Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.07.2013, 16:40   #1
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Hallo!

Rechner: Win7 Starter auf Asus Eee PC Seashell
Problem:
Panda Cloud hat vor 2 Tagen den Trojaner "Dtcontx.F" gemeldet. Darauf habe ich den Rechner erstmal runtergefahren.
Heute wollte ich das Problem angehen und fahre den Rechner hoch. Panda meldet, der Trojaner sei gelöscht, meldet aber bereits erneut denselben Trojaner. Um den Trojaner zu löschen, meldet Panda, muss der Rechner neu gestartet werden.

Zwischenzeitlich war ich hier auf dem Board gelandet und habe die OLT- und Gmer-Scans gestartet, mit den geforderten Neustarts des Rechners. Direkt nach den Neustarts wurden von Panda der Dcontx.F und dann auch noch der CI.A gemeldet.
Dies ist der Staus quo.
Die beschriebene Historie ist im angehängten Panda-Report ersichtlich.
Was ir darin auffällt: Die betroffenen Dateien sind immer im Verzeichnis C:\Users\<user> wobei <user> länge als 8 Zeichen ist. Beim Eintrag 19.07.2013 12:53:11 wurde der Username jedoch auf 8 Zeichen, bzw. auf 6 Zeich mit angehängtem "~1" gekürzt. Diesen Pfad gibt es jedoch nicht auf dem Rechner.

Hier die geforderten Scans:
Ich habe überall den Usernamen durch <user> ersetzt.

OLT.txt
Code:
ATTFilter
OTL logfile created on: 19.07.2013 13:44:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\<user>\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT
Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32
 
Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.05 12:23:49 | 000,453,552 | ---- | M] (LaCie) -- C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
PRC - [2012.07.13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012.03.19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2011.03.04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
PRC - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2011.03.04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe
PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.05.21 22:42:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2010.05.21 22:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.04.13 09:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.16 23:12:38 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\46e5c98ee0b6840ffbc7875ec30e6b38\Microsoft.VisualBasic.ni.dll
MOD - [2013.07.16 19:04:32 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.16 19:03:52 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.16 19:02:14 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.16 19:01:58 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.16 19:01:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.16 19:01:26 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.07.16 09:13:55 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\proxy_util_w32.dll
MOD - [2013.07.16 08:34:47 | 000,949,426 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jnotify.dll
MOD - [2013.07.16 08:33:54 | 000,165,376 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\orangevolt-4n-1.1.2.dll
MOD - [2013.07.16 08:33:49 | 000,370,688 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jcbfs3.dll
MOD - [2012.09.05 09:59:24 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Temp\proxy_util_w32.dll
MOD - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
MOD - [2010.05.21 22:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.12 15:13:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Disabled | Running] -- system32\Drivers\PsBoot.sys -- (PsBoot)
DRV - [2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012.06.27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012.06.27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012.06.27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012.06.27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012.06.27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012.06.27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012.06.27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012.06.27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012.06.27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2012.06.27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012.06.27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012.04.09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.03.10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2010.11.20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.09.27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.08.03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010.06.28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms}
IE - HKCU\..\SearchScopes\{BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 23:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.23 23:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Extensions
[2013.05.22 21:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions
[2012.10.28 12:15:46 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions\toolbar@ask.com
[2013.03.18 08:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.08.02 23:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.28 12:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 03:02:55 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.07.14 03:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 03:02:55 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.07.14 03:02:55 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.07.14 03:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.07.14 03:02:55 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C5442E-A9A4-4DD4-AB72-FA16DDCC1BB9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D62A12-4BBE-4A3F-BC9A-CAC796B28273}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030.01.01 13:50:16 | 000,000,000 | -HSD | C] -- C:\Boot
[2013.07.19 13:34:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe
[2013.07.19 13:05:39 | 000,046,280 | ---- | C] (Panda Security) -- C:\windows\System32\drivers\PSKMAD.sys
[2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Xafezye
[2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Pywe
[2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Viyh
[2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Ifu
[2013.07.16 15:38:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013.07.16 15:38:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013.07.16 15:38:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013.07.16 15:38:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013.07.16 15:38:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013.07.16 15:38:00 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013.07.16 15:38:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013.07.16 15:37:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013.07.16 15:37:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013.07.16 15:37:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013.07.16 08:44:21 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013.07.16 08:44:15 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013.07.16 08:44:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2013.07.16 08:44:04 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.19 13:34:11 | 000,092,249 | ---- | M] () -- C:\Users\<user>\Desktop\Panda-Report.jpg
[2013.07.19 13:23:39 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.07.19 13:23:39 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.07.19 13:23:39 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.07.19 13:23:39 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 13:13:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.07.19 13:05:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.19 13:05:12 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 13:00:16 | 000,377,856 | ---- | M] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe
[2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe
[2013.07.16 18:59:18 | 000,315,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2030.01.01 13:50:16 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013.07.19 13:34:57 | 000,377,856 | ---- | C] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe
[2013.07.19 13:34:09 | 000,092,249 | ---- | C] () -- C:\Users\<user>\Desktop\Panda-Report.jpg
[2012.11.05 10:16:47 | 000,434,176 | ---- | C] () -- C:\windows\System32\ZSHP1020.EXE
[2012.09.05 12:24:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012.03.17 12:47:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012.03.17 12:45:40 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011.04.21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2013 13:44:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\<user>\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT
Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32
 
Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{E575682C-AA9D-4F46-9E9C-1230B55CC593}" = protocol=17 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe | 
"{F8849DB1-9DE1-4DE3-A193-853ED518DACF}" = protocol=6 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe | 
"TCP Query User{14DD44EA-7689-4D13-9DE6-DC21D05612B9}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{35DC0C5B-19E8-4793-BD48-F6298FD56D0A}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{3F306CDF-929E-406A-AFFD-31C3D50AED00}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{847ECC4B-9EAE-4323-B299-D534D8BB3D52}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{B461BADE-4366-44D1-9D63-955D30C4479F}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{FFBD621D-3D73-4222-B97D-5F80A26324BE}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{0D4E388F-A537-4F69-BDED-29765BAA7D6B}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{2439E76D-3AD4-498F-B4D2-6A88EA240817}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{6F303378-AEF3-463E-85D8-340E99FDF9E6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{81D0E884-F0D2-4887-9CD0-14EC564D786F}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{938E5072-52B7-436E-A6CF-D78182044B1C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{BC4F4047-36C5-4D51-AC7B-223B5F8449E2}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5CE74A57-75E8-43A9-9BAA-CB97A1A23043}" = Panda Cloud Antivirus
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Panda Security URL Filtering" = Panda Security URL Filtering
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"pandasecuritytb" = Panda Security Toolbar
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"WinLiveSuite" = Windows Live Essentials
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2013 13:27:45 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORDC.EXE, Version: 14.0.6129.5000,
 Zeitstempel: 0x5082ffdf  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00690073  ID des fehlerhaften
 Prozesses: 0xe1c  Startzeit der fehlerhaften Anwendung: 0x01ce4110c7ceca3b  Pfad der
 fehlerhaften Anwendung: Q:\140066.deu\Office14\WINWORDC.EXE  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 46135fa4-ad04-11e2-8de2-742f68cef929
 
Error - 24.04.2013 14:25:40 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000
ID
 des fehlerhaften Prozesses: 0x6ec  Startzeit der fehlerhaften Anwendung: 0x01ce411913675de9
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 5db053c6-ad0c-11e2-bf03-742f68cef929
 
Error - 05.05.2013 06:35:51 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 05.05.2013 14:23:18 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 05.05.2013 14:36:32 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 05.05.2013 14:49:38 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 15.05.2013 18:21:51 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version:
 1.0.1.34, Zeitstempel: 0x4f58eb32  Name des fehlerhaften Moduls: ole32.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039342
ID
 des fehlerhaften Prozesses: 0x9a8  Startzeit der fehlerhaften Anwendung: 0x01ce51b9474ebd79
Pfad
 der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
Pfad
 des fehlerhaften Moduls: C:\windows\system32\ole32.dll  Berichtskennung: d6dc246a-bdad-11e2-9a2c-742f68cef929
 
Error - 09.06.2013 14:36:38 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version:
 1.0.1.34, Zeitstempel: 0x4f58eb32  Name des fehlerhaften Moduls: ole32.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039342
ID
 des fehlerhaften Prozesses: 0xf3c  Startzeit der fehlerhaften Anwendung: 0x01ce653d4c36c5b8
Pfad
 der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
Pfad
 des fehlerhaften Moduls: C:\windows\system32\ole32.dll  Berichtskennung: 84d87a03-d133-11e2-b5bd-742f68cef929
 
Error - 18.06.2013 12:23:09 | Computer Name = portable-IK | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2fc    Startzeit: 
01ce6c3d83ddff3a    Endzeit: 32    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE    Berichts-ID:
 514d78e5-d833-11e2-bf2c-742f68cef929  
 
Error - 24.06.2013 02:16:00 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
[ System Events ]
Error - 10.02.2013 10:09:44 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 15:10:41 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
Error - 15.02.2013 10:38:21 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 16.02.2013 16:58:05 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 18.02.2013 18:06:12 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
Error - 18.02.2013 18:06:08 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst btwdins erreicht.
 
