| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.07.2013, 02:11
| #1 |
 |  found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Hi an alle, sorry, wenn ich einfach zur Sache komme, statt mich erstmal vorzustellen. Beim Aufräumen der Festplatte meines "kleinen" Rechners (asus 1005 PX, Win7 starter) fand ich vor ca 4 Tagen ein paar txt-Dateien, die dem Anschein nach logs eines Einbruchs in den Rechner darstellen. Daraufhin habe ich eine ganze Reihe verschiedener Scans durchgeführt (Defender, Agnitum, Avira, HijackThis, Malwarebytes, Rootkit Revealer, Rootkit Buster, RU Botted, OTL, gmer, ein Tool von Microsoft, und ein paar mehr// alles auch nochmal im abgesicherten Modus), die mir alle nichts unbekanntes anzeigten. Naja, ein paar Kleinigkeiten hat man auch immer mal in Quarantäne und irgendwo liegt auch noch ein Dummy, um die eigenen Scanner zu testen. Da die logs schon etwas älter sind mache ich mir wenig Sorgen, daß sich besonders schnell irgendwas ändert, zumal sich im text genannte Dateien/Folder teils nicht finden lassen, teils wohl zum System gehören. Die Dateien heißen: dd_vcredistMSI4C60.txt dd_vcredistMSI47C1.txt dd_vcredistUI4C60.txt dd_vcredistUI47C1.txt ich habe noch keine Ahnung, wie man hier uploadet, und gerade die beiden erstgenannten sind etwas größer (373/374 KB) und ich kann sie nicht einfach als quote posten. Geändert von lydia_eule (17.07.2013 um 02:12 Uhr) Grund: Begrüßung hinzugefügt |
|
17.07.2013, 02:14
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Hallo und
__________________ Zitat:
Man wachst doch nicht einfach so auf und durchsucht den Rechner nach TXT-Dateien  Selbst wenn, welcher schlaue Einbrecher würde solch offentsichtliche Spuren hinterlassen? Zitat:
__________________ |
|
17.07.2013, 02:40
| #3 |
| | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Öhm, sorry, aber ich wache schonmal auf und denke mir, na gucken wir mal, ob sich die temporären Dateien mal wieder bis an die Decke stapeln, gucken wir mal in ein paar rein und misten gründlich aus.
__________________Das mag ja seltsam sein, aber ich selbst bin auch seltsam, warum also nicht auch einige meiner habits  Was mich an den logs halt etwas stutzig machte sind reihenweise Manipulationen der Policies. Grüße, die eule |
|
17.07.2013, 02:57
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?Zitat:
 Du gehst dann JEDE temp Datei durch um auf Einbruchspuren zu prüfen oder wie?  Gehst du jedem Fitzel Müll in deiner Mülltonne auch erst nochmal durch bevor die Tonne von der Abfuhr abgeholt wird?  Zitat:
Wo sind die Logs der bisher ausgeführten Tools, Funde waren ja dabei!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2013, 03:36
| #5 | |
| | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? also erstmal vielen Dank für die prompte Bearbeitung. Ich schnuffel einfach ab und zu mal ganz gerne in log-Dateien rum, um zu sehen, was der Compi so macht, wenn ich nicht hinschaue . Ein eigentlich harmloses Hobby, finde ich.  zu den "policies" hier ein Ausschnitt: Zitat:
naja, hier erstmal das OTL-log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/16/2013 4:12:04 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asl\Downloads\ipcop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.32% Memory free 3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 14.63 Gb Free Space | 14.63% Space Free | Partition Type: NTFS Drive F: | 29.71 Gb Total Space | 5.99 Gb Free Space | 20.18% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 318.24 Gb Free Space | 34.16% Space Free | Partition Type: NTFS Computer Name: NODE0009 | User Name: asl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/16 04:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asl\Downloads\ipcop\OTL.exe PRC - [2013/07/16 01:59:42 | 085,270,800 | ---- | M] (Microsoft Corporation) -- C:\Users\asl\AppData\Local\Opera\Opera\temporary_downloads\msert.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/15 22:32:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/21 19:43:19 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2013/05/24 16:52:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/24 16:49:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/02/14 01:36:03 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll MOD - [2013/01/09 06:24:21 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/01/09 00:12:35 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013/01/09 00:12:32 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013/01/09 00:12:28 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013/01/09 00:09:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/09 00:07:04 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/09 00:06:35 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/09 00:05:32 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011/03/23 00:32:49 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/11/13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/10/24 22:26:24 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.21078__0d0f4b69e50e559b\SqliteShared.dll MOD - [2010/09/02 13:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/03/02 04:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.PropSheetExtensionHelper.dll MOD - [2009/03/02 04:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\LogicNP.PropSheetExtensionHelper.