"Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar

Larusso · 05.09.2012, 19:13

Hy,

Ich muss mir da was überlegen, muss jetzt aber in die Arbeit

Larusso · 07.09.2012, 12:52

Hy.

Drücke bitte die Windows Taste und gib cmd ein.

Rechtsklick auf die cmd.exe und wähle "Als Admin ausführen"

In das schwarze Fenster gib bitte folgendes ein und drücke [Enter]

sc start wuauserv

Sag mir mal, ob da eine Fehlermeldung kommt.

akakesios · 07.09.2012, 17:44

Hallo Daniel,

sorry dass ich jetzt erst antworte - habe komischerweise keine mail erhalten dass du schon geantwortet hast..

Habe deine Anweisung befolgt. Nur leider kam da nichts nachdem ich die Windows Taste gedrückt und dann cmd eingegeben habe. Habe unter "Suchen" die cmd.exe gefunden. Nachdem ich besagtes eingegeben habe kam folgende Fehlermeldung:

[SC] StartService: OpenService FEHLER 1060:
Der angegebene Dienst ist kein installierter Dienst

Liebe Grüße

Larusso · 08.09.2012, 17:04

Downloade dir bitte Farbar's MiniRegTool.zip.

Extrahiere den Inhalt auf deinem Desktop und starte das Tool.

Kopiere den Text aus der Codebox in das Skriptfeld des Tools.

Code:

ATTFilter

HKLM\System\CurrentControlSet\Services\BITS
HKLM\System\CurrentControlSet\Services\wuauserv

Markiere den List Permissions Radio Button und klicke auf Go
Ändere keine anderen Einstellungen ohne Anweisung.

Poste die Result.txt bitte hier.

akakesios · 08.09.2012, 17:08

Hallo Daniel,

danke für deine Antwort!

Hier das Ergebnis:

Code:

ATTFilter

MiniRegTool by Farbar 
Ran by *** (administrator) on 2012-09-08 at 18:07:27

===============================================
ERROR: Parsing the SD of <HKEY_LOCAL_MACHINE\System\CurrrentControlSet\Services\BITS> failed with: Das System kann die angegebene Datei nicht finden.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv

   Owner: VORDEFINIERT\Administratoren

   DACL(NP)(AI):
   VORDEFINIERT\Benutzer   READ   ALLOW    (I) 
   VORDEFINIERT\Benutzer   READ   ALLOW   (CI)(IO) (I) 
   VORDEFINIERT\Administratoren   FULL   ALLOW    (I) 
   VORDEFINIERT\Administratoren   FULL   ALLOW   (CI)(IO) (I) 
   NT-AUTORITÄT\SYSTEM   FULL   ALLOW    (I) 
   NT-AUTORITÄT\SYSTEM   FULL   ALLOW   (CI)(IO) (I) 
   ERSTELLER-BESITZER   FULL   ALLOW   (CI)(IO) (I)

Larusso · 08.09.2012, 17:36

Ok, nächster Versuch.
Hatte nen Tippfehler im letzten Skript, aber mal schaun.

Downloade dir bitte ServiceRepair.exe auf deinem Desktop.
Doppelklick auf die Datei und bestätige die ersten Nachricht mit Yes.
Das Tool wird einen Neustart verlangen, dies bitte zulassen.

Starte bitte FSS.exe, Markiere alle Checkboxen und klicke auf Scan. Poste die FSS.txt bitte hier.

akakesios · 08.09.2012, 18:08

Hier das FSS Log:

Code:

ATTFilter

Farbar Service Scanner Version: 06-08-2012
Ran by *** (administrator) on 08-09-2012 at 19:06:04
Running from "C:\Users\***\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Larusso · 08.09.2012, 18:27

Lösche bitte die vorhandene Combofix Version und downloade dir von hier eine neue Version.

Speichere diese auf dem Desktop.
Gehe sicher, dass all deine Anti Virus und anderen Schutzprogramme abgeschalten sind.