Error - 21.02.2013 17:19:58 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 22.02.2013 02:29:49 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.02.2013 14:56:53 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 27.02.2013 14:56:54 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Extras.txt:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 17:08:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0003 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\<user>\AppData\Local\Temp\uwlyapow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                    820489F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                      820821F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

Device                                                                                                                                                      Ntfs.sys

AttachedDevice                                                                                                                                              cbfs3.sys

Device                                                                                                                                                      fastfat.SYS
Device                                                                                                                                                      Sftfslh.sys
Device          \Driver\BTHUSB \Device\00000081                                                                                                             bthport.sys
Device          \Driver\BTHUSB \Device\00000083                                                                                                             bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                    fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                    cbfs3.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind    \Device\{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\{99D75C0B-9599-4D87-87A6-EC5FD64938B4}?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route   "{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}"?"{CA81891F-7045-4EAE-8188-8A06668503F6}"?"{B3D35547-86CE-4B06-847B-4926F53EBD43}"?"{99D75C0B-9599-4D87-87A6-EC5FD64938B4}"?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export  \Device\TCPIP6TUNNEL_{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\TCPIP6TUNNEL_{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\TCPIP6TUNNEL_{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\TCPIP6TUNNEL_{99D75C0B-9599-4D87-87A6-EC5FD64938B4}?
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68cef929                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@InterfaceName                      isatap.{BEA210D1-39F4-4172-AA53-5BB79BEC0CF2}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@ReusableType                       0
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68cef929 (not active ControlSet)                                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet)                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{346F58E0-7095-11E1-B959-806E6F6E6963}                      1957051552

---- EOF - GMER 2.1 ----
         

Schon mal vorab: DANKE!
Miniaturansicht angehängter Grafiken
-panda-report.jpg  

Alt 19.07.2013, 17:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 19.07.2013, 21:30   #3
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Danke für die schnelle Antwort!
Hier das Ergebnis des FRST Scans:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by SYSTEM on 19-07-2013 22:21:26
Running from E:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-26] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-26] (AsusTek Computer Inc.)
HKU\<user>\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [ 2010-07-19] (syncables, LLC)
ram Files\ASUS\APRP\APRP.EXE [2018032 2011-04-20] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-12] (Panda Security, S.L.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk ->  (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

========================== Services (Whitelisted) =================

S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-03] ()
S2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-12] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-12] (Panda Security, S.L.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-20] (Broadcom Corporation.)
S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-12] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-12] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-12] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-12] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-12] (Panda Security, S.L.)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 03:50 - 2010-11-20 04:40 - 00383786 __RSH C:\bootmgr
2013-07-19 22:21 - 2013-07-19 22:21 - 00000000 ____D C:\FRST
2013-07-19 07:08 - 2013-07-19 07:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 04:03 - 2013-07-19 04:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 04:01 - 2013-07-19 04:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 03:34 - 2013-07-19 03:00 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 03:34 - 2013-07-19 02:59 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 09:10 - 2013-07-19 03:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-16 09:10 - 2013-07-18 23:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-16 05:38 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-16 05:38 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-16 05:38 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-16 05:38 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-16 05:38 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-16 05:38 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-16 05:38 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-16 05:38 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-16 05:37 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-16 05:37 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-16 05:37 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-16 05:37 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-15 22:44 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-15 22:44 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-15 22:44 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-15 22:44 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2030-01-01 03:50 - 2009-07-13 20:57 - 00029696 ___SH C:\Windows\System32\config\BCD-Template.LOG
2030-01-01 03:50 - 2009-07-13 20:52 - 00032768 _____ C:\Windows\System32\config\BCD-Template
2013-07-19 22:21 - 2013-07-19 22:21 - 00000000 ____D C:\FRST
2013-07-19 12:11 - 2012-03-17 16:59 - 01626497 _____ C:\Windows\WindowsUpdate.log
2013-07-19 12:11 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 12:11 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 11:41 - 2009-07-27 02:11 - 01530778 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-19 11:36 - 2012-06-01 15:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-19 11:35 - 2009-07-13 20:39 - 00088788 _____ C:\Windows\setupact.log
2013-07-19 07:08 - 2013-07-19 07:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 07:08 - 2012-03-17 02:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-19 05:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-19 04:03 - 2013-07-19 04:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 04:01 - 2013-07-19 04:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 03:06 - 2013-07-16 09:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-19 03:05 - 2012-03-17 02:44 - 00000000 ____D C:\users\<user>
2013-07-19 03:00 - 2013-07-19 03:34 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 02:59 - 2013-07-19 03:34 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-18 23:09 - 2013-07-16 09:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-18 23:01 - 2012-08-20 06:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 08:59 - 2009-07-13 20:33 - 00315344 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-16 08:57 - 2011-04-20 17:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 08:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 05:33 - 2012-07-16 01:40 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-16 05:24 - 2012-03-26 09:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-15 23:53 - 2012-08-20 07:15 - 00000000 ____D C:\Users\<user>\Documents\Kram

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-15 14:18:24
Restore point made on: 2013-06-13 06:39:10
Restore point made on: 2013-06-23 22:11:23
Restore point made on: 2013-07-16 02:38:00
Restore point made on: 2013-07-16 05:25:49

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 2038.12 MB
Available physical RAM: 1651.7 MB
Total Pagefile: 2038.12 MB
Available Pagefile: 1654.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:63.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.96 GB) NTFS
Drive e: (USB-Stick) (Removable) (Total:0.03 GB) (Free:0.01 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D1FFC8CF)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 31 MB) (Disk ID: 617A130E)
Partition 1: (Active) - (Size=31 MB) - (Type=04)


LastRegBack: 2013-07-16 02:29

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 20.07.2013, 10:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Hi,

warum lässt du FRST aus der Recovery laufen, der Rechner bootet doch normal?

