Advanced System Protector entfernen

ComboFix 12-11-25.01 - Karin 25.11.2012  15:50:27.7.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.1014.328 [GMT 1:00]
ausgeführt von:: c:\users\Karin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Karin\Desktop\CFScript.txt
.
file zipped: c:\windows\system32\roboot.exe
file zipped: c:\windows\system32\sasnative32.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Advanced System Protector
c:\program files\Advanced System Protector\AdvancedSystemProtector.exe
c:\program files\Advanced System Protector\AdvancedSystemProtector.exe.config
c:\program files\Advanced System Protector\AppResource.dll
c:\program files\Advanced System Protector\asp.ico
c:\program files\Advanced System Protector\AspManager.exe
c:\program files\Advanced System Protector\aspsys.dll
c:\program files\Advanced System Protector\categories.ini
c:\program files\Advanced System Protector\Chinese_asp_ZH-CN.ini
c:\program files\Advanced System Protector\clamunpack\clamscan.exe
c:\program files\Advanced System Protector\clamunpack\libclamav.dll
c:\program files\Advanced System Protector\clamunpack\readme.txt
c:\program files\Advanced System Protector\Communication.dll
c:\program files\Advanced System Protector\danish_asp_DA.ini
c:\program files\Advanced System Protector\dutch_asp_NL.ini
c:\program files\Advanced System Protector\eng_asp_en.ini
c:\program files\Advanced System Protector\filetypehelper.exe
c:\program files\Advanced System Protector\Finnish_asp_FI.ini
c:\program files\Advanced System Protector\french_asp_FR.ini
c:\program files\Advanced System Protector\german_asp_DE.ini
c:\program files\Advanced System Protector\Interop.IWshRuntimeLibrary.dll
c:\program files\Advanced System Protector\italian_asp_IT.ini
c:\program files\Advanced System Protector\japanese_asp_JA.ini
c:\program files\Advanced System Protector\loading_withWhiteBG.avi
c:\program files\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL
c:\program files\Advanced System Protector\norwegian_asp_NO.ini
c:\program files\Advanced System Protector\portuguese_asp_PT-BR.ini
c:\program files\Advanced System Protector\russian_asp_ru.ini
c:\program files\Advanced System Protector\scandll.dll
c:\program files\Advanced System Protector\spanish_asp_ES.ini
c:\program files\Advanced System Protector\swedish_asp_SV.ini
c:\program files\Advanced System Protector\System.Core.dll
c:\program files\Advanced System Protector\System.Data.SQLite.dll
c:\program files\Advanced System Protector\Troubleshooter\asp-fixer.com
c:\program files\Advanced System Protector\Troubleshooter\asp-fixer.exe
c:\program files\Advanced System Protector\Troubleshooter\asp-fixer.pif
c:\program files\Advanced System Protector\Troubleshooter\asp-fixer.scr
c:\program files\Advanced System Protector\Troubleshooter\ASP-Troubleshooter.chm
c:\program files\Advanced System Protector\Troubleshooter\firefox.com
c:\program files\Advanced System Protector\Troubleshooter\iexplore.exe
c:\program files\Advanced System Protector\Troubleshooter\iexplore.lnk
c:\program files\Advanced System Protector\unins000.dat
c:\program files\Advanced System Protector\unins000.exe
c:\program files\Advanced System Protector\unins000.msg
c:\program files\Advanced System Protector\unrar.dll
c:\program files\Advanced System Protector\Xceed.Compression.dll
c:\program files\Advanced System Protector\Xceed.Compression.Formats.dll
c:\program files\Advanced System Protector\Xceed.FileSystem.dll
c:\program files\Advanced System Protector\Xceed.Zip.dll
c:\programdata\Systweak
c:\programdata\Systweak\Advanced System Protector\AddonSafelist
c:\programdata\Systweak\Advanced System Protector\log.xslt
c:\programdata\Systweak\Advanced System Protector\signatures\completedatabase.db
c:\programdata\Systweak\Advanced System Protector\signatures\Cookies.bin
c:\programdata\Systweak\Advanced System Protector\signatures\DigSign.bin
c:\programdata\Systweak\Advanced System Protector\signatures\FilePaths.bin
c:\programdata\Systweak\Advanced System Protector\signatures\FileSignature.bin
c:\programdata\Systweak\Advanced System Protector\signatures\Folders.bin
c:\programdata\Systweak\Advanced System Protector\signatures\Md5.bin
c:\programdata\Systweak\Advanced System Protector\signatures\Registry.bin
c:\programdata\Systweak\Advanced System Protector\signatures\SetupSign.bin
c:\programdata\Systweak\Advanced System Protector\signatures\StrSetupSign.bin
c:\programdata\Systweak\Advanced System Protector\updates\1131mupdate.zip
c:\programdata\Systweak\Advanced System Protector\updates\1132update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1133update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1134update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1135update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1136update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1137update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1138update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1139update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1140update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1141update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1142update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1143update.zip
c:\programdata\Systweak\Advanced System Protector\updates\1144update.zip
c:\programdata\Systweak\Advanced System Protector\updates\914completedatabase.zip
c:\users\Karin\AppData\Roaming\Systweak
c:\users\Karin\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10225\ASPLog.txt
c:\users\Karin\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_12-11-12_03-13-53.xml
c:\users\Karin\AppData\Roaming\Systweak\Advanced System Protector\Logs\SMLog.xml
c:\users\Karin\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db
c:\users\Karin\AppData\Roaming\Systweak\Advanced System Protector\Settings.db
c:\users\Karin\AppData\Roaming\Systweak\Advanced System Protector\Update.ini
c:\windows\system32\roboot.exe
c:\windows\system32\sasnative32.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-25 bis 2012-11-25  ))))))))))))))))))))))))))))))
.