Poste die C:\Combofix.txt hier

akakesios · 08.09.2012, 18:58

Hallo Daniel,

Combofix-Log:

Code:

ATTFilter

ComboFix 12-09-08.02 - *** 08.09.2012  19:33:21.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.2849 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-08 bis 2012-09-08  ))))))))))))))))))))))))))))))
.
.
2012-09-08 17:44 . 2012-09-08 17:44	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-08 17:44 . 2012-09-08 17:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-08 17:31 . 2012-09-08 17:31	--------	d-----w-	c:\users\***\AppData\Roaming\HPAppData
2012-09-04 09:52 . 2012-09-04 09:52	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-09-04 09:47 . 2012-09-04 09:47	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-03 18:38 . 2012-09-03 18:38	--------	d-----w-	C:\AULOGS
2012-09-03 14:10 . 2012-09-03 14:10	--------	d-----w-	c:\program files (x86)\Conduit
2012-09-03 14:10 . 2012-09-03 14:24	--------	d-----w-	c:\users\***\AppData\Local\Conduit
2012-09-03 13:49 . 2012-09-03 13:49	--------	d-----w-	c:\users\***\AppData\Roaming\Softland
2012-09-03 13:49 . 2010-02-05 13:00	1700352	----a-w-	c:\windows\system32\GdiPlus.dll
2012-09-03 13:21 . 2012-09-03 13:21	--------	d-----w-	c:\users\***\AppData\Roaming\Nitro PDF
2012-09-03 13:20 . 2011-02-28 22:37	95008	----a-w-	c:\windows\system32\Primomonnt.dll
2012-09-03 13:20 . 2012-09-03 14:01	--------	d-----w-	c:\users\***\AppData\Roaming\OpenCandy
2012-09-03 10:43 . 2012-08-03 19:38	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-08-30 09:04 . 2012-08-30 09:04	--------	d-----w-	c:\users\***\AppData\Roaming\Engelmann Media
2012-08-30 09:01 . 2012-08-30 09:01	--------	d-----w-	c:\program files (x86)\Common Files\HDX4
2012-08-22 11:46 . 2012-08-22 11:47	--------	d-----w-	c:\users\***\Calibre Bibliothek
2012-08-16 19:38 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-16 19:38 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 09:51 . 2012-04-06 12:13	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 09:51 . 2011-09-25 01:19	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-08-31 07:29	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{909E8FCB-C623-4048-9A8D-7F8DEC109C74}\mpengine.dll
2012-08-17 06:56 . 2010-05-02 14:30	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-03 11:53 . 2012-08-03 11:53	145912	----a-w-	c:\windows\SysWow64\vpnweb.ocx
2012-07-24 23:49 . 2012-07-24 23:49	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-05 20:06 . 2012-07-26 02:46	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2010-04-17 16:43	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-20 15:24	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-28 20:37 . 2012-06-28 20:37	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2011-07-03 06:23	59837	--sh--w-	c:\windows\dtmn.exe
.
.
(((((((((((((((((((((((((((((   SnapShot_2012-09-05_09.59.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-01 16:53 . 2012-09-08 17:47	75784              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-08 17:47	72682              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-13 14:09 . 2012-09-08 17:47	21332              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2814579153-1674331957-496315902-1001_UserData.bin
- 2009-07-14 04:54 . 2012-09-04 22:56	98304              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-07 19:29	98304              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-08 17:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:13 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:13 . 2012-09-05 10:01	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-08 17:46	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-08 17:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-13 14:13 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:11 . 2012-09-08 17:47	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:11 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:11 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:11 . 2012-09-08 17:47	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-05 09:59 . 2012-09-05 09:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 17:45 . 2012-09-08 17:45	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 17:45 . 2012-09-08 17:45	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-05 09:59 . 2012-09-05 09:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-13 16:54 . 2012-09-07 15:28	431500              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:12 . 2012-09-07 19:29	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-09-04 22:56	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-11-23 23:23 . 2012-09-04 22:56	114688              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-23 23:23 . 2012-09-07 19:29	114688              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-09-05 09:55	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-08 17:44	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-11 20:08 . 2012-09-07 19:29	2031616              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-11 20:08 . 2012-09-04 22:56	2031616              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-01 20:15 . 2012-09-05 22:48	9226712              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-10-01 20:15 . 2012-08-30 19:12	9226712              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-28 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-08-03 107432]
R3 ALSysIO;ALSysIO;c:\users\IMRERU~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E6AF.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 sptd;sptd;c:\windows\\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-28 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - c4654bb66a72af8
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-03-20 96768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.faz.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{594D4122-1F87-41E2-96C7-825FB4796516} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E6AF.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\c4654bb66a72af8]
"ImagePath"="\SystemRoot\System32\Drivers\c4654bb66a72af8.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE82A8B-9492-57EB-6383-AD09A3B48B9D}*]
"haefdjmlebbnceaj"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
"iakdbiejnbblgknbfh"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-08  19:54:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-08 17:54
ComboFix2.txt  2012-09-05 10:08
ComboFix3.txt  2012-09-04 23:34
ComboFix4.txt  2012-07-24 21:36
.
Vor Suchlauf: 20 Verzeichnis(se), 37.372.858.368 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 37.205.291.008 Bytes frei
.
- - End Of File - - 9C1DD14A9FBE144936B17016CDF4F7BD