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe -- (MVRBXYMUKTY) SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\FTAAG.exe -- (FTAAG) SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\AVANQU~1\Fix-It\MxTask.exe -- (Fix-It Task Manager) SRV - File not found [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\BV.exe -- (BV) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe -- (AQFileRestoreSrv) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService) SRV - [2013/07/12 20:30:46 | 000,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\asl\AppData\Local\Temp\VHDWQBLKZ.exe -- (VHDWQBLKZ) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/14 04:13:01 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/23 23:54:31 | 000,379,776 | ---- | M] (Sysinternals - www.sysinternals.com) [Disabled | Stopped] -- C:\Users\asl\AppData\Local\Temp\QKHKZJ.exe -- (QKHKZJ) SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/02/07 15:23:00 | 002,072,592 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe -- (acssrv) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006/05/24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [On_Demand | Stopped] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tunnel.sys -- (tunnel) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS -- (PORTMON) DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Ca1528av.sys -- (Ca1528av) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Bulk1528.sys -- (Bulk1528) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/01/13 13:48:32 | 000,017,944 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\AQFileRestore.sys -- (AQFileRestore) DRV - [2011/12/03 14:46:29 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrufosAlt.sys -- (TrufosAlt) DRV - [2011/10/05 10:54:44 | 000,564,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/06/27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/02/02 17:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT) DRV - [2011/02/02 16:52:40 | 000,710,824 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox) DRV - [2011/02/02 16:51:36 | 000,036,288 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt) DRV - [2011/02/02 16:51:26 | 000,072,352 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt) DRV - [2010/12/07 04:12:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/11/21 19:43:19 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/09/27 16:37:40 | 000,328,296 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore) DRV - [2010/07/01 12:10:00 | 000,188,392 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2010/07/01 12:10:00 | 000,032,872 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/20 16:01:46 | 000,034,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw) DRV - [2010/04/13 04:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2010/01/15 22:20:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009/08/05 11:25:52 | 000,016,024 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\inidvd.sys -- (INIDVD) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008/10/27 15:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/11/08 11:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007/07/27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007/07/27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007/04/13 20:24:04 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006/09/27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini) DRV - [2006/08/02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan) DRV - [2004/07/26 15:36:08 | 000,316,192 | R--- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/11/26 17:15:20 | 000,000,000 | ---D | M] [2013/07/02 21:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asl\AppData\Roaming\mozilla\Extensions [2013/03/21 16:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asl\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.) O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1223D3DB-A5CA-48EF-A348-62068B6261CC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F66DFF8B-0C17-4FAD-ABEE-695A8CAEA52E}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ea27e782-35f0-11e1-b61f-20cf303d6b5d}\Shell - "" = AutoRun O33 - MountPoints2\{ea27e782-35f0-11e1-b61f-20cf303d6b5d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{f4ab93d9-04d6-11e0-b056-20cf303d6b5d}\Shell - "" = AutoRun O33 - MountPoints2\{f4ab93d9-04d6-11e0-b056-20cf303d6b5d}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/14 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Malwarebytes [2013/07/14 21:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/14 21:10:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/07/12 17:48:17 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution [2013/07/11 14:33:21 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT [2013/07/06 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\asl\AppData\Roaming\Avanquest [2013/07/05 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2013/07/05 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\asl\Documents\Freemake [2013/06/24 17:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monjas Breakout [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/16 00:26:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/16 00:26:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/15 23:23:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/07/15 23:23:00 | 1602,867,200 | -HS- | M] () -- C:\hiberfil.sys [2013/07/15 23:14:49 | 000,065,992 | ---- | M] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf [2013/07/15 01:05:22 | 000,684,248 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/07/15 01:05:22 | 000,625,430 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/07/15 01:05:22 | 000,139,718 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/07/15 01:05:22 | 000,115,168 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/07/14 19:33:59 | 000,000,919 | ---- | M] () -- C:\Users\asl\Desktop\MySyncFolder.lnk [2013/07/14 15:11:12 | 208,541,524 | ---- | M] () -- C:\Users\asl\regbckup.2013.07.14.reg [2013/07/06 03:01:51 | 207,852,946 | ---- | M] () -- C:\Users\asl\reg-bckup.05.07.2013.reg [2013/06/27 03:41:35 | 000,015,872 | ---- | M] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/26 17:05:27 | 330,030,432 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/06/26 15:29:52 | 000,000,216 | ---- | M] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/15 23:14:49 | 000,065,992 | ---- | C] () -- C:\Users\asl\Desktop\System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008.pdf [2013/07/14 15:08:12 | 208,541,524 | ---- | C] () -- C:\Users\asl\regbckup.2013.07.14.reg [2013/07/06 03:00:41 | 207,852,946 | ---- | C] () -- C:\Users\asl\reg-bckup.05.07.2013.reg [2013/07/05 23:44:33 | 000,001,984 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.inf [2013/07/05 23:44:26 | 000,017,944 | ---- | C] () -- C:\windows\System32\drivers\AQFileRestore.sys [2013/06/26 17:05:27 | 330,030,432 | ---- | C] () -- C:\windows\MEMORY.DMP [2013/06/26 15:29:56 | 000,000,216 | ---- | C] () -- C:\windows\System32\TrueCrypt System Favorite Volumes.xml [2013/02/17 18:43:33 | 000,000,756 | ---- | C] () -- C:\Users\asl\.recently-used.xbel [2013/01/31 17:09:00 | 000,014,115 | ---- | C] () -- C:\windows\twspmm.ini [2012/12/12 04:53:17 | 000,001,776 | ---- | C] () -- C:\windows\Sandboxie.ini [2012/01/03 03:40:12 | 000,000,867 | ---- | C] () -- C:\Users\asl\RPSTD2010.lic [2012/01/03 03:39:59 | 000,000,019 | ---- | C] () -- C:\Users\asl\rp.ini [2011/12/10 21:26:45 | 000,000,926 | ---- | C] () -- C:\windows\ARPR.INI [2011/11/15 20:26:07 | 000,084,616 | ---- | C] () -- C:\windows\StkUnist.exe [2011/10/26 06:04:54 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2011/09/23 02:44:26 | 000,000,649 | ---- | C] () -- C:\Users\asl\asl - Verknüpfung.lnk [2011/09/10 08:31:31 | 000,044,398 | ---- | C] () -- C:\Users\asl\Nokia 6700 classic (1).pdf [2011/09/09 02:03:05 | 000,310,550 | ---- | C] () -- C:\Users\asl\metalldetector.jpg [2011/03/24 03:20:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/11/21 22:20:07 | 001,835,008 | ---- | C] () -- C:\Users\asl\truecryptrescue.iso [2010/10/23 14:37:50 | 000,015,872 | ---- | C] () -- C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/18 20:36:39 | 000,007,610 | ---- | C] () -- C:\Users\asl\AppData\Local\Resmon.ResmonCfg [2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/02/14 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Advanced Chemistry Development [2011/02/16 23:57:26 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Agnitum [2011/01/08 06:45:09 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\AnvSoft [2010/11/13 12:52:07 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Asus [2013/07/14 19:33:58 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ASUS WebStorage [2013/05/08 02:43:03 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Audacity [2013/07/06 01:28:18 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Avanquest [2011/09/28 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\calibre [2011/02/25 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Canon [2012/09/10 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\CasaPortale.de [2011/10/15 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\CCS64 [2010/10/30 09:44:10 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Clonk [2011/01/08 06:38:01 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Cuttermaran [2010/12/07 06:12:32 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\DAEMON Tools Lite [2011/01/15 12:41:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Echo Software [2010/12/21 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\freac [2011/09/20 09:09:46 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\GetRightToGo [2012/11/30 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\GoBoingo [2011/11/16 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\gtk-2.0 [2011/10/23 09:44:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ibf [2010/12/12 13:29:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ImgBurn [2011/11/30 04:59:07 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\IrfanView [2013/07/08 14:29:09 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\JonDo [2010/11/08 14:24:20 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Leadertech [2011/09/13 04:58:00 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Nokia [2011/03/05 22:28:34 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\OpenOffice.org [2012/02/05 02:50:57 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Opera [2011/09/13 04:57:59 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\PC Suite [2011/09/18 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\PeaZip [2013/07/05 18:45:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Philipp Winterberg [2010/12/06 01:11:42 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ProtectDisc [2012/01/26 22:19:47 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ScreeNet iSaver [2012/02/21 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\ScummVM [2013/03/20 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\SoftGrid Client [2011/02/12 08:16:21 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\temp [2013/06/26 15:30:03 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\TrueCrypt [2011/11/15 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\asl\AppData\Roaming\Ulead Systems [2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage [2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AB689DEA < End of report > hmm, ist etwas lang geworden, sorry. |
|
17.07.2013, 03:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Was ist denn mit anderen Logs wie zB Malwarebytes und anderen Scannern, gab es da keine Funde oder doch?
__________________ --> found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? |
|
17.07.2013, 04:21
| #7 | ||
| | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? So, also Nachtrag zu OTL. Die "extras.txt" hatte ich nicht gleich zugeordnet. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/16/2013 4:12:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asl\Downloads\ipcop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.32% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 14.63 Gb Free Space | 14.63% Space Free | Partition Type: NTFS
