim rauswerfen sind: gibt es eigentlich einen Weg, den Implosion-Enhancer so zu deinstallieren, daß der nicht bei der nxt Gelegenheit wieder da ist? Ich habe den meines Wissens noch nie benutzt, d.h. avira ist wohl das Einzige, was da regelmäßig drauf zugreift.

cosinus 18.07.2013 06:06

Mach bitte neue Logs ;)

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

lydia_eule 18.07.2013 06:14

outpost-uninstall accomplished, dafür motzt jetzt windows-update rum.

cosinus 18.07.2013 06:21

Ich will nackte Logs sehen :D

lydia_eule 18.07.2013 07:01

hier erstmal das neue gmer (:nackt:):
Code:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-18 07:52:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 232,89GB
Running: lisqf4un.exe; Driver: C:\Users\asl\AppData\Local\Temp\fxldqpow.sys


---- System - GMER 2.1 ----

SSDT    80582076                                                                                                                                                                                                                          ZwCreateSection
SSDT    80582080                                                                                                                                                                                                                          ZwRequestWaitReplyPort
SSDT    8058207B                                                                                                                                                                                                                          ZwSetContextThread
SSDT    80582085                                                                                                                                                                                                                          ZwSetSecurityObject
SSDT    8058208A                                                                                                                                                                                                                          ZwSystemDebugControl
SSDT    80582017                                                                                                                                                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                                                          82A59A09 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                            82A931F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                                                82A9A34C 4 Bytes  [76, 20, 58, 80]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                                                                82A9A6A8 4 Bytes  [80, 20, 58, 80]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                                                                                                82A9A6EC 4 Bytes  [7B, 20, 58, 80]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                                                                                                                82A9A768 4 Bytes  [85, 20, 58, 80]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                                                                                                                82A9A7BC 4 Bytes  [8A, 20, 58, 80]
.text  ...                                                                                                                                                                                                                               
?      System32\Drivers\sprm.sys                                                                                                                                                                                                          Das System kann den angegebenen Pfad nicht finden. !
.reloc  C:\windows\system32\drivers\acedrv10.sys                                                                                                                                                                                          section is executable [0xAD84D000, 0x459C1, 0xE0000060]

---- Trace I/O - GMER 2.1 ----

Trace  ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys sprm.sys >>UNKNOWN [0x85314938]<<                                                                                                                              85314938
Trace  1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861d67c8]                                                                                                                                                                            861d67c8
Trace  3 CLASSPNP.SYS[8920459e] -> nt!IofCallDriver -> [0x857d5828]                                                                                                                                                                      857d5828
Trace  5 ACPI.sys[88ba53d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85769028]                                                                                                                                            85769028

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\1c4bd6048c8d (not active ControlSet)                                                                                                                                   
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                             
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                    C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                    0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                    0
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                0xDF 0xEC 0xEF 0xF8 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                     
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                          0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                        0x28 0x43 0x71 0xE7 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                               
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                  0x9F 0xDA 0x33 0x35 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                                                                                               
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                                                                  0xA7 0xC9 0xA7 0x6E ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)                                                                                                               
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                                                                  0x57 0x99 0x90 0xD6 ...
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)                                                                                                               
Reg    HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                                                                                                                                  0x35 0xC4 0xC2 0x93 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6048c8d                                                                                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                                                                                                771343423
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                                                                                                285507792
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                            0xA3 0x11 0xFF 0xFC ...
Reg    HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\1c4bd6048c8d (not active ControlSet)                                                                                                                                   
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                             
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                    0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                    0
Reg    HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                0xA3 0x11 0xFF 0xFC ...
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                          1

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----


cosinus 18.07.2013 07:40

Du bist nur halbnackig :D
Das von MBAR fehlt noch ;)

lydia_eule 18.07.2013 13:31

:lach: stimmt, bin mitten im Scan einfach weggepennt - verfrellt klischeehaft - naja, hier auch die andere nackte Hälfte (:nackt:)
Code:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.666000 GHz
Memory total: 2137157632, free: 1286983680