Bitte vom Desktop aus laufen lassen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2013, 10:24   #5
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Weil es so in der verlinkten Anleitung stand ...
Ich mach's nochmal, geht ja relativ schnell.


Alt 20.07.2013, 10:52   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Ok
__________________
--> Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)

Alt 20.07.2013, 18:27   #7
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



So, hier jetzt das Ergebnis des FRST Scans nach normalem Start des Rechners.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 20-07-2013 19:14:24
Running from E:\
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\APRP\aprp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
ductor)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF user.js: detected! => C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Ask Toolbar - C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\Extensions\toolbar@ask.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

========================== Services (Whitelisted) =================

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
S2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 13:34 - 2013-07-19 13:00 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 13:34 - 2013-07-19 12:59 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 19:10 - 2013-07-19 13:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-16 19:10 - 2013-07-19 09:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-20 19:13 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 19:12 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-20 11:29 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-20 11:29 - 2009-07-14 06:39 - 00088844 _____ C:\windows\setupact.log
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 22:11 - 2012-03-18 02:59 - 01642610 _____ C:\windows\WindowsUpdate.log
2013-07-19 22:11 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 22:11 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 21:41 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 17:08 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 13:06 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00001134 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 13:00 - 2013-07-19 13:34 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 12:59 - 2013-07-19 13:34 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-19 09:09 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-16 12:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 20.07.2013, 20:11   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Und wenn Du unsere Tools jetzt noch vom Desktop ausführst ist alles in Butter
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2013, 23:20   #9
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Ooops ...

Ich weiß nicht, ob's von Bedeutung ist, aber hier dann nochmal das FRST Logfile, ausgeführt vom Desktop:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 20-07-2013 23:03:30
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\APRP\aprp.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

==================== Registry (Whitelisted) ==================

HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
ductor)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF user.js: detected! => C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Ask Toolbar - C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\Extensions\toolbar@ask.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

========================== Services (Whitelisted) =================

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-20 23:01 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-20 22:55 - 2013-07-20 22:45 - 05093416 _____ (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 19:10 - 2013-07-19 13:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-16 19:10 - 2013-07-19 09:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-20 23:01 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-20 23:01 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-20 23:00 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-20 23:00 - 2009-07-14 06:39 - 00088956 _____ C:\windows\setupact.log
2013-07-20 22:59 - 2012-03-18 02:59 - 01650723 _____ C:\windows\WindowsUpdate.log
2013-07-20 22:59 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 22:59 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 22:53 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 22:45 - 2013-07-20 22:55 - 05093416 _____ (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 19:16 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 13:06 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00001638 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:09 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-16 12:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Und dann (ebenfalls ausgeführt vom Desktop ... die Lernkuve steigt! ) das Logfile von ComboFix:


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-20.03 - <user> 20.07.2013  23:22:41.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2038.988 [GMT 2:00]
ausgeführt von:: c:\users\<user>\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\<user>\AppData\Roaming\Pywe
c:\users\<user>\AppData\Roaming\Pywe\dyogca.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-20 bis 2013-07-20  ))))))))))))))))))))))))))))))
.
.
2030-01-01 11:50 . 2030-01-01 11:50	--------	d-----w-	C:\Boot
2013-07-20 21:45 . 2013-07-20 21:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-20 21:07 . 2011-03-10 16:04	46280	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2013-07-20 06:21 . 2013-07-20 06:21	--------	d-----w-	C:\FRST
2013-07-16 17:11 . 2013-07-16 17:11	--------	d-----w-	c:\users\<user>\AppData\Roaming\Xafezye
2013-07-16 17:10 . 2013-07-19 11:06	--------	d-----w-	c:\users\<user>\AppData\Roaming\Viyh
2013-07-16 17:10 . 2013-07-19 07:09	--------	d-----w-	c:\users\<user>\AppData\Roaming\Ifu
2013-07-16 13:38 . 2013-06-07 02:37	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-16 13:38 . 2013-06-11 23:43	217600	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-07-16 13:38 . 2013-06-11 23:43	2877440	----a-w-	c:\windows\system32\jscript9.dll
2013-07-16 13:38 . 2013-06-11 23:43	108032	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-07-16 13:38 . 2013-06-11 23:42	61440	----a-w-	c:\windows\system32\iesetup.dll
2013-07-16 13:38 . 2013-06-11 23:42	257536	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2013-07-16 13:38 . 2013-06-11 23:42	235520	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-07-16 13:37 . 2013-06-11 23:42	109056	----a-w-	c:\windows\system32\iesysprep.dll
2013-07-16 13:37 . 2013-06-11 22:51	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 13:37 . 2013-06-11 23:43	817664	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-16 13:37 . 2013-06-12 00:23	770648	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-07-16 13:37 . 2013-06-11 23:43	1767936	----a-w-	c:\windows\system32\wininet.dll
2013-07-16 06:44 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-07-16 06:44 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-16 06:44 . 2013-06-04 04:53	509440	----a-w-	c:\windows\system32\qedit.dll
2013-07-16 06:44 . 2013-06-05 03:05	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-07-16 06:43 . 2013-04-10 05:03	936448	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 06:43 . 2013-05-27 04:57	680960	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-16 06:43 . 2013-05-27 04:57	392704	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-16 06:43 . 2013-05-27 04:57	224768	----a-w-	c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 13:13 . 2012-10-05 19:39	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 13:13 . 2012-10-05 19:39	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-14 19:10 . 2010-06-24 18:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 04:45 . 2013-06-12 19:58	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 19:58	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 19:58	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 19:58	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:58	43008	----a-w-	c:\windows\system32\certenc.dll
2013-05-12 14:44 . 2013-05-12 14:44	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-12 14:44 . 2013-05-12 14:44	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-05-12 14:44 . 2013-05-12 14:44	158720	----a-w-	c:\windows\system32\msls31.dll
2013-05-12 14:44 . 2013-05-12 14:44	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-05-12 14:44 . 2013-05-12 14:44	138752	----a-w-	c:\windows\system32\wextract.exe
2013-05-12 14:44 . 2013-05-12 14:44	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-05-12 14:44 . 2013-05-12 14:44	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-12 14:44 . 2013-05-12 14:44	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-05-12 14:44 . 2013-05-12 14:44	12800	----a-w-	c:\windows\system32\mshta.exe
2013-05-12 14:44 . 2013-05-12 14:44	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-12 14:44 . 2013-05-12 14:44	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-12 14:44 . 2013-05-12 14:44	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-12 14:44 . 2013-05-12 14:44	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-05-12 14:44 . 2013-05-12 14:44	361984	----a-w-	c:\windows\system32\html.iec
2013-05-12 14:44 . 2013-05-12 14:44	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-12 14:44 . 2013-05-12 14:44	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-12 14:44 . 2013-05-12 14:44	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-10 03:20 . 2013-06-12 19:59	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 19:57	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 19:58	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-06 05:06 . 2013-06-12 19:58	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-26 04:55 . 2013-06-12 19:59	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 19:59	1505280	----a-w-	c:\windows\system32\d3d11.dll
2012-07-14 00:15 . 2012-07-23 21:10	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02	86696	----a-w-	c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 

86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{9F26BD00-946A-4855-AA63-E319DF22B493}"
[HKEY_CLASSES_ROOT\CLSID\{9F26BD00-946A-4855-AA63-E319DF22B493}]
2012-04-09 14:27	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-23 45448]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-21 2018032]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wuala.lnk - c:\users\<user>\AppData\Roaming\Wuala\Wuala.exe -silent [2012-5-4 453552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 28712]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 60968]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 299024]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 82472]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 120744]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 122664]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93992]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 104104]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 286376]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 153000]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 106536]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 206632]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 92840]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 174632]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 

822624]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 

140064]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 148520]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 103464]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 114216]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 120872]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 

508776]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 

68208]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10

-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 13:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-21  00:01:18
ComboFix-quarantined-files.txt  2013-07-20 22:01
.
Vor Suchlauf: 9 Verzeichnis(se), 75.240.558.592 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 76.397.649.920 Bytes frei
.
- - End Of File - - A37759171B669A2D03CE3B42EA628D38
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Alt 21.07.2013, 14:49   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Supi

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Folder::
    c:\users\<user>\AppData\Roaming\Xafezye
    c:\users\<user>\AppData\Roaming\Viyh
    c:\users\<user>\AppData\Roaming\Ifu
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2013, 21:53   #11
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