Drive F: | 29.71 Gb Total Space | 5.99 Gb Free Space | 20.18% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 318.24 Gb Free Space | 34.16% Space Free | Partition Type: NTFS
Computer Name: NODE0009 | User Name: asl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A33356-0587-4D74-BB22-21E576014920}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BEF8CB8-8CA4-43B1-9668-7C72158545D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C5CA9D8-57EA-415E-AEF3-C949BF5B3572}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4931F79B-55AA-401C-99A4-0412BD6ABD68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5202E24D-848F-43F0-8534-912DD3048FC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{677A1AEC-6325-4CC8-B75B-6F510402B953}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C05E1E0C-1460-433A-AFE5-DC3F66D192FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C1FC242C-FD0B-4D86-A4DD-86DEA92B063B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA620C21-2E83-4CD7-A21C-21E6E1701AC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2C28083-BEC5-4255-811A-7718186C8963}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEB03C-4171-4F5F-9C96-552482B12166}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{3B3BE582-6596-4219-B587-0C0B7F6FAC53}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5F253DE5-76CE-4684-AD2B-F28F1C14812F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73F45AA2-31FE-4EAE-9056-594B82D51BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7F3DF2D-1052-42DD-81FA-FEBEEA286D92}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C228351A-4DEE-4469-A243-1EB415E744F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D711E0A2-4CCB-4AFE-AD14-B79BF3E7FA3D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E085D794-D6CC-447A-BF71-48641FDE671C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E2A938A9-D73C-45F1-8F8F-A914F4AA8B0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{66E77097-82E9-4227-B119-904CEA528BD2}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{57855919-A915-4646-BCCD-8653190AC344}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CB5027-1915-4830-909C-C6E69AA6ECFE}" = Monjas Breakout
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1B66191A-B8CD-4F53-AB9B-0B4AAE2235BA}" = calibre
"{1BAE5C85-A6D3-430C-842B-EAA27AC0C2E8}" = ArcSoft TotalMedia 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021F0}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BD90AED-0FF2-4A69-B84D-DC0679991FB7}" = Evince 2.30.3
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.8
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVR Studio 4
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Conceptronic CTVDIGUSB2 Device Utilities
"{DF1B8AA2-3231-498F-8136-2171D1FD1A65}" = ArcSoft WebCam Companion 2
"{E5026CE8-B6E0-46CB-A63C-040B920C8611}" = inSSIDer 2.0
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agnitum Outpost Security Suite Free_is1" = Outpost Security Suite 7.1
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Bridge Builder" = Bridge Builder
"Bug Brain" = Bug Brain
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"ChemToolBox_is1" = ChemToolBox version 1.1.0
"Clonk Endeavour" = Clonk Endeavour 4.95.5
"Eee Docking_is1" = Eee Docking 3.7.0
"ELECTRA_is1" = ELECTRA 2.8
"EncVorbis" = EncVorbis 1.1
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Frhed" = Frhed 1.7.1
"GIF Animator" = Microsoft GIF Animator
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LG USB Booster_is1" = Booster 1.05A02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mp3parse" = MP3 Parser DirectShow Filter (remove only)
"Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0
"NetPbm-10.27_is1" = GnuWin32: NetPbm version 10.27
"Nmap" = Nmap 5.20
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
"Oolite" = Oolite 1.76.0.4679
"Opera 12.15.1748" = Opera 12.15
"PosteRazor_is1" = PosteRazor
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ReOrganize_is1" = ReOrganize!
"SMPlayer" = SMPlayer 0.6.8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Target 3001! V15 discover" = Target 3001! V15 discover
"TrueCrypt" = TrueCrypt
"TVRTLDrv" = DVB-T USB BDA Driver
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-815453948-2413440165-1859227174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/15/2013 4:45:51 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xd70 Startzeit der fehlerhaften Anwendung: 0x01ce819c4a583723 Pfad der
fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 888aa3f6-ed8f-11e2-8804-20cf303d6b5d
Error - 7/15/2013 4:46:00 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xef0 Startzeit der fehlerhaften Anwendung: 0x01ce819c4fd344b0 Pfad der
fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 8e077252-ed8f-11e2-8804-20cf303d6b5d
Error - 7/15/2013 4:46:09 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xa9c Startzeit der fehlerhaften Anwendung: 0x01ce819c55469cf2 Pfad der
fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 937f4b24-ed8f-11e2-8804-20cf303d6b5d
Error - 7/15/2013 4:56:30 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xcd4 Startzeit der fehlerhaften Anwendung: 0x01ce819dc322ef19 Pfad der
fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 055396a6-ed91-11e2-8804-20cf303d6b5d
Error - 7/15/2013 5:25:32 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0x5e8 Startzeit der fehlerhaften Anwendung: 0x01ce81a1a00b558c Pfad der
fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 14016be5-ed95-11e2-b8d8-20cf303d6b5d
Error - 7/15/2013 5:26:57 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xf7c Startzeit der fehlerhaften Anwendung: 0x01ce81a1e90a7576 Pfad der
fehlerhaften Anwendung: C:\windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 4684177f-ed95-11e2-b8d8-20cf303d6b5d
Error - 7/15/2013 5:27:05 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xb7c Startzeit der fehlerhaften Anwendung: 0x01ce81a20a78f9a6 Pfad der
fehlerhaften Anwendung: C:\windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 4b0899cd-ed95-11e2-b8d8-20cf303d6b5d
Error - 7/15/2013 5:34:50 PM | Computer Name = node0009 | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Job does not exist
Error - 7/15/2013 5:41:45 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xd28 Startzeit der fehlerhaften Anwendung: 0x01ce81a2306ef718 Pfad der
fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 57ff56bb-ed97-11e2-b8d8-20cf303d6b5d
Error - 7/15/2013 6:06:55 PM | Computer Name = node0009 | Source = System Restore | ID = 8193
Description =
Error - 7/15/2013 6:22:14 PM | Computer Name = node0009 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aba6 ID des fehlerhaften
Prozesses: 0xb1c Startzeit der fehlerhaften Anwendung: 0x01ce81a9bd9bf3fb Pfad der
fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: ffac1ae1-ed9c-11e2-b8d8-20cf303d6b5d
[ System Events ]
Error - 7/15/2013 6:53:52 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnoserichtliniendienst" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1079
Error - 7/15/2013 6:55:56 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Fix-It Task Manager" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/15/2013 6:56:09 PM | Computer Name = node0009 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Fix-It Utilities Prozess-Monitor" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 7/15/2013 8:43:51 PM | Computer Name = node0009 | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 7/15/2013 9:00:14 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 7/15/2013 9:00:14 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 7/15/2013 9:01:38 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 7/15/2013 9:01:38 PM | Computer Name = node0009 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
< End of report >
Die Datei von Malwarebytes finde ich sicher gleich, einen Moment. hier also die log von Malwarebytes: Zitat:
Avira moniert nur, daß es die hosts-datei nicht öffnen kann, das aber auch schon seit Jahren. und hier noch den rootkit-Buster: Zitat:
|
|
17.07.2013, 14:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Bislang alles unauffällig und Virenfunde gab es bisher auch nicht. Ein Log noch: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2013, 15:54
| #9 | |
| | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? hier mal FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by asl (administrator) on 17-07-2013 16:08:01
Running from C:\Users\asl\Downloads\ipcop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Windows\System32\AsusService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\opera.exe
==================== Registry (Whitelisted) ==================
MountPoints2: {ea27e782-35f0-11e1-b61f-20cf303d6b5d} - G:\LaunchU3.exe -a
MountPoints2: {f4ab93d9-04d6-11e0-b056-20cf303d6b5d} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\AP\Reboot.exe 60 [x]
\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [751592 2010-01-29] ()
HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-03-30] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-06-24] (ASUSTek Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [OutpostFeedBack] - C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe [517056 2011-02-07] (Agnitum Ltd.)
HKLM\...\Run: [OutpostMonitor] - C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [3107736 2011-02-07] (Agnitum Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] - [x]
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1496528 2010-11-21] (TrueCrypt Foundation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
========================== Services (Whitelisted) =================
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 acssrv; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2072592 2011-02-07] (Agnitum Ltd.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 QKHKZJ; C:\Users\asl\AppData\Local\Temp\QKHKZJ.exe [379776 2012-05-23] (Sysinternals - www.sysinternals.com)
S3 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
S3 VHDWQBLKZ; C:\Users\asl\AppData\Local\Temp\VHDWQBLKZ.exe [592768 2013-07-12] (Sysinternals - www.sysinternals.com)
S3 .AVQWindowsMonitorService; C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe [x]
S4 AQFileRestoreSrv; "C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe" [x]
S4 BV; C:\Users\asl\AppData\Local\Temp\BV.exe [x]
S3 Fix-It Task Manager; C:\PROGRA~1\AVANQU~1\Fix-It\MxTask.exe -Service [x]
S4 FTAAG; C:\Users\asl\AppData\Local\Temp\FTAAG.exe [x]
S4 MVRBXYMUKTY; C:\Users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe [x]
S4 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 acedrv10; C:\windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
S2 acehlp10; C:\windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 afw; C:\Windows\System32\DRIVERS\afw.sys [34920 2010-04-20] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [328296 2010-09-27] (Agnitum Ltd.)
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [17944 2012-01-13] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-06-21] ()
S3 ASWFilt; C:\windows\system32\Filt\ASWFilt.dll [72352 2011-02-02] (Agnitum Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
S3 INIDVD; C:\Windows\System32\DRIVERS\inidvd.sys [16024 2009-08-05] (Initio Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2010-04-13] ( )
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2010-01-15] (CACE Technologies, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
R1 SandBox; C:\windows\system32\drivers\SandBox.sys [710824 2011-02-02] (Agnitum Ltd.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-13] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-07] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
S3 TrufosAlt; C:\Windows\System32\DRIVERS\TrufosAlt.sys [309320 2011-12-03] (BitDefender S.R.L.)
S3 VBEngNT; C:\windows\system32\drivers\VBEngNT.sys [242040 2011-02-02] (VirusBuster Kft.)