Downloaded database version: v2013.07.18.01
Downloaded database version: v2013.07.15.01
Initializing...
------------ Kernel report ------------
    07/18/2013 08:09:07
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sprm.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\drivers\AsUpIO.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\windrvr6.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\dump_truecrypt.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\drivers\acedrv10.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\asl\AppData\Local\Temp\fxldqpow.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff861d67c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85769028
Lower Device Driver Name: \Driver\iaStor\
IRP handler 0 of \Driver\iaStor is hooked
IRP handler 2 of \Driver\iaStor is hooked
IRP handler 14 of \Driver\iaStor is hooked
IRP handler 15 of \Driver\iaStor is hooked
IRP handler 22 of \Driver\iaStor is hooked
IRP handler 23 of \Driver\iaStor is hooked
IRP handler 27 of \Driver\iaStor is hooked
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff861d67c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85769028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff861d67c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861d7020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff861d6490, DeviceName: Unknown, DriverName: \Driver\truecrypt\
DevicePointer: 0xffffffff861d67c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff857d5828, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85769028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\truecrypt\
Upper DeviceData: 0xffffffffaf08caa0, 0xffffffff861d67c8, 0xffffffff84b50490
Lower DeviceData: 0xffffffffb4c3a638, 0xffffffff85769028, 0xffffffff87e4d480
<<<3>>>
Volume: C:
File system type: NTFS
Failed to get NTFS Boot Sector
SectorSize = 52190, ClusterSize = 56196, MFTRecordSize = 0, MFTIndexSize = 0 bytes
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Alternate device has been used.
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
Failed to get NTFS Boot Sector
SectorSize = 52190, ClusterSize = 56196, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
Failed to get NTFS Boot Sector
SectorSize = 52190, ClusterSize = 56196, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Alternate device has been used.
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
Failed to get NTFS Boot Sector
SectorSize = 52190, ClusterSize = 56196, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
Failed to get NTFS Boot Sector
SectorSize = 52190, ClusterSize = 56196, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Alternate device has been used.
File user open failed: C:\windows\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 29133921

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 209715200
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x1b)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 209717248  Numsec = 31457280

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 241174528  Numsec = 247181312

    Partition 3 type is Other (0xef)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 488355840  Numsec = 41328

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

Ich hoffe nur sehr, der mbam hat mir nicht die truecrypt- pre-boot aus dem MBR geschrubbt, das wäre dann doch eher unschön.

cosinus 18.07.2013 20:14

Ist leider das falsche Log von MBAR :wtf:

lydia_eule 19.07.2013 01:33

oh sorry, hier das hoffentlich richtige:
Code:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
asl :: NODE0009 [administrator]

18.07.2013 08:09:37
mbar-log-2013-07-18 (08-09-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 255945
Time elapsed: 31 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

so langsam bekomme ich allerdings echt ne kleine Krise, denn die Internetverbindung wird jetzt als "Eingeschränkt" angegeben.