ComboFix:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-20.03 - <user> 21.07.2013  21:49:45.2.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2038.937 [GMT 2:00]
ausgeführt von:: c:\users\<user>\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\<user>\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\<user>\AppData\Roaming\Ifu
c:\users\<user>\AppData\Roaming\Viyh
c:\users\<user>\AppData\Roaming\Xafezye
c:\users\<user>\AppData\Roaming\Xafezye\qyykugv.ybc
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-21 bis 2013-07-21  ))))))))))))))))))))))))))))))
.
.
2030-01-01 11:50 . 2030-01-01 11:50	--------	d-----w-	C:\Boot
2013-07-21 20:10 . 2013-07-21 20:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-21 19:38 . 2011-03-10 16:04	46280	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2013-07-20 06:21 . 2013-07-20 06:21	--------	d-----w-	C:\FRST
2013-07-16 13:38 . 2013-06-07 02:37	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-16 13:38 . 2013-06-11 23:43	217600	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-07-16 13:38 . 2013-06-11 23:43	2877440	----a-w-	c:\windows\system32\jscript9.dll
2013-07-16 13:38 . 2013-06-11 23:43	108032	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-07-16 13:38 . 2013-06-11 23:42	61440	----a-w-	c:\windows\system32\iesetup.dll
2013-07-16 13:38 . 2013-06-11 23:42	257536	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2013-07-16 13:38 . 2013-06-11 23:42	235520	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-07-16 13:37 . 2013-06-11 23:42	109056	----a-w-	c:\windows\system32\iesysprep.dll
2013-07-16 13:37 . 2013-06-11 22:51	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 13:37 . 2013-06-11 23:43	817664	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-16 13:37 . 2013-06-12 00:23	770648	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-07-16 13:37 . 2013-06-11 23:43	1767936	----a-w-	c:\windows\system32\wininet.dll
2013-07-16 06:44 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-07-16 06:44 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-16 06:44 . 2013-06-04 04:53	509440	----a-w-	c:\windows\system32\qedit.dll
2013-07-16 06:44 . 2013-06-05 03:05	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-07-16 06:43 . 2013-04-10 05:03	936448	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 06:43 . 2013-05-27 04:57	680960	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-16 06:43 . 2013-05-27 04:57	392704	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-16 06:43 . 2013-05-27 04:57	224768	----a-w-	c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 13:13 . 2012-10-05 19:39	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 13:13 . 2012-10-05 19:39	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-14 19:10 . 2010-06-24 18:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 04:45 . 2013-06-12 19:58	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 19:58	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 19:58	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 19:58	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:58	43008	----a-w-	c:\windows\system32\certenc.dll
2013-05-12 14:44 . 2013-05-12 14:44	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-12 14:44 . 2013-05-12 14:44	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-05-12 14:44 . 2013-05-12 14:44	158720	----a-w-	c:\windows\system32\msls31.dll
2013-05-12 14:44 . 2013-05-12 14:44	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-05-12 14:44 . 2013-05-12 14:44	138752	----a-w-	c:\windows\system32\wextract.exe
2013-05-12 14:44 . 2013-05-12 14:44	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-05-12 14:44 . 2013-05-12 14:44	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-12 14:44 . 2013-05-12 14:44	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-05-12 14:44 . 2013-05-12 14:44	12800	----a-w-	c:\windows\system32\mshta.exe
2013-05-12 14:44 . 2013-05-12 14:44	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-12 14:44 . 2013-05-12 14:44	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-12 14:44 . 2013-05-12 14:44	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-12 14:44 . 2013-05-12 14:44	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-05-12 14:44 . 2013-05-12 14:44	361984	----a-w-	c:\windows\system32\html.iec
2013-05-12 14:44 . 2013-05-12 14:44	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-12 14:44 . 2013-05-12 14:44	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-12 14:44 . 2013-05-12 14:44	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-10 03:20 . 2013-06-12 19:59	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 19:57	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 19:58	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-06 05:06 . 2013-06-12 19:58	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-26 04:55 . 2013-06-12 19:59	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 19:59	1505280	----a-w-	c:\windows\system32\d3d11.dll
2012-07-14 00:15 . 2012-07-23 21:10	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02	86696	----a-w-	c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 

86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10	1688576	----a-w-	c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{9F26BD00-946A-4855-AA63-E319DF22B493}"
[HKEY_CLASSES_ROOT\CLSID\{9F26BD00-946A-4855-AA63-E319DF22B493}]
2012-04-09 14:27	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-23 45448]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-21 2018032]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wuala.lnk - c:\users\<user>\AppData\Roaming\Wuala\Wuala.exe -silent [2012-5-4 453552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 28712]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 60968]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 299024]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 82472]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 120744]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 122664]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93992]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 104104]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 286376]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 153000]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 106536]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 206632]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 92840]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 174632]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 

822624]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 

140064]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 148520]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 103464]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 114216]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 120872]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 

508776]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 

68208]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10

-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 13:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-21  22:15:14
ComboFix-quarantined-files.txt  2013-07-21 20:15
.
Vor Suchlauf: 13 Verzeichnis(se), 76.434.644.992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 76.150.956.032 Bytes frei
.
- - End Of File - - D5CEBDC90F99A2A25C7F3F0289493AC9
         
--- --- --- A36C5E4F47E84449FF07ED3517B43A31

dann AdwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 21/07/2013 um 22:21:28 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : <user> - PORTABLE-IK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\<user>\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\<user>\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (en-GB)

Datei : C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\prefs.js

C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[S1].txt - [7128 octets] - [21/07/2013 22:21:28]

########## EOF - C:\AdwCleaner[S1].txt - [7188 octets] ##########
         
--- --- ---

[/CODE]


dann JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.9 (07.20.2013:3)
OS: Windows 7 Starter x86
Ran by <user> on 21.07.2013 at 22:27:42,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB4AD99B-51CA-46A7-9BB3-

AD5F7680E89D}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\<user>\AppData\Roaming\mozilla\firefox\profiles\tmpnzboc.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.07.2013 at 22:34:46,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


und zum Abschluss noch ein FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 21-07-2013 22:38:05
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

==================== Registry (Whitelisted) ==================

HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek 

Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek 

Computer Inc.)
M\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-

19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, 

S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle 

Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle 

Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft 

Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security 

Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle 

Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security 

Toolbar\PandaSecurityDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft 

Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft 

Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft 

Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

========================== Services (Whitelisted) =================

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-21 22:34 - 2013-07-21 22:34 - 00001037 _____ C:\Users\<user>\Desktop\JRT.txt
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:25 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox
2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-21 22:34 - 2013-07-21 22:34 - 00001037 _____ C:\Users\<user>\Desktop\JRT.txt
2013-07-21 22:34 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-21 22:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-

439d-8115-601632D005A0
2013-07-21 22:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-

439d-8115-601632D005A0
2013-07-21 22:31 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:24 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 22:24 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-21 22:24 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-21 22:24 - 2009-07-14 06:39 - 00089124 _____ C:\windows\setupact.log
2013-07-21 22:23 - 2012-03-18 02:59 - 01681141 _____ C:\windows\WindowsUpdate.log
2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log
2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox
2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00002394 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-16 12:29

==================== End Of Log ============================
         
--- --- ---



... jetzt bin ich ja gespannt ...

Alt 22.07.2013, 08:31   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Onlinescan und wir sind durch


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2013, 12:52   #13
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Ganz am Ende habe ich noch eine Frage gepostet.

EST Scanner war fündig:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=133421a324d19e4caf945a1fb07b9187
# engine=14466
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-22 10:11:21
# local_time=2013-07-22 12:11:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1791 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 494027 126119072 0 0
# scanned=194457
# found=1
# cleaned=0
# scan_time=6374
sh=19925B1515BBA6EAFB9A557D09DCC37A1A2B88AB ft=1 fh=7a5a338cc62a7e85 vn="Win32/Spy.Zbot.ZR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Ilka Kock\AppData\Roaming\Pywe\dyogca.exe.vir"
         
Security Check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Panda Cloud Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Toolbar Cleaner 1.0   
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 14.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAService.exe  
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Und der FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 22-07-2013 12:55:36
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

==================== Registry (Whitelisted) ==================

HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
M\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

========================== Services (Whitelisted) =================

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:43 - 2013-07-22 09:40 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:43 - 2013-07-22 09:39 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-22 09:42 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox
2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-22 12:38 - 2012-03-18 02:59 - 01705953 _____ C:\windows\WindowsUpdate.log
2013-07-22 12:13 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 10:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 10:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 10:24 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-22 10:19 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-22 10:18 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-22 10:18 - 2009-07-14 06:39 - 00089236 _____ C:\windows\setupact.log
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:43 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-22 09:40 - 2013-07-22 09:43 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:39 - 2013-07-22 09:43 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log
2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox
2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00002898 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\Ilka
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-16 12:29

==================== End Of Log ============================
         
--- --- ---


Frage:
Diese Zeile
Code:
ATTFilter
S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]
         
macht mich stutzig, da hier der auf 8 Zeichen verkürzte User-Pfad (...~1) auftaucht, der so nicht auf dem Rechner existiert und in dem auch der CI.A Trojaner gem. Panda gefunde wurde. Die Angaben über die catchme.sys im Netz sind ja auch nicht gerade "entwarnend" ...
Wie ist das zu bewerten?

Alt 22.07.2013, 14:02   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Java, Adobe und Firefox updaten.

Catchme ist Teil eines Rootkitscanners unserer Tools. Also Entwarnung

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
C:\Users\<user>\AppData\Roaming\Wuala
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Neues FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2013, 15:29   #15
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)



Danke für die Erklärung!

Java, Adobe und Firefox habe ich upgedatet.

Die Frage nach den Problemen: Wirklich Probleme machte der Rechner vorher auch nicht, außer der Trojanermeldung von Panda.
Panda meckert jetzt jedenfalls nicht mehr (Ergebnis nach "optimiertem Scan")! Also aus der Sicht: Keine Probleme!

Frage: Da es ja nur ein kleines, rel. leistungsschwaches Netbook ist, hatte ich mich für das (dem Vernehmen nach) ressourcenschonende Panda entschieden. Ich hatte mal Avira, das hat das System zienmlich ausgebremst.
Würdest Du für meinen Fall eine andere AntivirenSoftware anstatt Panda empfehlen, die möglichst ressourcenschonend arbeitet?

Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-07-2013
Ran by <user> at 2013-07-22 15:58:53 Run:1
Running from C:\Users\<user>\Desktop
Boot Mode: Normal

==============================================

C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk => Moved successfully.
C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe => Moved successfully.
C:\Users\<user>\AppData\Roaming\Wuala => Moved successfully.

==== End of Fixlog ====
         
Zum Verständnis: Was war/ist mit Wuala?
Augenscheinlich ist es nach einem Neustart aus dem Autostart und damit aus der Taskleiste verschwunden. Es dient dazu, veränderte Dateien zu erkennen und mit einem Cloud-Dienst zu syncen.


FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 22-07-2013 16:00:00
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
iles\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-22 15:51 - 2013-07-22 15:51 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-22 15:50 - 2013-07-22 15:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-22 15:38 - 2013-07-22 15:38 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-07-22 15:38 - 2013-07-22 15:37 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-22 15:38 - 2013-07-22 15:37 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-22 15:38 - 2013-07-22 15:37 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files\Java
2013-07-22 15:19 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:43 - 2013-07-22 09:40 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:43 - 2013-07-22 09:39 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox
2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-22 16:00 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-22 15:57 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Adobe
2013-07-22 15:57 - 2011-04-21 02:57 - 00000000 ____D C:\ProgramData\Adobe
2013-07-22 15:55 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>~1\AppData\Local\Adobe
2013-07-22 15:54 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 15:51 - 2013-07-22 15:51 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-22 15:51 - 2013-07-22 15:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-22 15:51 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-22 15:50 - 2011-04-21 02:56 - 00000000 ____D C:\Program Files\Adobe
2013-07-22 15:45 - 2012-10-05 21:39 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-07-22 15:45 - 2012-10-05 21:39 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 15:42 - 2012-07-23 23:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-22 15:42 - 2012-07-23 23:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-22 15:38 - 2013-07-22 15:38 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-07-22 15:38 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-22 15:37 - 2013-07-22 15:38 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-22 15:37 - 2013-07-22 15:38 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-22 15:37 - 2013-07-22 15:38 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files\Java
2013-07-22 15:37 - 2012-08-02 23:18 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npdeployJava1.dll
2013-07-22 15:37 - 2012-08-02 23:18 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-07-22 15:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 15:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 15:22 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-22 15:19 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-22 15:19 - 2009-07-14 06:39 - 00089292 _____ C:\windows\setupact.log
2013-07-22 13:57 - 2012-03-18 02:59 - 01713419 _____ C:\windows\WindowsUpdate.log
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:40 - 2013-07-22 09:43 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:39 - 2013-07-22 09:43 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log
2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox
2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00003150 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-16 12:29

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)
adobe, antivirus, bho, bingbar, defender, dtcontx.f, error, explorer, failed, firefox, flash player, format, install.exe, installation, logfile, microsoft office starter 2010, mozilla, plug-in, programm, proxy, realtek, registry, rundll, security, software, svchost.exe, temp, trojaner, tunnel, udp, windows, wlansvc




Ähnliche Themen: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)


  1. Win7-Laptop von ASUS reagiert stark verzögert und hängt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2015 (11)
  2. Asus EeePC Netbook mit Windows 7 Starter, SP1, 32Bit startet nur noch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (7)
  3. Windows 7 Starter: SoftwareUpdater.Ui.exe
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (13)
  4. GVU Virus auf Asus Netbook mit Win 7 starter / USB Start nicht möglich
    Log-Analyse und Auswertung - 22.09.2013 (5)
  5. GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
    Log-Analyse und Auswertung - 06.08.2013 (13)
  6. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  7. GVU Trojaner WIN7 HomePremium ASUS X53S
    Log-Analyse und Auswertung - 29.06.2013 (11)
  8. BKA-Trojaner auf Windows7 Starter
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (4)
  9. Asus X64J (i5, Win7...) lahmt trotz Wiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (9)
  10. Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (10)
  11. BKA Trojaner 1.13 Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (7)
  12. Black screen of Death ASUS g53jw BIOS 211 win7 64bit
    Alles rund um Windows - 05.09.2012 (9)
  13. Neuaufsetzen von Netbook Asus - ohne CD Laufwerk - Windows 7 Starter
    Alles rund um Windows - 24.07.2012 (2)
  14. Win7 Starter Netbook durch GEMA Virus gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (3)
  15. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)
  16. BKA Trojaner auf Netbook mit Win7 Starter
    Log-Analyse und Auswertung - 15.05.2011 (9)
  17. TR/Starter.E
    Plagegeister aller Art und deren Bekämpfung - 01.03.2006 (3)

Zum Thema Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Hallo! Rechner: Win7 Starter auf Asus Eee PC Seashell Problem: Panda Cloud hat vor 2 Tagen den Trojaner "Dtcontx.F" gemeldet. Darauf habe ich den Rechner erstmal runtergefahren. Heute wollte ich - Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)...
Archiv
Du betrachtest: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.