S3 VBFilt; C:\windows\system32\Filt\VBFilt.dll [36288 2011-02-02] (Agnitum Ltd.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [316192 2004-07-26] (Jungo)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 Bulk1528; System32\Drivers\Bulk1528.sys [x]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [x]
S3 PORTMON; \??\C:\Users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS [x]
S3 tunnel; system32\DRIVERS\tunnel.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-17 16:06 - 2013-07-17 16:06 - 00000000 ____D C:\FRST
2013-07-16 01:11 - 2013-07-16 01:11 - 05030933 _____ C:\Users\asl\Downloads\RSW-Portable.zip
2013-07-15 01:05 - 2013-07-15 01:05 - 00005346 _____ C:\windows\system32\PerfStringBackup.TMP
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Users\asl\AppData\Roaming\Malwarebytes
2013-07-14 21:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-14 15:08 - 2013-07-14 15:11 - 208541524 _____ C:\Users\asl\regbckup.2013.07.14.reg
2013-07-11 23:13 - 2013-07-11 23:13 - 00000000 ____D C:\Users\asl\Downloads\backups
2013-07-11 22:03 - 2013-07-11 22:03 - 00007219 _____ C:\Users\asl\Desktop\hijackthis.2013.07.11.log
2013-07-11 14:33 - 2013-07-11 14:43 - 00000000 ____D C:\windows\system32\MRT
2013-07-09 01:12 - 2013-07-09 01:12 - 00000499 _____ C:\Users\asl\Desktop\Krabben mit Ananas und Gemüse. 1portion.txt
2013-07-06 03:00 - 2013-07-06 03:01 - 207852946 _____ C:\Users\asl\reg-bckup.05.07.2013.reg
2013-07-06 01:28 - 2013-07-06 01:28 - 00000000 ____D C:\Users\asl\AppData\Roaming\Avanquest
2013-07-05 23:44 - 2012-01-13 13:48 - 00017944 _____ C:\windows\system32\Drivers\AQFileRestore.sys
2013-07-05 23:43 - 2013-07-06 01:28 - 00000000 ____D C:\ProgramData\Avanquest
2013-07-05 23:39 - 2013-06-28 01:47 - 00000677 _____ C:\Users\asl\Desktop\leslichk.k-.na-.carb.nitrate.txt
2013-07-05 18:27 - 2013-07-05 18:27 - 00000000 ____D C:\Users\asl\Documents\Freemake
2013-07-05 03:15 - 2013-07-12 20:29 - 00000000 ____D C:\Users\asl\Downloads\winFAQ
2013-06-26 19:09 - 2013-06-26 19:05 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-26 19:07 - 2013-06-26 19:06 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-26 19:07 - 2013-06-26 19:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-26 19:07 - 2013-06-26 19:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-26 17:05 - 2013-06-26 17:05 - 330030432 _____ C:\windows\MEMORY.DMP
2013-06-26 17:05 - 2013-06-26 17:05 - 00145280 _____ C:\windows\Minidump\062613-33571-01.dmp
2013-06-26 15:29 - 2013-06-26 15:29 - 00000216 _____ C:\windows\system32\TrueCrypt System Favorite Volumes.xml
2013-06-24 22:55 - 2013-05-08 07:38 - 01293672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
==================== One Month Modified Files and Folders =======
2013-07-17 16:06 - 2013-07-17 16:06 - 00000000 ____D C:\FRST
2013-07-17 16:06 - 2011-02-17 00:01 - 00083668 _____ C:\windows\system32\config\rules.rdb
2013-07-17 15:57 - 2013-03-21 16:49 - 00000000 ____D C:\Users\asl\AppData\Roaming\Mozilla
2013-07-17 15:45 - 2011-10-13 21:27 - 00000000 ____D C:\Users\asl\Downloads\ipcop
2013-07-17 15:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 15:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 06:13 - 2009-07-14 06:39 - 00100772 _____ C:\windows\setupact.log
2013-07-17 01:12 - 2010-12-23 12:52 - 00000000 ___RD C:\Users\asl\Downloads\mplayer
2013-07-16 23:56 - 2011-02-16 23:57 - 00000000 ____D C:\windows\system32\Filt
2013-07-16 19:46 - 2010-10-17 23:53 - 01110126 _____ C:\windows\WindowsUpdate.log
2013-07-16 01:11 - 2013-07-16 01:11 - 05030933 _____ C:\Users\asl\Downloads\RSW-Portable.zip
2013-07-15 23:24 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 23:17 - 2011-02-20 17:24 - 00267890 _____ C:\windows\system32\config\afw_db.conf
2013-07-15 23:17 - 2011-02-20 17:24 - 00016460 _____ C:\windows\system32\config\afw_hm.conf
2013-07-15 23:14 - 2010-10-17 09:17 - 00000000 ___RD C:\Users\asl\Desktop
2013-07-15 19:27 - 2010-10-18 12:08 - 00620492 _____ C:\windows\PFRO.log
2013-07-15 01:05 - 2013-07-15 01:05 - 00005346 _____ C:\windows\system32\PerfStringBackup.TMP
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Users\asl\AppData\Roaming\Malwarebytes
2013-07-14 21:10 - 2010-12-08 22:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 19:33 - 2010-10-24 22:30 - 00000919 _____ C:\Users\asl\Desktop\MySyncFolder.lnk
2013-07-14 19:33 - 2010-10-17 09:17 - 00000000 ____D C:\Users\asl\AppData\Roaming\ASUS WebStorage
2013-07-14 15:11 - 2013-07-14 15:08 - 208541524 _____ C:\Users\asl\regbckup.2013.07.14.reg