cosinus 19.07.2013 14:56

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

lydia_eule 19.07.2013 21:19

Hmm, also hier erstmal die jrt.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Starter x86
Ran by asl on 19.07.2013 at 20:59:34,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}



~~~ Files

Successfully deleted: [File] C:\windows\prefetch\APNSTUB.EXE-0DA02D88.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\asl\appdata\local\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files\winamp toolbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2013 at 21:08:02,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

der Adware-cleaner:
Code:

# AdwCleaner v2.306 - Datei am 19/07/2013 um 21:23:45 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : asl - NODE0009
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\asl\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\asl\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3435 octets] - [19/07/2013 21:23:45]

########## EOF - C:\AdwCleaner[S1].txt - [3495 octets] ##########

hier die otl.txt:
Code:

OTL logfile created on: 7/19/2013 9:44:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\asl\Downloads\ipcop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.42% Memory free
3.98 Gb Paging File | 3.02 Gb Available in Paging File | 75.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 17.43 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
 
Computer Name: NODE0009 | User Name: asl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\asl\Downloads\ipcop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (VHDWQBLKZ) -- C:\Users\asl\AppData\Local\Temp\VHDWQBLKZ.exe File not found
SRV - (RichVideo) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found
SRV - (QKHKZJ) -- C:\Users\asl\AppData\Local\Temp\QKHKZJ.exe File not found
SRV - (MVRBXYMUKTY) -- C:\Users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe File not found
SRV - (FTAAG) -- C:\Users\asl\AppData\Local\Temp\FTAAG.exe File not found
SRV - (Fix-It Task Manager) -- C:\PROGRA~1\AVANQU~1\Fix-It\MxTask.exe File not found
SRV - (BV) -- C:\Users\asl\AppData\Local\Temp\BV.exe File not found
SRV - (AQFileRestoreSrv) -- C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe File not found
SRV - (.AVQWindowsMonitorService) -- C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (tunnel) -- system32\DRIVERS\tunnel.sys File not found
DRV - (PORTMON) -- C:\Users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS File not found
DRV - (catchme) -- C:\Users\asl\AppData\Local\Temp\catchme.sys File not found
DRV - (Ca1528av) -- System32\Drivers\Ca1528av.sys File not found
DRV - (Bulk1528) -- System32\Drivers\Bulk1528.sys File not found
DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AQFileRestore) -- C:\Windows\System32\drivers\AQFileRestore.sys ()
DRV - (TrufosAlt) -- C:\Windows\System32\drivers\TrufosAlt.sys (BitDefender S.R.L.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (INIDVD) -- C:\Windows\System32\drivers\inidvd.sys (Initio Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/11/26 17:15:20 | 000,000,000 | ---D | M]
 
 
[2013/03/21 16:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asl\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2013/07/18 03:27:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223D3DB-A5CA-48EF-A348-62068B6261CC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F66DFF8B-0C17-4FAD-ABEE-695A8CAEA52E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/19 20:59:27 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/18 08:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/18 08:05:26 | 000,000,000 | ---D | C] -- C:\Users\asl\Desktop\mbar.combofix
[2013/07/18 03:35:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/07/18 03:26:57 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Local\temp
[2013/07/18 01:47:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/18 01:47:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/18 01:47:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/18 01:46:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/18 01:46:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/18 01:45:19 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/17 19:50:12 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/07/17 16:06:36 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/14 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Malwarebytes
[2013/07/14 21:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/14 21:10:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/07/12 17:48:17 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/07/11 14:33:21 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/07/06 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Avanquest
[2013/07/05 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2013/07/05 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\asl\Documents\Freemake
[2013/06/26 19:09:30 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/06/26 19:07:54 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/06/26 19:07:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/06/26 19:07:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/06/24 17:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monjas Breakout