Larusso · 09.09.2012, 15:04

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die

+ R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

Driver::
c4654bb66a72af8
Rootkit::
C:\Windows\System32\Drivers\c4654bb66a72af8.sys

ClearJavaCache::

FileLook::
C:\Windows\System32\wuaueng.dll
C:\Windows\System32\qmgr.dll

Registry::
[HKEY_Local_Machine\System\CurrentControlSet\Services\Bits]
"Start"=dword:00000002

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

akakesios · 09.09.2012, 15:37

Hallo Daniel

hier das ComboFix Log:

Code:

ATTFilter

ComboFix 12-09-09.02 - *** 09.09.2012  16:11:39.6.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.2445 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_C4654BB66A72AF8
-------\Service_c4654bb66a72af8
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-09 bis 2012-09-09  ))))))))))))))))))))))))))))))
.
.
2012-09-09 14:24 . 2012-09-09 14:24	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-09 14:24 . 2012-09-09 14:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-09 13:18 . 2012-09-09 13:18	--------	d-----w-	c:\users\***\AppData\Roaming\HPAppData
2012-09-04 09:52 . 2012-09-04 09:52	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-09-04 09:47 . 2012-09-04 09:47	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-03 18:38 . 2012-09-03 18:38	--------	d-----w-	C:\AULOGS
2012-09-03 14:10 . 2012-09-03 14:10	--------	d-----w-	c:\program files (x86)\Conduit
2012-09-03 14:10 . 2012-09-03 14:24	--------	d-----w-	c:\users\***\AppData\Local\Conduit
2012-09-03 13:49 . 2012-09-03 13:49	--------	d-----w-	c:\users\***\AppData\Roaming\Softland
2012-09-03 13:49 . 2010-02-05 13:00	1700352	----a-w-	c:\windows\system32\GdiPlus.dll
2012-09-03 13:21 . 2012-09-03 13:21	--------	d-----w-	c:\users\***\AppData\Roaming\Nitro PDF
2012-09-03 13:20 . 2011-02-28 22:37	95008	----a-w-	c:\windows\system32\Primomonnt.dll
2012-09-03 13:20 . 2012-09-03 14:01	--------	d-----w-	c:\users\***\AppData\Roaming\OpenCandy
2012-09-03 10:43 . 2012-08-03 19:38	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-08-30 09:04 . 2012-08-30 09:04	--------	d-----w-	c:\users\***\AppData\Roaming\Engelmann Media
2012-08-30 09:01 . 2012-08-30 09:01	--------	d-----w-	c:\program files (x86)\Common Files\HDX4
2012-08-22 11:46 . 2012-08-22 11:47	--------	d-----w-	c:\users\***\Calibre Bibliothek
2012-08-16 19:38 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-16 19:38 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 09:51 . 2012-04-06 12:13	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 09:51 . 2011-09-25 01:19	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-08-31 07:29	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{909E8FCB-C623-4048-9A8D-7F8DEC109C74}\mpengine.dll
2012-08-17 06:56 . 2010-05-02 14:30	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-03 11:53 . 2012-08-03 11:53	145912	----a-w-	c:\windows\SysWow64\vpnweb.ocx
2012-07-24 23:49 . 2012-07-24 23:49	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-05 20:06 . 2012-07-26 02:46	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2010-04-17 16:43	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-20 15:24	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-28 20:37 . 2012-06-28 20:37	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2011-07-03 06:23	59837	--sh--w-	c:\windows\dtmn.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\System32\qmgr.dll ---
Company: Microsoft Corporation
File Description: Intelligenter Hintergrundübertragungsdienst
File Version: 7.5.7600.16385 (win7_rtm.090713-1255)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: qmgr.dll.mui
File size: 849920
Created time: 2011-06-09 09:31
Modified time: 2010-11-20 13:27
MD5: 1EA7969E3271CBC59E1730697DC74682
SHA1: 1D5E476A9EB21CFBDA60381D8DA3562931FB33C5
.
.
--- c:\windows\System32\wuaueng.dll ---
Company: Microsoft Corporation
File Description: Windows Update-Agent
File Version: 7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1505)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: wuaueng.dll.mui
File size: 2428952
Created time: 2012-06-21 09:15
Modified time: 2012-06-02 22:19
MD5: D9EF901DCA379CFE914E9FA13B73B4C4
SHA1: 64A55A014A2DE34F86F17CFA31C727E270FCD83F
.
.
(((((((((((((((((((((((((((((   SnapShot_2012-09-05_09.59.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-01 16:53 . 2012-09-09 11:01	75784              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-09 14:28	72682              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-13 14:09 . 2012-09-09 14:28	21356              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2814579153-1674331957-496315902-1001_UserData.bin