2013-07-14 15:08 - 2010-10-17 09:17 - 00000000 ____D C:\Users\asl
2013-07-14 14:52 - 2010-12-21 02:06 - 00000000 ____D C:\Users\asl\html
2013-07-14 02:23 - 2009-07-25 09:50 - 01528514 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-12 20:29 - 2013-07-05 03:15 - 00000000 ____D C:\Users\asl\Downloads\winFAQ
2013-07-12 18:54 - 2010-06-24 18:03 - 00055380 _____ C:\windows\DPINST.LOG
2013-07-12 18:53 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\DriverStore
2013-07-11 23:13 - 2013-07-11 23:13 - 00000000 ____D C:\Users\asl\Downloads\backups
2013-07-11 22:03 - 2013-07-11 22:03 - 00007219 _____ C:\Users\asl\Desktop\hijackthis.2013.07.11.log
2013-07-11 20:50 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-11 14:43 - 2013-07-11 14:33 - 00000000 ____D C:\windows\system32\MRT
2013-07-09 01:12 - 2013-07-09 01:12 - 00000499 _____ C:\Users\asl\Desktop\Krabben mit Ananas und Gemüse. 1portion.txt
2013-07-08 14:29 - 2010-12-23 14:09 - 00000000 ____D C:\Users\asl\AppData\Roaming\JonDo
2013-07-07 02:24 - 2013-01-19 13:10 - 00000000 ____D C:\Users\asl\AppData\Roaming\vlc
2013-07-06 19:05 - 2011-08-05 01:08 - 00000000 ____D C:\Users\asl\Downloads\_out
2013-07-06 03:01 - 2013-07-06 03:00 - 207852946 _____ C:\Users\asl\reg-bckup.05.07.2013.reg
2013-07-06 01:28 - 2013-07-06 01:28 - 00000000 ____D C:\Users\asl\AppData\Roaming\Avanquest
2013-07-06 01:28 - 2013-07-05 23:43 - 00000000 ____D C:\ProgramData\Avanquest
2013-07-06 00:17 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 23:43 - 2010-06-24 18:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-05 18:52 - 2011-11-15 20:45 - 00000000 ____D C:\ProgramData\Ulead Systems
2013-07-05 18:45 - 2010-12-07 03:57 - 00000000 ____D C:\Users\asl\AppData\Roaming\Philipp Winterberg
2013-07-05 18:38 - 2010-11-10 09:48 - 00000000 ____D C:\ProgramData\FreePDF
2013-07-05 18:38 - 2010-11-10 09:48 - 00000000 ____D C:\Program Files\FreePDF_XP
2013-07-05 18:29 - 2011-03-05 16:35 - 00000000 ____D C:\windows\tessdata
2013-07-05 18:27 - 2013-07-05 18:27 - 00000000 ____D C:\Users\asl\Documents\Freemake
2013-07-05 18:23 - 2010-10-26 19:30 - 00000000 ____D C:\Users\asl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
2013-07-05 18:08 - 2010-06-24 18:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-03 02:03 - 2010-12-16 11:32 - 00000000 ____D C:\Users\asl\Downloads\64
2013-06-28 01:47 - 2013-07-05 23:39 - 00000677 _____ C:\Users\asl\Desktop\leslichk.k-.na-.carb.nitrate.txt
2013-06-27 14:15 - 2011-01-15 04:42 - 00000000 ____D C:\Users\asl\Downloads\pn
2013-06-27 03:41 - 2010-10-23 14:37 - 00015872 _____ C:\Users\asl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-26 19:06 - 2013-06-26 19:07 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-26 19:05 - 2013-06-26 19:09 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-26 19:05 - 2013-06-26 19:07 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-26 19:05 - 2013-06-26 19:07 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-26 19:05 - 2013-03-08 03:11 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-06-26 19:05 - 2010-10-26 12:27 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-06-26 19:02 - 2011-02-17 00:01 - 95658496 _____ C:\windows\system32\config\fsdb.sdb
2013-06-26 17:05 - 2013-06-26 17:05 - 330030432 _____ C:\windows\MEMORY.DMP
2013-06-26 17:05 - 2013-06-26 17:05 - 00145280 _____ C:\windows\Minidump\062613-33571-01.dmp
2013-06-26 17:05 - 2010-11-02 22:39 - 00000000 ____D C:\windows\Minidump
2013-06-26 15:30 - 2010-11-21 21:46 - 00000000 ____D C:\Users\asl\AppData\Roaming\TrueCrypt
2013-06-26 15:29 - 2013-06-26 15:29 - 00000216 _____ C:\windows\system32\TrueCrypt System Favorite Volumes.xml
2013-06-25 16:39 - 2010-11-09 11:16 - 00000000 ____D C:\Users\asl\games
2013-06-24 15:32 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-24 00:37 - 2010-10-18 11:48 - 75733144 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-15 21:16
==================== End Of Log ============================
--- --- --- und hier das Additional: Zitat:
|
|
18.07.2013, 00:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2013, 04:22
| #11 |
| | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? done. hier nun also das log von combofix: Code:
ATTFilter ComboFix 13-07-16.01 - asl 18.07.2013 1:55.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2038.1358 [GMT 2:00]
ausgeführt von:: c:\users\asl\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-18 bis 2013-07-18 ))))))))))))))))))))))))))))))
.
.