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/19 21:33:19 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 21:33:19 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 21:26:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/19 21:26:13 | 1602,867,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 03:27:27 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/07/17 23:52:28 | 000,684,248 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/07/17 23:52:28 | 000,625,430 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/17 23:52:28 | 000,139,718 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/07/17 23:52:28 | 000,115,168 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/15 23:14:49 | 000,065,992 | ---- | M] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf
[2013/07/14 19:33:59 | 000,000,919 | ---- | M] () -- C:\Users\asl\Desktop\MySyncFolder.lnk
[2013/07/14 15:11:12 | 208,541,524 | ---- | M] () -- C:\Users\asl\regbckup.2013.07.14.reg
[2013/07/06 03:01:51 | 207,852,946 | ---- | M] () -- C:\Users\asl\reg-bckup.05.07.2013.reg
[2013/06/27 03:41:35 | 000,015,872 | ---- | M] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 19:06:00 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/06/26 19:05:53 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/06/26 19:05:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/06/26 19:05:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/06/26 19:05:52 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2013/06/26 19:05:52 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013/06/26 17:05:27 | 330,030,432 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/06/26 15:29:52 | 000,000,216 | ---- | M] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml
 
========== Files Created - No Company Name ==========
 
[2013/07/18 01:47:50 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/18 01:47:50 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/18 01:47:50 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/18 01:47:50 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/18 01:47:50 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/15 23:14:49 | 000,065,992 | ---- | C] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf
[2013/07/14 15:08:12 | 208,541,524 | ---- | C] () -- C:\Users\asl\regbckup.2013.07.14.reg
[2013/07/06 03:00:41 | 207,852,946 | ---- | C] () -- C:\Users\asl\reg-bckup.05.07.2013.reg
[2013/07/05 23:44:33 | 000,001,984 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.inf
[2013/07/05 23:44:26 | 000,017,944 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.sys
[2013/06/26 17:05:27 | 330,030,432 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/06/26 15:29:56 | 000,000,216 | ---- | C] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml
[2013/02/17 18:43:33 | 000,000,756 | ---- | C] () -- C:\Users\asl\.recently-used.xbel
[2013/01/31 17:09:00 | 000,014,115 | ---- | C] () -- C:\windows\twspmm.ini
[2012/12/12 04:53:17 | 000,001,776 | ---- | C] () -- C:\windows\Sandboxie.ini
[2012/01/03 03:40:12 | 000,000,867 | ---- | C] () -- C:\Users\asl\RPSTD2010.lic
[2012/01/03 03:39:59 | 000,000,019 | ---- | C] () -- C:\Users\asl\rp.ini
[2011/12/10 21:26:45 | 000,000,926 | ---- | C] () -- C:\windows\ARPR.INI
[2011/11/15 20:26:07 | 000,084,616 | ---- | C] () -- C:\windows\StkUnist.exe
[2011/10/26 06:04:54 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2011/09/23 02:44:26 | 000,000,649 | ---- | C] () -- C:\Users\asl\asl - Verknüpfung.lnk
[2011/09/10 08:31:31 | 000,044,398 | ---- | C] () -- C:\Users\asl\Nokia 6700 classic (1).pdf
[2011/09/09 02:03:05 | 000,310,550 | ---- | C] () -- C:\Users\asl\metalldetector.jpg
[2011/03/24 03:20:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/21 22:20:07 | 001,835,008 | ---- | C] () -- C:\Users\asl\truecryptrescue.iso
[2010/10/23 14:37:50 | 000,015,872 | ---- | C] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 20:36:39 | 000,007,610 | ---- | C] () -- C:\Users\asl\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

und gleich dazu die extras.txt:

Code:

OTL Extras logfile created on: 7/19/2013 9:44:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\asl\Downloads\ipcop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.42% Memory free
3.98 Gb Paging File | 3.02 Gb Available in Paging File | 75.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 17.43 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
 
Computer Name: NODE0009 | User Name: asl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.jse [@ = JSEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AA52F0A4-90C3-4BA6-BBEF-74C6FBE06935}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{D768A2D2-5B88-4EFE-80B1-DAE9576220A5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CB5027-1915-4830-909C-C6E69AA6ECFE}" = Monjas Breakout
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1B66191A-B8CD-4F53-AB9B-0B4AAE2235BA}" = calibre
"{1BAE5C85-A6D3-430C-842B-EAA27AC0C2E8}" = ArcSoft TotalMedia 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021F0}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BD90AED-0FF2-4A69-B84D-DC0679991FB7}" = Evince 2.30.3
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.8
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVR Studio 4
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Conceptronic CTVDIGUSB2 Device Utilities
"{DF1B8AA2-3231-498F-8136-2171D1FD1A65}" = ArcSoft WebCam Companion 2
"{E5026CE8-B6E0-46CB-A63C-040B920C8611}" = inSSIDer 2.0
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Bridge Builder" = Bridge Builder
"Bug Brain" = Bug Brain
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"ChemToolBox_is1" = ChemToolBox version 1.1.0
"Clonk Endeavour" = Clonk Endeavour 4.95.5
"Eee Docking_is1" = Eee Docking 3.7.0