- 2009-07-14 04:54 . 2012-09-04 22:56	98304              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-09 11:19	98304              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-09 14:27	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:13 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:13 . 2012-09-05 10:01	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-09 14:27	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-09 14:27	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-13 14:13 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:11 . 2012-09-09 14:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:11 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:11 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:11 . 2012-09-09 14:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-05 09:59 . 2012-09-05 09:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-09 14:26 . 2012-09-09 14:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-09 14:26 . 2012-09-09 14:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-05 09:59 . 2012-09-05 09:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-13 16:54 . 2012-09-07 15:28	431500              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:12 . 2012-09-09 11:19	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-09-04 22:56	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-11-23 23:23 . 2012-09-04 22:56	114688              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-23 23:23 . 2012-09-09 11:19	114688              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-09-05 09:55	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-09 14:25	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-11 20:08 . 2012-09-09 11:19	2031616              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-11 20:08 . 2012-09-04 22:56	2031616              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-01 20:15 . 2012-09-05 22:48	9226712              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-10-01 20:15 . 2012-08-30 19:12	9226712              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-28 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-08-03 107432]
R3 ALSysIO;ALSysIO;c:\users\IMRERU~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E6AF.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 sptd;sptd;c:\windows\\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-28 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - C4654BB66A72AF8
*Deregistered* - c4654bb66a72af8
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-03-20 96768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"combofix"="c:\combofix\CF21489.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.faz.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{594D4122-1F87-41E2-96C7-825FB4796516} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E6AF.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\c4654bb66a72af8]
"ImagePath"="\SystemRoot\System32\Drivers\c4654bb66a72af8.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE82A8B-9492-57EB-6383-AD09A3B48B9D}*]
"haefdjmlebbnceaj"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
"iakdbiejnbblgknbfh"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-09  16:35:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-09 14:35
ComboFix2.txt  2012-09-08 17:54
ComboFix3.txt  2012-09-05 10:08
ComboFix4.txt  2012-09-04 23:34
ComboFix5.txt  2012-09-09 14:09
.
Vor Suchlauf: 20 Verzeichnis(se), 36.685.733.888 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 36.998.279.168 Bytes frei
.
- - End Of File - - 3B1E0480BD69FD2110956EAD5CD343DB

Larusso · 09.09.2012, 15:40

Drives me to drink

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

akakesios · 09.09.2012, 16:16

Hallo Daniel,

FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 09-09-2012 17:09:27
Running from H:\
Windows 7 Home Premium   (X64) OS Language: German Standard 
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" [96768 2010-03-20] (IvoSoft)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\***\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-28] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services ====================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-12] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 nlsX86cc; C:\Windows\SysWow64\NlsSrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)