2013-07-18 01:26 . 2013-07-18 01:39 -------- d-----w- c:\users\asl\AppData\Local\temp
2013-07-18 01:26 . 2013-07-18 01:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-17 23:16 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04A5E7AF-81F8-4A9D-B98E-825481AC5DEA}\mpengine.dll
2013-07-17 14:06 . 2013-07-17 14:06 -------- d-----w- C:\FRST
2013-07-14 19:11 . 2013-07-14 19:11 -------- d-----w- c:\users\asl\AppData\Roaming\Malwarebytes
2013-07-14 19:10 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-14 13:08 . 2013-07-14 13:11 208541524 ----a-w- c:\users\asl\regbckup.2013.07.14.reg
2013-07-11 12:33 . 2013-07-11 12:43 -------- d-----w- c:\windows\system32\MRT
2013-07-06 01:00 . 2013-07-06 01:01 207852946 ----a-w- c:\users\asl\reg-bckup.05.07.2013.reg
2013-07-05 23:28 . 2013-07-05 23:28 -------- d-----w- c:\users\asl\AppData\Roaming\Avanquest
2013-07-05 21:44 . 2012-01-13 11:48 17944 ----a-w- c:\windows\system32\drivers\AQFileRestore.sys
2013-07-05 21:43 . 2013-07-05 23:28 -------- d-----w- c:\programdata\Avanquest
2013-06-26 17:07 . 2013-06-26 17:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 20:55 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 17:05 . 2013-03-08 01:11 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-26 17:05 . 2010-10-26 10:27 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-05 19:12 . 2013-05-22 15:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-02 00:06 . 2010-12-08 21:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 11:09 . 2013-05-01 11:07 211753182 ----a-w- c:\windows\system32\2013.05.01.registry.bck.reg
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-02-07 13:14 468128 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-11-21 1496528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-29 415920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-06-24 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-02-07 517056]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-02-07 3107736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-15 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 .AVQWindowsMonitorService;Fix-It Utilities Prozess-Monitor;c:\program files\Avanquest\Fix-It\AVQWinMonEngine.exe [x]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [2012-01-13 17944]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2011-02-02 72352]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [x]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\DRIVERS\inidvd.sys [2009-08-05 16024]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]
R3 PORTMON;PORTMON;c:\users\asl\Downloads\sysinternalssuite\PORTMSYS.SYS [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 188392]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 32872]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-12-03 309320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-02-02 242040]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [2011-02-02 36288]
R3 VHDWQBLKZ;VHDWQBLKZ;c:\users\asl\AppData\Local\Temp\VHDWQBLKZ.exe [x]
R4 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\Avanquest\Fix-It\AQFileRestoreSrv.exe [x]
R4 BV;BV;c:\users\asl\AppData\Local\Temp\BV.exe [x]
R4 FTAAG;FTAAG;c:\users\asl\AppData\Local\Temp\FTAAG.exe [x]
R4 MVRBXYMUKTY;MVRBXYMUKTY;c:\users\asl\AppData\Local\Temp\MVRBXYMUKTY.exe [x]
R4 QKHKZJ;QKHKZJ;c:\users\asl\AppData\Local\Temp\QKHKZJ.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-07 691696]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-04-20 34920]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-21 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-02-02 710824]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2011-02-07 2072592]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-15 50704]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-09-27 328296]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-13 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
AddRemove-IrfanView - e:\portable\IrfanView\iv_uninstall.exe
AddRemove-Musik & Audio Restaurator Pro 5_is1 - c:\program files\softfeld\Musik und Audio Restaurator Pro 5\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3532)
c:\progra~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WerFault.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-18 04:45:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-18 02:45
.
Vor Suchlauf: 11 Verzeichnis(se), 16.325.795.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 17.673.228.288 Bytes frei
.
- - End Of File - - 4A2F52C95A6B6C113BE9A6E99CBD8787
EF6DF11655F8FD600A5BE866AE01AAFC
|
|
18.07.2013, 04:25
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären?Zitat:
Belass es einfach bei einem reinem Virenscanner plus Windows-Firewall, mehr ist nicht nötig. Anders gesagt, mehr verursacht mehr Komplikationen. Deinstalliere Outpost.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2013, 04:41
| #13 |
| | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? sorry, aber gemäß der Anweisung, ich sollte son Zeug für den Scan ausmachen tat ich mein Bestes, es abzuschalten. Wenn das falsch war habe ich wohl die Anweisungen falsch verstanden. Vllt bin ich aber auch einfach zu blöd und du meinst was anderes. Gruß, die eule |
|
18.07.2013, 04:44
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Du hast richtig gelesen und auch nichts falsch gemacht. Nun solltest du jetzt Outpost deinstallieren. Einen Vorwurf gab es nit und ich mach uns auch gern einen Kaffee jetzt 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2013, 05:14
| #15 |
| | found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? Das mag sich für dich jetzt evtl komisch anhören, aber kann ich nicht stattdessen lieber die M$-Firewall rauswerfen statt Outpost? Irgendwie hänge ich daran, seit ich unter Win98 vieles probiert habe und diese am angenehmsten fand.  Die sieht knuffelig aus und fühlt sich eben einfach "richtig" an.  achja: thx 4 coffee |
|
| Themen zu found komische log-dateien, habe ein übles feeling, kann mir das wer erklären? |
| abgesicherten, asus, avira, bot, defender, einfach, festplatte, found, gmer, hijack, hijackthis, kleine, malwarebytes, microsoft, modus, nichts, quarantäne, revealer, rootkit, scanner, schnell, system, tool, win, win7 |
WARNUNG an die MITLESER: 
Linear-Darstellung