"ELECTRA_is1" = ELECTRA 2.8
"EncVorbis" = EncVorbis 1.1
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Frhed" = Frhed 1.7.1
"GIF Animator" = Microsoft GIF Animator
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"JAP" = JAP
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LG USB Booster_is1" = Booster 1.05A02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mp3parse" = MP3 Parser DirectShow Filter (remove only)
"NetPbm-10.27_is1" = GnuWin32: NetPbm version 10.27
"Nmap" = Nmap 5.20
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
"Oolite" = Oolite 1.76.0.4679
"Opera 12.15.1748" = Opera 12.15
"PosteRazor_is1" = PosteRazor
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ReOrganize_is1" = ReOrganize!
"SMPlayer" = SMPlayer 0.6.8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Target 3001! V15 discover" = Target 3001! V15 discover
"TrueCrypt" = TrueCrypt
"TVRTLDrv" = DVB-T USB BDA Driver
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >


cosinus 20.07.2013 01:04

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


lydia_eule 20.07.2013 01:39

da stellst du mich offen gestanden jetzt vor ein kleines bis mittleres Problem. :wtf:
Ich habe ja nicht nur eins sondern eine ganze Reihe externer Platten, SD-chips und Sticks regelmäßig in Gebrauch. Das reicht von 256 MB bis über 1 TB und das meiste davon ist vollgestopft mit allem möglichen Kram und mehr als die Hälfte dieser ganzen Platten sind :nackt:, also nur über einen Adapter anzuschließen, von denen ich nur einen habe und den ich halt immer umstecke wobei ich das Netzteil (Standard- ATX-Netzteil als Standalone) allerdings gleichzeitig an alle anschließen kann. Ein solcher Vollscan aller Datenträger würde so bei der üblichen Scangeschwindigkeit dieses Rechnerleins wohl eine knappe Woche dauern, wenn ich das Kistchen ohne Unterbrechung durchlaufen ließe (vage Schätzung), die Zeit zum Plattenwechseln mal beiseitegeschoben.:heilig:
Ich würde gern den Rechner "unter deiner Anleitung" scannen und vllt ein Laufwerk, und den Rest dann eben im Alleingang nach und nach. Kannst du mir näheres dazu sagen, worauf genau ich achten soll, damit ich das dann ggf erkenne und entsprechend reagieren kann?:crazy:

Nachtrag: Ich wollte dir auch nochmal aufs gründlichste danken, habe aber auch eine weitere Frage: Da waren doch außer dem Kleinkram wie der Winamp-Toolbar-Geschichte noch irgendwelche "fetten Brummer" - zumindest hatte ich den Eindruck. Was war denn das eigentlich? Zumindest kam das mir alles nicht wie eine kleine "Wanzenjagd" vor.

cosinus 20.07.2013 01:48

Scann bitte erstmal nur alle internen Volumes :wtf:

lydia_eule 21.07.2013 15:57

so, sorry für die Verspätung, hier erstmal der neue mbam-scan:
Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.19.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
asl :: NODE0009 [Administrator]

Schutz: Aktiviert

21.07.2013 13:48:05
mbam-log-2013-07-21 (13-48-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 504514
Laufzeit: 2 Stunde(n), 28 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.19.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
asl :: NODE0009 [Administrator]

Schutz: Aktiviert

21.07.2013 13:48:05
mbam-log-2013-07-21 (13-48-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 504514
Laufzeit: 2 Stunde(n), 28 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

nun auf zum online-scan

cosinus 22.07.2013 00:08

Ok fehlt noch ESET :pfeiff:

lydia_eule 22.07.2013 00:26

Das ist mir jetzt etwas peinlich, aber nach 7:32 Stunden Scan Eset über die internen Laufwerke zeigte mir das Ding zwar an, es hätte 0 infizierte in einigen hunderttausend Dateien gefunden, ich finde aber kein log. Im angegebenen Verzeichnis befinden sich genau 3 Files: OnlineScanner.ocx, OnlineScannerApp.exe und OnlineScannerUninstaller.exe.

cosinus 22.07.2013 00:34

Wenn es niix gefunden hat nach 7h ist das ok :)
Es war doch auch nur als Kontrollscan gedacht, wir haben alles erwischt :aarr: :D


Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

lydia_eule 22.07.2013 01:01

Naja, Ich verwende seit Ewigkeiten Opera und für Fälle wo das nicht funktioniert (z.B. Filepony) noch einen Firefox. Den IE habe ich zwar aus dem System bisher nicht herausbekommen, aber außer Avira hat das Ding wohl noch niemand benutzt. Was die Cookies angeht hielt ich immer den Manager von Opera für halbwegs brauchbar, nun sehe ich ein, daß es wohl nicht reicht.
Hmm, für Email verwende ich ohnehin ausschließlich POP3, niemals Imap.

Oft verwende ich seit Jahren mal "JAP", mal "TOR", um wenigstens ein Mindestmaß an privacy im Internet zu haben, beide funktionieren seit den Scans nun nicht mehr, ich werde diese also neu installieren müssen, naja, macht nix.

Eins macht mich aber nach wie vor fuchsig: Daß die in den eingangs erwähnten log-Dateien im .txt-Format genannten Systemdienste (incl der Windows-Verschlüsselung) nicht als Systemkonto, sondern mit Passwort versehen einem "Trusted Installer" nur von Online kontrollierbar sind. Naja und dann kriege ich seit irgendwann zwischen den Scans bei der Ausführung von Win-Update eine Fehlermeldung (0x80070426), ebenso bei der Win-Problembehandlung. So das mit den Scans nichts zu tun hat bin ich nun echt ratlos.

Ich danke dir trotzdem erstmal für die geleistete Hilfe.

:party: Grüße,

die eule

cosinus 22.07.2013 01:20

Zur Windows-Fehlmeldung solltest du vllt noch einen neuen Strang in unserem Windows-Bereich aufmachen

Aber wir wären hier durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55