==================== Drivers =================================

1 acedrv07; C:\Windows\System32\Drivers\acedrv07.sys [125440 2011-05-26] ()
2 acedrv11; C:\Windows\System32\Drivers\acedrv11.sys [191616 2010-02-24] (Protect Software GmbH)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
0 c4654bb66a72af8; C:\Windows\System32\Drivers\c4654bb66a72af8.sys [86472 2012-09-03] () ATTENTION =====> Rootkit?
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-28] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 s0016bus; C:\Windows\System32\Drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
3 s0016mdfl; C:\Windows\System32\Drivers\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
3 s0016mdm; C:\Windows\System32\Drivers\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
3 s0016mgmt; C:\Windows\System32\Drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
3 s0016nd5; C:\Windows\System32\Drivers\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
3 s0016obex; C:\Windows\System32\Drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
3 s0016unic; C:\Windows\System32\Drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-04-27] (Duplex Secure Ltd.)
2 tandpl; C:\Windows\SysWow64\Drivers\tandpl.sys [4736 2003-04-18] ()
3 vcd10bus; C:\Windows\System32\Drivers\vcd10bus.sys [40464 2008-06-17] (H+H Software GmbH)
3 ALSysIO; \??\C:\Users\***~1\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 MEMSWEEP2; \??\C:\Windows\system32\E6AF.tmp [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-09 17:09 - 2012-09-09 17:09 - 00000000 ____D C:\FRST
2012-09-09 15:35 - 2012-09-09 15:35 - 00026627 ____A C:\ComboFix.txt
2012-09-09 15:08 - 2012-09-09 15:08 - 04747716 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2012-09-08 18:06 - 2012-09-08 18:06 - 00002874 ____A C:\Users\***\Desktop\FSS.txt
2012-09-08 17:06 - 2012-09-08 17:07 - 00000000 ____D C:\Users\***\Desktop\MiniRegTool64
2012-09-06 22:30 - 2012-09-06 22:30 - 00000195 ____A C:\Users\***\Desktop\Offticket - das Kölner Ticketportal.url
2012-09-05 16:15 - 2012-09-05 16:15 - 00006288 ____A C:\Users\***\Desktop\BITS.reg
2012-09-05 11:52 - 2012-09-05 19:06 - 00001594 ____A C:\Users\***\Desktop\look.txt
2012-09-05 11:13 - 2012-09-05 11:13 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-09-05 11:12 - 2012-09-05 11:12 - 00693235 ____A (Farbar) C:\Users\***\Desktop\FSS.exe
2012-09-05 11:11 - 2012-09-08 17:56 - 04009167 ____A C:\Users\***\Desktop\ServicesRepair.exe
2012-09-05 00:26 - 2012-09-09 15:26 - 00003556 ____A C:\Windows\PFRO.log
2012-09-04 23:16 - 2012-09-04 23:16 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\***\Desktop\tdsskiller.exe
2012-09-04 11:02 - 2012-09-04 11:02 - 00059340 ____A C:\Users\***\Downloads\Aqlt_bVyNaMwq0EkD7G9Hap35rg(1)
2012-09-04 11:01 - 2012-09-04 11:01 - 00059340 ____A C:\Users\***\Downloads\Aqlt_bVyNaMwq0EkD7G9Hap35rg
2012-09-04 10:52 - 2012-09-04 10:52 - 00000000 ____D C:\Users\***\AppData\Local\Macromedia
2012-09-04 10:47 - 2012-09-04 10:47 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-04 10:47 - 2012-09-04 10:47 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2012-09-04 10:47 - 2012-09-04 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-04 10:46 - 2012-09-04 10:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-03 22:05 - 2012-09-09 15:59 - 00008512 ____A C:\Windows\setupact.log
2012-09-03 22:05 - 2012-09-09 15:41 - 00006467 ____A C:\Windows\WindowsUpdate.log
2012-09-03 22:05 - 2012-09-03 22:05 - 00000000 ____A C:\Windows\setuperr.log
2012-09-03 21:52 - 2012-09-03 21:52 - 00000000 ____D C:\Users\***\Desktop\OTL
2012-09-03 20:26 - 2012-09-03 20:26 - 00599040 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2012-09-03 20:25 - 2012-09-03 20:25 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2012-09-03 19:51 - 2012-08-03 03:46 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-09-03 19:38 - 2012-09-03 19:38 - 00000130 ____A C:\Descriptors.txt
2012-09-03 15:10 - 2012-09-03 15:24 - 00000000 ____D C:\Users\***\AppData\Local\Conduit
2012-09-03 15:10 - 2012-09-03 15:10 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-09-03 14:49 - 2012-09-03 14:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Softland
2012-09-03 14:49 - 2010-11-25 11:17 - 00007549 ____A C:\Windows\System32\dopdf7.ctm
2012-09-03 14:49 - 2010-02-05 14:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2012-09-03 14:21 - 2012-09-03 14:21 - 00000000 ____D C:\Users\***\AppData\Roaming\Nitro PDF
2012-09-03 14:20 - 2012-09-03 15:01 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenCandy
2012-09-03 14:20 - 2011-02-28 23:37 - 00095008 ____A C:\Windows\System32\Primomonnt.dll
2012-09-03 11:43 - 2012-08-03 20:38 - 00107432 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock64.sys
2012-09-03 04:39 - 2012-07-24 22:30 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.ac
2012-09-03 03:48 - 2012-09-03 03:48 - 00086472 ____A C:\Windows\System32\Drivers\c4654bb66a72af8.sys
2012-09-03 00:16 - 2012-03-03 09:54 - 00000000 ____D C:\Users\***\Desktop\Bettina Stackelberg - Selbstbewußtsein - Das Trainingsbuch
2012-09-02 09:27 - 2012-09-03 21:45 - 00000000 ____D C:\Users\***\Desktop\jacke
2012-08-30 10:04 - 2012-08-30 10:04 - 00000000 ____D C:\Users\***\AppData\Roaming\Engelmann Media
2012-08-22 12:46 - 2012-08-22 12:47 - 00000000 ____D C:\Users\***\Calibre Bibliothek
2012-08-16 20:38 - 2012-07-18 19:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-16 20:38 - 2012-05-14 06:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 15:59 - 2012-08-14 15:59 - 00272409 ____A C:\Windows\SysWOW64\TmpA68033674