.
2012-11-25 14:57 . 2012-11-25 15:01	--------	d-----w-	c:\users\Karin\AppData\Local\temp
2012-11-25 14:57 . 2012-11-25 14:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-24 10:55 . 2007-04-26 00:54	192512	----a-w-	c:\windows\system32\igfxres.dll
2012-11-21 11:23 . 2012-11-21 11:23	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 11:23 . 2012-11-21 11:23	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-21 09:51 . 2012-11-21 09:51	--------	d-----w-	c:\users\Karin\AppData\Roaming\Malwarebytes
2012-11-21 09:50 . 2012-11-21 09:50	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-21 09:04 . 2012-11-21 09:05	--------	d-----w-	C:\8250e52f1d499fcea2b595
2012-11-20 13:03 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8293122-DCAF-41ED-BFFD-A93DF88D7EB1}\mpengine.dll
2012-11-12 15:18 . 2012-11-12 15:18	--------	d-----w-	c:\programdata\AVS4YOU
2012-11-12 15:18 . 2012-11-12 15:18	--------	d-----w-	c:\users\Karin\AppData\Roaming\AVS4YOU
2012-11-12 15:16 . 2012-11-20 21:49	--------	d-----w-	c:\program files\Common Files\AVSMedia
2012-11-12 15:15 . 2012-04-20 11:09	1700352	----a-w-	c:\windows\system32\GdiPlus.dll
2012-11-12 15:15 . 2012-11-20 21:50	--------	d-----w-	c:\program files\AVS4YOU
2012-11-12 15:15 . 2012-04-20 11:08	24576	----a-w-	c:\windows\system32\msxml3a.dll
2012-11-12 14:09 . 2012-11-12 14:09	--------	d--h--w-	c:\programdata\Common Files
2012-11-12 14:08 . 2012-11-12 14:20	--------	d-----w-	c:\users\Karin\AppData\Roaming\PDF Software
2012-11-12 14:08 . 2012-11-12 14:19	--------	d-----w-	c:\program files\Common Files\Soda PDF 5
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 09:59 . 2012-06-08 09:38	43608	----a-w-	c:\windows\system32\drivers\kltdi.sys
2012-09-19 16:06 . 2012-07-25 12:53	25944	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-09-19 16:06 . 2012-05-25 17:38	25944	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-08-04 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-26 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-26 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-26 133912]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-16 356376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 11:23]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 08:05]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 08:05]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488933513-3408225345-1180953356-1000Core.job
- c:\users\Karin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:44]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488933513-3408225345-1180953356-1000UA.job
- c:\users\Karin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:44]
.
2012-11-24 c:\windows\Tasks\User_Feed_Synchronization-{264932C7-3D20-403D-B0FD-8D617F4F58D6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
TCP: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5392)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-25  16:05:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-25 15:05
ComboFix2.txt  2012-11-25 14:21
ComboFix3.txt  2012-11-25 13:12
ComboFix4.txt  2012-11-25 12:29
ComboFix5.txt  2012-11-25 14:47
.
Vor Suchlauf: 8 Verzeichnis(se), 108.368.687.104 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 108.345.339.904 Bytes frei
.
- - End Of File - - 67958F1D626B03D42C04B67914758344
Hochladen war erfolgreich