==================== 3 Months Modified Files ================================

2012-09-09 15:59 - 2012-09-03 22:05 - 00008512 ____A C:\Windows\setupact.log
2012-09-09 15:59 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-09 15:41 - 2012-09-03 22:05 - 00006467 ____A C:\Windows\WindowsUpdate.log
2012-09-09 15:38 - 2009-07-14 05:45 - 00026192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-09 15:38 - 2009-07-14 05:45 - 00026192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-09 15:35 - 2012-09-09 15:35 - 00026627 ____A C:\ComboFix.txt
2012-09-09 15:26 - 2012-09-05 00:26 - 00003556 ____A C:\Windows\PFRO.log
2012-09-09 15:26 - 2012-07-13 10:05 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-09 15:26 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-09-09 15:25 - 2009-07-14 03:34 - 85721088 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-09-09 15:25 - 2009-07-14 03:34 - 31719424 ____A C:\Windows\System32\config\SYSTEM.bak
2012-09-09 15:25 - 2009-07-14 03:34 - 00483328 ____A C:\Windows\System32\config\DEFAULT.bak
2012-09-09 15:25 - 2009-07-14 03:34 - 00098304 ____A C:\Windows\System32\config\SAM.bak
2012-09-09 15:25 - 2009-07-14 03:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-09-09 15:10 - 2012-07-13 10:05 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-09 15:08 - 2012-09-09 15:08 - 04747716 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2012-09-08 18:06 - 2012-09-08 18:06 - 00002874 ____A C:\Users\***\Desktop\FSS.txt
2012-09-08 17:56 - 2012-09-05 11:11 - 04009167 ____A C:\Users\***\Desktop\ServicesRepair.exe
2012-09-06 22:30 - 2012-09-06 22:30 - 00000195 ____A C:\Users\***\Desktop\Offticket - das Kölner Ticketportal.url
2012-09-05 19:06 - 2012-09-05 11:52 - 00001594 ____A C:\Users\***\Desktop\look.txt
2012-09-05 16:15 - 2012-09-05 16:15 - 00006288 ____A C:\Users\***\Desktop\BITS.reg
2012-09-05 11:12 - 2012-09-05 11:12 - 00693235 ____A (Farbar) C:\Users\***\Desktop\FSS.exe
2012-09-05 00:06 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-04 23:16 - 2012-09-04 23:16 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\***\Desktop\tdsskiller.exe
2012-09-04 11:02 - 2012-09-04 11:02 - 00059340 ____A C:\Users\***\Downloads\Aqlt_bVyNaMwq0EkD7G9Hap35rg(1)
2012-09-04 11:01 - 2012-09-04 11:01 - 00059340 ____A C:\Users\***\Downloads\Aqlt_bVyNaMwq0EkD7G9Hap35rg
2012-09-04 10:51 - 2012-04-06 13:13 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-04 10:51 - 2011-09-25 02:19 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-04 10:47 - 2012-09-04 10:47 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-03 22:05 - 2012-09-03 22:05 - 00000000 ____A C:\Windows\setuperr.log
2012-09-03 20:26 - 2012-09-03 20:26 - 00599040 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2012-09-03 20:25 - 2012-09-03 20:25 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2012-09-03 19:38 - 2012-09-03 19:38 - 00000130 ____A C:\Descriptors.txt
2012-09-03 03:48 - 2012-09-03 03:48 - 00086472 ____A C:\Windows\System32\Drivers\c4654bb66a72af8.sys
2012-09-01 10:57 - 2009-10-02 03:40 - 00716532 ____A C:\Windows\System32\perfh007.dat
2012-09-01 10:57 - 2009-10-02 03:40 - 00157184 ____A C:\Windows\System32\perfc007.dat
2012-09-01 10:57 - 2009-07-14 06:13 - 01666628 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-30 07:49 - 2009-07-14 05:45 - 04992784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-17 07:56 - 2010-05-02 15:30 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 15:59 - 2012-08-14 15:59 - 00272409 ____A C:\Windows\SysWOW64\TmpA68033674
2012-08-03 20:38 - 2012-09-03 11:43 - 00107432 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock64.sys
2012-08-03 12:53 - 2012-08-03 12:53 - 00145912 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnweb.ocx
2012-08-03 03:46 - 2012-09-03 19:51 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-26 03:45 - 2012-07-26 03:46 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-26 03:45 - 2012-07-26 03:46 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-26 03:45 - 2012-07-26 03:46 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-25 00:49 - 2012-07-25 00:49 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-07-24 22:30 - 2012-09-03 04:39 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.ac
2012-07-18 19:15 - 2012-08-16 20:38 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 17:11 - 2012-07-13 17:11 - 00001803 ____A C:\AdwCleaner[S1].txt
2012-07-13 15:50 - 2012-07-13 15:50 - 00001962 ____A C:\AdwCleaner[R1].txt
2012-07-12 02:23 - 2010-04-13 15:12 - 00000498 ____A C:\Users\***\Downloads\Desktop.lnk
2012-07-11 16:06 - 2012-03-20 16:20 - 00000208 ____A C:\Users\***\defogger_reenable
2012-07-05 21:06 - 2012-07-26 03:46 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 21:06 - 2010-04-17 17:43 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-05 19:28 - 2012-07-05 02:16 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz
2012-07-05 19:28 - 2012-07-05 02:16 - 00000087 ____A C:\Windows\SysWOW64\ssprs.tgz
2012-07-05 03:03 - 2010-04-20 18:40 - 00000032 ____A C:\Windows\SysWOW64\w3data.vss
2012-07-05 03:03 - 2010-04-20 18:40 - 00000032 ____A C:\Windows\msocreg32.dat
2012-07-05 02:54 - 2012-07-05 02:54 - 00000005 ____A C:\Windows\oobbfdce.ini
2012-07-05 02:53 - 2012-07-05 02:53 - 00000005 ____A C:\Windows\oobbfdko.ini
2012-07-05 02:53 - 2012-07-05 02:53 - 00000005 ____A C:\Windows\oobbfdih.ini
2012-07-05 02:52 - 2012-07-05 02:52 - 00000005 ____A C:\Windows\oobbfdpe.ini
2012-07-05 02:52 - 2012-07-05 02:52 - 00000005 ____A C:\Windows\oobbfdmk.ini
2012-07-05 02:52 - 2012-07-05 02:52 - 00000005 ____A C:\Windows\oobbfdhj.ini
2012-07-05 02:52 - 2012-07-05 02:52 - 00000005 ____A C:\Windows\oobbfdfg.ini
2012-07-05 02:52 - 2012-07-05 02:52 - 00000005 ____A C:\Windows\oobbfdai.ini
2012-07-05 02:40 - 2010-04-13 15:12 - 00117576 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-05 02:16 - 2012-07-05 02:16 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.tgz
2012-07-05 02:16 - 2012-07-05 02:16 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.dll
2012-07-05 02:16 - 2012-07-05 02:16 - 00001025 ____A C:\Windows\SysWOW64\clauth2.dll
2012-07-05 02:16 - 2012-07-05 02:16 - 00001025 ____A C:\Windows\SysWOW64\clauth1.dll
2012-07-05 01:32 - 2012-07-05 01:32 - 00000099 ____A C:\Users\***\AppData\Local\fusioncache.dat
2012-07-05 01:31 - 2010-06-02 16:27 - 01694124 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-03 12:46 - 2012-03-20 16:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 21:37 - 2012-06-28 21:37 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-22 01:51 - 2012-06-21 16:25 - 00328623 ____A C:\Users\***\Desktop\Zitationsstil.ccs


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-09-07 17:14:26
Restore point made on: 2012-09-09 15:10:12

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4092.2 MB
Available physical RAM: 3435.66 MB
Total Pagefile: 4090.35 MB
Available Pagefile: 3437.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:284.56 GB) (Free:34.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.23 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:3.67 GB) (Free:2.6 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          298 GB      0 B         
  Datentr„ger 1    Online         3768 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             199 MB  1024 KB
  Partition 2    Prim„r             284 GB   200 MB
  Partition 3    Prim„r              13 GB   284 GB
  Partition 4    Prim„r             103 MB   297 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Fehlerfre          

==================================================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    284 GB  Fehlerfre          

==================================================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   RECOVERY     NTFS   Partition     13 GB  Fehlerfre          

==================================================================================

Disk: 0
Partition 4
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   HP_TOOLS     FAT32  Partition    103 MB  Fehlerfre          

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            3764 MB  4096 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 0B
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                FAT32  Wechselmed  3764 MB  Fehlerfre          

==================================================================================

Last Boot: 2012-09-05 23:43

==================== End Of Log =============================

Larusso · 09.09.2012, 18:18

Haben wir das Ding.
Aber ich möchte Sichergehen.

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CMD: Copy C:\Windows\System32\Drivers\c4654bb66a72af8.sys "%userprofile%\Desktop\c4654bb66a72af8.sys.vir"

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.
Code:
ATTFilter
```
"%userprofile%\Desktop\c4654bb66a72af8.sys.vir"
         
```
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

akakesios · 09.09.2012, 19:48

Hallo Daniel,

hier ist die Fixlog Datei:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-09 20:39:47 Run:1
Running from H:\

==============================================


=========  Copy C:\Windows\System32\Drivers\c4654bb66a72af8.sys "%userprofile%\Desktop\c4654bb66a72af8.sys.vir" =========

Das System kann den angegebenen Pfad nicht finden.
        0 Datei(en) kopiert.

========= End of CMD: =========


==== End of Fixlog ====

Unter Virustotal konnte leider auch nichts gefunden werden...

05.09.2012, 19:13	#16
Larusso /// Selecta Jahrusso	"Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar Hy, Ich muss mir da was überlegen, muss jetzt aber in die Arbeit __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

07.09.2012, 12:52	#17
Larusso /// Selecta Jahrusso	"Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar Hy. Drücke bitte die Windows Taste und gib cmd ein. Rechtsklick auf die cmd.exe und wähle "Als Admin ausführen" In das schwarze Fenster gib bitte folgendes ein und drücke [Enter] sc start wuauserv Sag mir mal, ob da eine Fehlermeldung kommt. __________________ __________________

"Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar

Plagegeister aller Art und deren Bekämpfung: "Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar