Langsames Hochfahren, Windows Firewall lässt sich nicht starten!

Harald858 · 22.11.2013, 18:45

Hallo,

ich habe mir heute wohl den super Trojaner eingefangen.
Mein Rechner startet im Vergleich zu vorher relativ langsam, die Windows firewall lässt sich nicht mehr starten und jeder Donwload, den ich über einen Browser mache wird automatisch gelöscht.
Habe mal ein paar Tools laufen lassen und irgendwas wurde gefunden und gelöscht. Ein Scan mit Sophos Anti Rootkit ergab dies hier:
Ich habe jedoch nichts gelöscht. Dies führt mich auf die Vermutung, dass der Windows Defender infiziert ist (würde Sinn machen, denn jede Datei wird gnadenlos nach dem Download gelöscht).

hxxp://s1.directupload.net/images/131122/kja99bmi.png

Ich brauche eure Hilfe, bin am Verzweifeln! Kann mich ein Profi anleiten?

Danke.

aharonov · 22.11.2013, 20:19

Hi,

ja da ist ZeroAccess drauf.
Mach bitte einen FRST-Scan:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Harald858 · 22.11.2013, 21:14

Hallo,

leider crashed das Programm jedes mal und wird nicht richtig zu Ende ausgführt. Ein Teil-Log wird dennoch erstellt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2013 01
Ran by str8 (administrator) on STR8-PC on 22-11-2013 21:06:07
Running from C:\Users\str8\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Philips Consumer Electronics Company) C:\Windows\acoustic.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
(Microsoft Corporation) C:\Users\str8\Desktop\c#\AddMeFastBot\bin\Debug\AddMeFastBot.vshost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10979984 2012-05-18] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [SystemTray] - C:\Windows\System32\systray.exe [8192 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [TBTray] - C:\Windows\acoustic.exe [28672 2002-04-26] (Philips Consumer Electronics Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-22] (AVAST Software)
HKLM\...\Runonce: [Malwarebytes Anti-Rootkit (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
HKLM\...\RunOnce: [ (A0)] - cmd /c "C:\Users\str8\Desktop\mbar\mbar.exe" /rdv /s [1170744 2013-10-08] (Malwarebytes Corporation)
HKCU\...\Run: [Google Update] - C:\Users\str8\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-16] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [EPSON Stylus SX400 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Users\str8\AppData\Local\Temp\E_S1681.tmp" /EF "HKCU"
HKCU\...\Run: [Xvid] - C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin [814984 2013-07-25] (Adobe Systems Incorporated)
MountPoints2: {b1131061-17c6-11e2-a73a-806e6f6e6963} - E:\sources\sperr32.exe x64
Startup: C:\Users\str8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01D71EA29D37CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: 85.114.135.48 xtrap.cabalonline.com.br
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\str8\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\str8\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: firebug - C:\Users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: tsvnmenu - C:\Users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\Extensions\tsvnmenu@pumacode.org.xpi
FF Extension: Adblock Plus - C:\Users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\str8\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\str8\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\str8\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\str8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Tampermonkey) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0
CHR Extension: (FoxyProxy Standard) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.9_0
CHR Extension: (AdBlock) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Awesome Cookie Manager (Beta2)) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcpidejphgpcgfnpiehkcckkkemgneif\0.9.9.2_0
CHR Extension: (Google Wallet) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\str8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-22] (AVAST Software)
R2 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-09-18] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-09-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-09-18] (CyberLink)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 fussvc; C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2013-08-21] (Microsoft Corporation)
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [71344 2013-10-05] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-22] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-24] (DT Soft Ltd)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75992 2013-11-22] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [121208 2012-06-20] (Cyberlink Corp.)
U0 rjaty; C:\Windows\System32\drivers\imofugc.sys [52440 2013-11-22] (Malwarebytes Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2012-10-17] (TechniSat Digital, S.A.)
S3 SkyNetBDA; C:\Windows\System32\DRIVERS\SkyNetBDA.sys [622040 2010-05-10] (TechniSat Digital, S.A.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-02-24] (Duplex Secure Ltd.)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-12] (Anchorfree Inc.)
S3 tbHD; C:\Windows\System32\drivers\TBirdHD.sys [336066 2002-06-03] (Philips Semiconductors)
S3 TBhdgame; C:\Windows\System32\DRIVERS\TBhdgame.sys [11491 2002-04-26] (Philips Semiconductors)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
U3 axu2686z; C:\Windows\System32\Drivers\axu2686z.sys [0 ] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 MEMSWEEP2; \??\C:\Windows\system32\BDC3.tmp [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; \??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
U3 kxldypow; \??\C:\Users\str8\AppData\Local\Temp\kxldypow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-22 21:06 - 2013-11-22 21:06 - 00015354 _____ C:\Users\str8\Desktop\FRST.txt
2013-11-22 19:23 - 2013-11-22 19:59 - 00000000 ____D C:\Users\str8\Desktop\c#
2013-11-22 19:22 - 2013-11-22 19:22 - 01291434 _____ C:\Users\str8\Desktop\c#.zip
2013-11-22 19:18 - 2013-11-22 19:18 - 00034583 _____ C:\Users\str8\Desktop\gmer.log
2013-11-22 18:25 - 2013-11-22 18:25 - 00000000 ____D C:\FRST
2013-11-22 18:23 - 2013-11-22 18:21 - 01091001 _____ (Farbar) C:\Users\str8\Desktop\FRST.exe
2013-11-22 18:23 - 2013-11-22 18:21 - 00891200 _____ C:\Users\str8\Desktop\SecurityCheck.exe
2013-11-22 18:23 - 2013-11-22 18:21 - 00760937 _____ (Farbar) C:\Users\str8\Desktop\MiniToolBox.exe
2013-11-22 18:23 - 2013-11-22 18:19 - 00360775 _____ (Farbar) C:\Users\str8\Desktop\FSS.exe
2013-11-22 18:11 - 2013-11-22 18:11 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\imofugc.sys
2013-11-22 17:58 - 2013-11-22 18:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-22 17:58 - 2013-11-22 17:58 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-22 17:58 - 2013-11-22 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-22 17:57 - 2013-11-22 18:11 - 00000000 ____D C:\Users\str8\Desktop\mbar
2013-11-22 17:57 - 2013-11-22 17:57 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-22 17:50 - 2013-11-22 17:52 - 00000000 ____D C:\AdwCleaner
2013-11-22 17:50 - 2013-11-22 17:47 - 02804572 _____ C:\Users\str8\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-22 17:50 - 2013-11-22 17:46 - 01085542 _____ C:\Users\str8\Desktop\adwcleaner.exe
2013-11-22 14:07 - 2013-11-22 14:07 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-22 14:07 - 2013-11-22 14:07 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-22 14:07 - 2013-11-22 14:07 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00000000 ____D C:\Users\str8\AppData\Roaming\AVAST Software
2013-11-22 14:06 - 2013-11-22 14:06 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 14:05 - 2013-11-22 14:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 14:01 - 2013-04-04 09:55 - 00377856 _____ C:\Users\str8\Desktop\gmer.exe
2013-11-22 12:59 - 2013-11-22 12:59 - 00000000 ____D C:\Users\str8\Desktop\SophosRootKit
2013-11-22 12:58 - 2012-05-26 21:27 - 91767744 _____ (COMODO) C:\Users\str8\Desktop\cfw_installer.exe
2013-11-22 12:31 - 2013-11-22 12:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\str8\Desktop\HiJackThis204.exe
2013-11-22 12:31 - 2013-11-22 12:26 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\str8\Desktop\TDSSKiller.exe
2013-11-22 11:49 - 2013-11-22 11:49 - 00000000 ____D C:\Program Files\Google
2013-11-17 20:22 - 2013-11-17 20:57 - 107253707 _____ C:\Users\str8\Downloads\AW_31_20131031.mp4
2013-11-17 14:29 - 2013-11-17 14:29 - 00017452 _____ C:\Users\str8\Documents\Aufgabe2.odt
2013-11-16 15:09 - 2013-11-11 19:16 - 00000000 ____D C:\Users\str8\Desktop\Skeleton
2013-11-16 01:46 - 2013-11-16 01:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 14:10 - 2013-11-14 14:10 - 00000000 ____D C:\Users\str8\AppData\Roaming\Canneverbe Limited
2013-11-14 14:10 - 2013-11-14 14:10 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-11-14 14:10 - 2013-11-14 14:10 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-13 04:51 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 04:51 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 04:51 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 04:51 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 04:51 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 04:51 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 04:51 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 04:51 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 04:51 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 04:51 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 04:51 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 04:51 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 04:51 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 04:51 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 04:51 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 04:51 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 04:51 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 04:51 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 03:02 - 2013-11-13 03:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 03:02 - 2013-11-13 03:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 03:02 - 2013-11-13 03:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 03:02 - 2013-11-13 03:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 03:02 - 2013-11-13 03:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 03:02 - 2013-11-13 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 03:01 - 2013-11-13 03:05 - 00010261 _____ C:\Windows\IE11_main.log
2013-11-12 14:02 - 2013-11-12 14:02 - 00000000 ____D C:\Users\str8\AppData\Local\e-academy Inc
2013-11-10 17:57 - 2013-11-10 18:52 - 166574212 _____ C:\Users\str8\Downloads\AW_08_20131108.mp4
2013-11-09 18:17 - 2013-11-09 18:23 - 00000000 ____D C:\Users\str8\AppData\Roaming\TeamViewer
2013-11-09 16:15 - 2013-11-09 16:15 - 00000000 ____D C:\Users\str8\.m2
2013-11-07 20:33 - 2013-11-12 22:09 - 00000000 ____D C:\Users\str8\Documents\Visual Studio 2013
2013-11-07 20:31 - 2013-11-12 15:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\Application Verifier
2013-11-07 20:27 - 2013-11-07 20:27 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2013-11-07 20:26 - 2013-11-07 20:26 - 00000000 ____D C:\ProgramData\NuGet
2013-11-07 20:26 - 2013-11-07 20:26 - 00000000 ____D C:\Program Files\NuGet
2013-11-07 20:26 - 2013-11-07 20:26 - 00000000 ____D C:\Program Files\Microsoft WCF Data Services
2013-11-07 20:23 - 2013-11-07 20:23 - 00000000 ____D C:\Program Files\HTML Help Workshop
2013-11-07 20:23 - 2013-11-07 20:23 - 00000000 ____D C:\Program Files\Common Files\Designer
2013-11-07 20:18 - 2013-11-07 20:28 - 00000000 ____D C:\Program Files\Common Files\Merge Modules
2013-11-07 20:17 - 2013-11-07 20:32 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2013-11-07 18:12 - 2013-11-07 18:12 - 00000000 ____D C:\Users\str8\AppData\Roaming\e-academy Inc
2013-11-05 19:00 - 2013-11-05 19:12 - 34940713 _____ C:\Users\str8\Downloads\ACtaff20131104.mkv
2013-11-02 17:15 - 2013-11-12 15:09 - 00000000 ____D C:\Users\str8\AppData\Roaming\Dropbox
2013-11-02 13:20 - 2013-11-02 13:20 - 00000804 _____ C:\Users\str8\Documents\Aufgabe2.txt
2013-10-27 12:19 - 2013-10-27 19:46 - 00000441 _____ C:\Users\str8\Documents\fsm_mod.pl
2013-10-27 12:19 - 2013-10-27 12:30 - 00000417 _____ C:\Users\str8\Documents\fsm.pl
2013-10-24 19:59 - 2013-10-24 19:59 - 00001380 _____ C:\Users\str8\Desktop\Wireshark.lnk
2013-10-24 00:05 - 2013-10-24 00:05 - 00000000 ____D C:\Users\str8\AppData\Roaming\Wireshark
2013-10-23 23:01 - 2013-10-23 23:01 - 00000000 ____D C:\Program Files\WinPcap
2013-10-23 23:00 - 2013-10-23 23:01 - 00000000 ____D C:\Program Files\Wireshark

==================== One Month Modified Files and Folders =======

2013-11-22 21:06 - 2013-11-22 21:06 - 00015354 _____ C:\Users\str8\Desktop\FRST.txt
2013-11-22 20:57 - 2013-03-30 14:11 - 00000000 ____D C:\Users\str8\AppData\Roaming\Skype
2013-11-22 20:23 - 2009-07-14 05:39 - 00051729 _____ C:\Windows\setupact.log
2013-11-22 20:10 - 2012-10-16 21:27 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583257125-4176554371-4191051257-1001UA.job
2013-11-22 19:59 - 2013-11-22 19:23 - 00000000 ____D C:\Users\str8\Desktop\c#
2013-11-22 19:39 - 2013-10-22 19:27 - 00000000 ____D C:\Users\str8\AppData\Roaming\TS3Client
2013-11-22 19:22 - 2013-11-22 19:22 - 01291434 _____ C:\Users\str8\Desktop\c#.zip
2013-11-22 19:20 - 2012-10-16 23:15 - 00000000 ____D C:\Users\str8\AppData\Roaming\vlc
2013-11-22 19:18 - 2013-11-22 19:18 - 00034583 _____ C:\Users\str8\Desktop\gmer.log
2013-11-22 18:54 - 2012-12-22 16:42 - 00000000 ____D C:\Users\str8\Desktop\Kernel Detective v1.4.1
2013-11-22 18:25 - 2013-11-22 18:25 - 00000000 ____D C:\FRST
2013-11-22 18:21 - 2013-11-22 18:23 - 01091001 _____ (Farbar) C:\Users\str8\Desktop\FRST.exe
2013-11-22 18:21 - 2013-11-22 18:23 - 00891200 _____ C:\Users\str8\Desktop\SecurityCheck.exe
2013-11-22 18:21 - 2013-11-22 18:23 - 00760937 _____ (Farbar) C:\Users\str8\Desktop\MiniToolBox.exe
2013-11-22 18:19 - 2013-11-22 18:23 - 00360775 _____ (Farbar) C:\Users\str8\Desktop\FSS.exe
2013-11-22 18:14 - 2012-10-16 20:24 - 01089164 _____ C:\Windows\WindowsUpdate.log
2013-11-22 18:11 - 2013-11-22 18:11 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\imofugc.sys
2013-11-22 18:11 - 2013-11-22 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-22 18:11 - 2013-11-22 17:57 - 00000000 ____D C:\Users\str8\Desktop\mbar
2013-11-22 18:11 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\addins
2013-11-22 18:02 - 2009-07-14 05:34 - 00016720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 18:02 - 2009-07-14 05:34 - 00016720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 17:58 - 2013-11-22 17:58 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-22 17:58 - 2013-11-22 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-22 17:57 - 2013-11-22 17:57 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-22 17:55 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 17:52 - 2013-11-22 17:50 - 00000000 ____D C:\AdwCleaner
2013-11-22 17:52 - 2013-09-17 21:13 - 00000000 ____D C:\Users\str8\AppData\Local\PMB Files
2013-11-22 17:52 - 2012-10-16 23:07 - 00000000 ____D C:\Users\str8\AppData\Roaming\CheckPoint
2013-11-22 17:47 - 2013-11-22 17:50 - 02804572 _____ C:\Users\str8\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-22 17:46 - 2013-11-22 17:50 - 01085542 _____ C:\Users\str8\Desktop\adwcleaner.exe
2013-11-22 17:27 - 2013-07-12 17:00 - 00000000 ____D C:\Users\str8\Desktop\winject
2013-11-22 16:37 - 2013-09-17 21:13 - 00000000 ____D C:\ProgramData\PMB Files
2013-11-22 14:07 - 2013-11-22 14:07 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-22 14:07 - 2013-11-22 14:07 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-22 14:07 - 2013-11-22 14:07 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-22 14:07 - 2013-11-22 14:07 - 00000000 ____D C:\Users\str8\AppData\Roaming\AVAST Software
2013-11-22 14:06 - 2013-11-22 14:06 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 14:05 - 2013-11-22 14:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 13:00 - 2012-10-16 20:32 - 01620248 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 12:59 - 2013-11-22 12:59 - 00000000 ____D C:\Users\str8\Desktop\SophosRootKit
2013-11-22 12:27 - 2013-11-22 12:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\str8\Desktop\HiJackThis204.exe
2013-11-22 12:26 - 2013-11-22 12:31 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\str8\Desktop\TDSSKiller.exe
2013-11-22 11:49 - 2013-11-22 11:49 - 00000000 ____D C:\Program Files\Google
2013-11-22 11:49 - 2012-10-16 21:27 - 00000000 ____D C:\Users\str8\AppData\Local\Google
2013-11-22 11:48 - 2013-02-24 01:34 - 00000000 ____D C:\Users\str8\AppData\Roaming\uTorrent
2013-11-22 11:34 - 2012-10-16 23:45 - 00000000 ____D C:\Users\str8\AppData\Local\Adobe
2013-11-22 11:31 - 2012-10-16 21:27 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583257125-4176554371-4191051257-1001Core.job
2013-11-20 19:03 - 2012-11-11 20:05 - 00000000 ____D C:\Users\str8\workspace
2013-11-20 18:28 - 2012-11-11 20:05 - 00000000 ____D C:\Users\str8\AppData\Local\Eclipse
2013-11-17 21:29 - 2013-03-30 14:11 - 00000000 ____D C:\ProgramData\Skype
2013-11-17 21:28 - 2013-03-30 14:11 - 00000000 ___RD C:\Program Files\Skype
2013-11-17 14:29 - 2013-11-17 14:29 - 00017452 _____ C:\Users\str8\Documents\Aufgabe2.odt
2013-11-17 12:42 - 2013-07-25 21:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 01:46 - 2013-11-16 01:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 13:20 - 2012-10-16 21:28 - 00002354 _____ C:\Users\str8\Desktop\Google Chrome.lnk
2013-11-15 00:28 - 2013-01-18 15:39 - 00000000 ____D C:\Users\str8\Documents\Visual Studio 2010
2013-11-14 14:10 - 2013-11-14 14:10 - 00000000 ____D C:\Users\str8\AppData\Roaming\Canneverbe Limited
2013-11-14 14:10 - 2013-11-14 14:10 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-11-14 14:10 - 2013-11-14 14:10 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-14 03:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-14 03:03 - 2013-08-14 02:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:01 - 2012-10-16 21:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 03:21 - 2012-10-16 22:36 - 00154802 _____ C:\Windows\PFRO.log
2013-11-13 03:05 - 2013-11-13 03:01 - 00010261 _____ C:\Windows\IE11_main.log
2013-11-13 03:02 - 2013-11-13 03:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 03:02 - 2013-11-13 03:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 03:02 - 2013-11-13 03:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 03:02 - 2013-11-13 03:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 03:02 - 2013-11-13 03:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 03:02 - 2013-11-13 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 03:02 - 2013-11-13 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 03:02 - 2013-11-13 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 22:09 - 2013-11-07 20:33 - 00000000 ____D C:\Users\str8\Documents\Visual Studio 2013
2013-11-12 20:52 - 2012-11-06 23:55 - 00000000 _____ C:\ProgramData\LauncherAccess.dt
2013-11-12 20:52 - 2012-10-16 20:29 - 00000000 ____D C:\Users\str8\AppData\Local\VirtualStore
2013-11-12 15:09 - 2013-11-02 17:15 - 00000000 ____D C:\Users\str8\AppData\Roaming\Dropbox
2013-11-12 15:08 - 2009-07-14 05:33 - 03700592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 15:06 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-12 14:59 - 2012-10-16 20:29 - 00000000 ____D C:\Users\str8
2013-11-12 14:02 - 2013-11-12 14:02 - 00000000 ____D C:\Users\str8\AppData\Local\e-academy Inc
2013-11-11 19:16 - 2013-11-16 15:09 - 00000000 ____D C:\Users\str8\Desktop\Skeleton
2013-11-11 12:54 - 2012-12-07 17:18 - 00000000 ____D C:\Users\str8\Desktop\ollydbg
2013-11-11 05:50 - 2012-10-16 20:52 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-09 18:23 - 2013-11-09 18:17 - 00000000 ____D C:\Users\str8\AppData\Roaming\TeamViewer
2013-11-09 16:15 - 2013-11-09 16:15 - 00000000 ____D C:\Users\str8\.m2
2013-11-09 01:24 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-07 20:52 - 2012-11-23 18:43 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-07 20:32 - 2013-11-07 20:17 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2013-11-07 20:31 - 2013-03-23 15:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\Application Verifier
2013-11-07 20:28 - 2013-11-07 20:18 - 00000000 ____D C:\Program Files\Common Files\Merge Modules
2013-11-07 20:28 - 2013-03-23 15:20 - 00000000 ____D C:\Program Files\Windows Kits
2013-11-07 20:27 - 2013-11-07 20:27 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2013-11-07 20:27 - 2013-03-23 15:18 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-11-07 20:26 - 2013-11-07 20:26 - 00000000 ____D C:\ProgramData\NuGet
2013-11-07 20:26 - 2013-11-07 20:26 - 00000000 ____D C:\Program Files\NuGet
2013-11-07 20:26 - 2013-11-07 20:26 - 00000000 ____D C:\Program Files\Microsoft WCF Data Services
2013-11-07 20:25 - 2013-03-23 15:17 - 00000000 ____D C:\Windows\system32\1031
2013-11-07 20:23 - 2013-11-07 20:23 - 00000000 ____D C:\Program Files\HTML Help Workshop
2013-11-07 20:23 - 2013-11-07 20:23 - 00000000 ____D C:\Program Files\Common Files\Designer
2013-11-07 20:23 - 2013-01-18 15:36 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-11-07 20:23 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-07 20:19 - 2013-01-18 15:31 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-11-07 20:16 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild
2013-11-07 19:50 - 2013-03-23 15:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 11.0
2013-11-07 18:12 - 2013-11-07 18:12 - 00000000 ____D C:\Users\str8\AppData\Roaming\e-academy Inc
2013-11-05 13:18 - 2012-10-16 20:41 - 00064784 _____ C:\Users\str8\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-01 17:20 - 2013-03-23 15:27 - 00000000 ____D C:\Users\str8\Documents\Visual Studio 2012
2013-10-27 20:07 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-27 19:46 - 2013-10-27 12:19 - 00000441 _____ C:\Users\str8\Documents\fsm_mod.pl
2013-10-27 12:35 - 2013-01-28 16:52 - 00000000 ____D C:\Users\str8\Desktop\Numerik13
2013-10-26 18:24 - 2013-06-27 16:19 - 00000000 ____D C:\Users\str8\UMLet
2013-10-26 15:34 - 2012-10-28 14:42 - 00000000 ____D C:\Users\str8\Documents\PrograWS1213
2013-10-25 22:10 - 2013-10-25 22:00 - 30777751 _____ C:\Users\str8\Downloads\ACtaff20131025.mkv
2013-10-24 19:59 - 2013-10-24 19:59 - 00001380 _____ C:\Users\str8\Desktop\Wireshark.lnk
2013-10-24 00:05 - 2013-10-24 00:05 - 00000000 ____D C:\Users\str8\AppData\Roaming\Wireshark
2013-10-23 23:01 - 2013-10-23 23:01 - 00000000 ____D C:\Program Files\WinPcap
2013-10-23 23:01 - 2013-10-23 23:00 - 00000000 ____D C:\Program Files\Wireshark
ZeroAccess:
C:\Users\str8\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

aharonov · 22.11.2013, 21:27

ok.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Harald858 · 22.11.2013, 22:08

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-11-22.01 - str8 22.11.2013  21:41:22.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.596 [GMT 1:00]
ausgeführt von:: c:\users\str8\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-22 bis 2013-11-22  ))))))))))))))))))))))))))))))
.
.
2013-11-22 20:54 . 2013-11-22 20:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-22 20:01 . 2013-11-22 20:01	54525952	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\fca2fbae34034ee7fe73f31e53507c09\Movavi Video Editor.exe
2013-11-22 20:01 . 2013-11-22 20:01	54525952	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\a63657597c4301540ccd7678372c7bbe\IMVU.exe
2013-11-22 17:25 . 2013-11-22 17:25	--------	d-----w-	C:\FRST
2013-11-22 16:58 . 2013-11-22 16:58	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-22 16:58 . 2013-11-22 20:57	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-22 16:58 . 2013-11-22 16:58	105176	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-22 16:57 . 2013-11-22 16:57	75992	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-11-22 16:50 . 2013-11-22 16:52	--------	d-----w-	C:\AdwCleaner
2013-11-22 14:49 . 2013-11-22 14:49	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\47ac5c4a81f1caac8e8c67f506e97e1b\Renegade Ops.exe
2013-11-22 14:49 . 2013-11-22 14:49	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\350e8153705ed5a55691e3ef93a45807\From Dust.exe
2013-11-22 13:07 . 2013-11-22 13:07	--------	d-----w-	c:\users\str8\AppData\Roaming\AVAST Software
2013-11-22 13:07 . 2013-11-22 13:07	403440	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-11-22 13:07 . 2013-11-22 13:07	178304	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-11-22 13:07 . 2013-11-22 13:07	774392	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-11-22 13:07 . 2013-11-22 13:07	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-11-22 13:07 . 2013-11-22 13:07	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-11-22 13:07 . 2013-11-22 13:07	35656	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-11-22 13:07 . 2013-11-22 13:07	269216	----a-w-	c:\windows\system32\aswBoot.exe
2013-11-22 13:07 . 2013-11-22 13:07	43152	----a-w-	c:\windows\avastSS.scr
2013-11-22 13:06 . 2013-11-22 13:06	--------	d-----w-	c:\program files\AVAST Software
2013-11-22 13:05 . 2013-11-22 13:05	--------	d-----w-	c:\programdata\AVAST Software
2013-11-22 13:01 . 2013-11-22 13:01	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\e53f5e6b617ee1e4f3e65fee017bbf96\WMP x264 Codec Pack.exe
2013-11-22 13:01 . 2013-11-22 13:01	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\c1627b4d7c78dcd2c4b7d543c34861b1\WMP x264 Codec Pack.exe
2013-11-22 13:01 . 2013-11-22 13:01	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\b65008753be4a13dac39f086ff6fe9ac\WMP x264 Codec Pack.exe
2013-11-22 13:01 . 2013-11-22 13:01	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\a747c1c55e829b83a7376ead198c6170\WMP x264 Codec Pack.exe
2013-11-22 13:01 . 2013-11-22 13:01	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\82bf10b35bd4026a4dbd7d335c665e72\WMP x264 Codec Pack.exe
2013-11-22 13:01 . 2013-11-22 13:01	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\4fae623556738383497582f9ec8c5183\WMP x264 Codec Pack.exe
2013-11-22 11:59 . 2013-11-22 11:59	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\81a174549aa2d3facf61c094cfb3556f\WMP x264 Codec Pack.exe
2013-11-22 11:36 . 2013-11-22 11:36	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\d6513031f7ce87cb2ac730a2cf5d4e71\Colasoft Capsa Enterprise.exe
2013-11-22 11:36 . 2013-11-22 11:36	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\ceaf270b6af67d74dc7992781b573918\USB Secure.exe
2013-11-22 11:36 . 2013-11-22 11:36	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\03d28098633205e2bcb280537829fecd\UltraISO PE.exe
2013-11-22 11:34 . 2013-11-22 11:34	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\cd1efc332a1f98da5d411b4f043b9d0b\WMP x264 Codec Pack.exe
2013-11-22 11:34 . 2013-11-22 11:34	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\8ebebf7cdc06d9ecf128ade7c8a90bda\WMP x264 Codec Pack.exe
2013-11-22 11:34 . 2013-11-22 11:34	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\67a2c46c3ae14150dbf11437943ff8e5\WMP x264 Codec Pack.exe
2013-11-22 11:34 . 2013-11-22 11:34	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\5bcd21eb9da5255eae972aaa6e426557\WMP x264 Codec Pack.exe
2013-11-22 11:34 . 2013-11-22 11:34	12582912	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\2256beb662f9d856462c8e5a3a2c6de4\WMP x264 Codec Pack.exe
2013-11-22 10:49 . 2013-11-22 10:49	--------	d-----w-	c:\program files\Google
2013-11-22 10:49 . 2013-11-22 10:49	1498112	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2013-11-22 10:46 . 2013-11-22 17:32	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC5EC030-4F0D-4A34-8FF4-E3C70592D7C9}\offreg.dll
2013-11-22 10:35 . 2013-11-08 01:15	7772552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC5EC030-4F0D-4A34-8FF4-E3C70592D7C9}\mpengine.dll
2013-11-14 13:10 . 2013-11-14 13:10	--------	d-----w-	c:\programdata\Canneverbe Limited
2013-11-14 13:10 . 2013-11-14 13:10	--------	d-----w-	c:\users\str8\AppData\Roaming\Canneverbe Limited
2013-11-14 13:10 . 2013-11-14 13:10	--------	d-----w-	c:\program files\CDBurnerXP
2013-11-13 02:02 . 2013-11-13 02:02	999936	----a-w-	c:\program files\Internet Explorer\networkinspection.dll
2013-11-12 13:02 . 2013-11-12 13:02	--------	d-----w-	c:\users\str8\AppData\Local\e-academy Inc
2013-11-09 17:17 . 2013-11-09 17:23	--------	d-----w-	c:\users\str8\AppData\Roaming\TeamViewer
2013-11-09 15:15 . 2013-11-09 15:15	--------	d-----w-	c:\users\str8\.m2
2013-11-07 19:34 . 2013-11-07 19:54	1491328	----a-w-	c:\programdata\Microsoft\VisualStudio\12.0\1031\ResourceCache.dll
2013-11-07 19:31 . 2013-11-12 14:06	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-11-07 19:29 . 2013-11-07 19:29	--------	d-----w-	c:\program files\Application Verifier
2013-11-07 19:29 . 2013-11-07 19:29	--------	d-----w-	c:\programdata\Windows App Certification Kit
2013-11-07 19:28 . 2013-11-07 19:28	--------	d-----w-	c:\program files\Common Files\Microsoft
2013-11-07 19:27 . 2013-11-07 19:27	--------	d-----w-	c:\programdata\PreEmptive Solutions
2013-11-07 19:26 . 2013-11-07 19:26	--------	d-----w-	c:\programdata\NuGet
2013-11-07 19:26 . 2013-11-07 19:26	--------	d-----w-	c:\program files\NuGet
2013-11-07 19:26 . 2013-11-07 19:26	--------	d-----w-	c:\program files\Microsoft WCF Data Services
2013-11-07 19:23 . 2013-11-07 19:23	--------	d-----w-	c:\program files\HTML Help Workshop
2013-11-07 19:18 . 2013-11-07 19:28	--------	d-----w-	c:\program files\Common Files\Merge Modules
2013-11-07 19:17 . 2013-11-07 19:32	--------	d-----w-	c:\program files\Microsoft Visual Studio 12.0
2013-11-07 19:11 . 2013-11-07 19:11	--------	d-----w-	c:\windows\Migration
2013-11-07 19:05 . 2013-11-07 19:05	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
2013-11-07 17:12 . 2013-11-07 17:12	--------	d-----w-	c:\users\str8\AppData\Roaming\e-academy Inc
2013-11-02 16:15 . 2013-11-12 14:09	--------	d-----w-	c:\users\str8\AppData\Roaming\Dropbox
2013-10-23 23:05 . 2013-10-23 23:05	--------	d-----w-	c:\users\str8\AppData\Roaming\Wireshark
2013-10-23 22:01 . 2013-10-23 22:01	--------	d-----w-	c:\program files\WinPcap
2013-10-23 22:00 . 2013-10-23 22:01	--------	d-----w-	c:\program files\Wireshark
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 02:02 . 2013-11-13 02:02	74240	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-11-13 02:02 . 2013-11-13 02:02	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 02:02 . 2013-11-13 02:02	62464	----a-w-	c:\windows\system32\tdc.ocx
2013-11-13 02:02 . 2013-11-13 02:02	454656	----a-w-	c:\windows\system32\vbscript.dll
2013-11-13 02:02 . 2013-11-13 02:02	1818112	----a-w-	c:\windows\system32\wininet.dll
2013-11-13 02:02 . 2013-11-13 02:02	139264	----a-w-	c:\windows\system32\wextract.exe
2013-11-11 04:50 . 2012-10-16 19:52	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-10-18 13:56 . 2013-10-18 13:56	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-10 21:48 . 2013-10-10 21:48	11152	----a-w-	c:\windows\system32\vpncategories.dll
2013-10-10 21:48 . 2013-10-10 21:48	34192	----a-w-	c:\windows\system32\vpnevents.dll
2013-10-10 21:31 . 2013-10-10 21:31	43376	----a-w-	c:\windows\system32\drivers\vpnva-6.sys
2013-10-10 21:29 . 2013-03-26 15:18	92528	----a-r-	c:\windows\system32\drivers\acsock.sys
2013-10-05 01:38 . 2013-10-05 01:38	97440	----a-w-	c:\windows\system32\mfcm120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	970912	----a-w-	c:\windows\system32\msvcr120.dll
2013-10-05 01:38 . 2013-10-05 01:38	96936	----a-w-	c:\windows\system32\mfcm120ud.dll
2013-10-05 01:38 . 2013-10-05 01:38	912552	----a-w-	c:\windows\system32\vcamp120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	83104	----a-w-	c:\windows\system32\mfcm120u.dll
2013-10-05 01:38 . 2013-10-05 01:38	83104	----a-w-	c:\windows\system32\mfcm120.dll
2013-10-05 01:38 . 2013-10-05 01:38	8282784	----a-w-	c:\windows\system32\mfc120ud.dll
2013-10-05 01:38 . 2013-10-05 01:38	8212640	----a-w-	c:\windows\system32\mfc120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	815272	----a-w-	c:\windows\system32\msvcp120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	772784	----a-w-	c:\windows\system32\vccorlib120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	74920	----a-w-	c:\windows\system32\mfc120fra.dll
2013-10-05 01:38 . 2013-10-05 01:38	74920	----a-w-	c:\windows\system32\mfc120deu.dll
2013-10-05 01:38 . 2013-10-05 01:38	73896	----a-w-	c:\windows\system32\mfc120esn.dll
2013-10-05 01:38 . 2013-10-05 01:38	72872	----a-w-	c:\windows\system32\mfc120ita.dll
2013-10-05 01:38 . 2013-10-05 01:38	70824	----a-w-	c:\windows\system32\mfc120rus.dll
2013-10-05 01:38 . 2013-10-05 01:38	697016	----a-w-	c:\windows\system32\PUGAExperiment.dll
2013-10-05 01:38 . 2013-10-05 01:38	65192	----a-w-	c:\windows\system32\mfc120enu.dll
2013-10-05 01:38 . 2013-10-05 01:38	53928	----a-w-	c:\windows\system32\mfc120jpn.dll
2013-10-05 01:38 . 2013-10-05 01:38	53416	----a-w-	c:\windows\system32\mfc120kor.dll
2013-10-05 01:38 . 2013-10-05 01:38	46248	----a-w-	c:\windows\system32\mfc120cht.dll
2013-10-05 01:38 . 2013-10-05 01:38	46248	----a-w-	c:\windows\system32\mfc120chs.dll
2013-10-05 01:38 . 2013-10-05 01:38	455328	----a-w-	c:\windows\system32\msvcp120.dll
2013-10-05 01:38 . 2013-10-05 01:38	4449952	----a-w-	c:\windows\system32\mfc120u.dll
2013-10-05 01:38 . 2013-10-05 01:38	4424344	----a-w-	c:\windows\system32\mfc120.dll
2013-10-05 01:38 . 2013-10-05 01:38	339616	----a-w-	c:\windows\system32\vcamp120.dll
2013-10-05 01:38 . 2013-10-05 01:38	306360	----a-w-	c:\windows\system32\vsjitdebugger.exe
2013-10-05 01:38 . 2013-10-05 01:38	247984	----a-w-	c:\windows\system32\vccorlib120.dll
2013-10-05 01:38 . 2013-10-05 01:38	218792	----a-w-	c:\windows\system32\VSPerf120.dll
2013-10-05 01:38 . 2013-10-05 01:38	1824424	----a-w-	c:\windows\system32\msvcr120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	1768640	----a-w-	c:\windows\system32\VsGraphicsHelper.dll
2013-10-05 01:38 . 2013-10-05 01:38	176296	----a-w-	c:\windows\system32\VSCover120.dll
2013-10-05 01:38 . 2013-10-05 01:38	149672	----a-w-	c:\windows\system32\vcomp120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	119456	----a-w-	c:\windows\system32\vcomp120.dll
2013-10-04 01:58 . 2013-11-13 03:51	152576	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-09-25 01:57 . 2013-11-13 03:51	99840	----a-w-	c:\windows\system32\sspicli.dll
2013-09-25 01:57 . 2013-11-13 03:51	22016	----a-w-	c:\windows\system32\secur32.dll
2013-09-25 01:57 . 2013-11-13 03:51	247808	----a-w-	c:\windows\system32\schannel.dll
2013-09-25 00:49 . 2013-11-13 03:51	15872	----a-w-	c:\windows\system32\sspisrv.dll
2013-09-14 00:48 . 2013-10-09 10:50	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-11 20:21 . 2013-09-11 20:21	863344	----a-w-	c:\windows\system32\msvcr110_clr0400.dll
2013-09-11 20:21 . 2013-09-11 20:21	501872	----a-w-	c:\windows\system32\msvcp110_clr0400.dll
2013-09-11 20:21 . 2013-09-11 20:21	28776	----a-w-	c:\windows\system32\aspnet_counters.dll
2013-09-11 20:21 . 2013-09-11 20:21	18000	----a-w-	c:\windows\system32\msvcr100_clr0400.dll
2013-09-08 02:07 . 2013-10-09 10:50	1294272	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-09 10:50	231424	----a-w-	c:\windows\system32\mswsock.dll
2013-09-04 01:15 . 2013-10-09 10:50	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14 . 2013-10-09 10:50	76288	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14 . 2013-10-09 10:50	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14 . 2013-10-09 10:50	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14 . 2013-10-09 10:50	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14 . 2013-10-09 10:50	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14 . 2013-10-09 10:50	6016	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-08-29 14:00 . 2013-08-29 14:00	522344	----a-w-	c:\windows\system32\SqlServerSpatial110.dll
2013-08-29 01:51 . 2013-10-09 10:50	3969472	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 10:50	3914176	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 10:50	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-09 10:50	619520	----a-w-	c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-09 10:50	640512	----a-w-	c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-09 10:50	2348544	----a-w-	c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-09 10:50	434688	----a-w-	c:\windows\system32\scavengeui.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys
.
c:\windows\System32\drivers\beep.sys ... Fehlt !!
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-22 13:07	321752	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BingDesktopOverlays]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2013-11-22 10:49	1739264	----a-w-	c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-18 10979984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"TBTray"="acoustic.exe" [2002-04-26 28672]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-22 3568312]
.
c:\users\str8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
2007-12-17 05:00	188928	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-10-16 20:27	116648	----atw-	c:\users\str8\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12Agent]
2012-09-18 03:46	374560	----a-w-	c:\program files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12DMREngine]
2012-09-18 03:46	505872	----a-w-	c:\program files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-10-09 02:19	1813928	----a-w-	c:\program files\Steam\Steam.exe
.
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/10/17 12:35];c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2013-10-10 92528]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-13 108032]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BDC3.tmp [x]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2012-10-17 627288]
R3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\DRIVERS\SkyNetBDA.sys [2010-05-10 622040]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-12 37064]
R3 tbHD;Philips PSC705 WDM Driver;c:\windows\system32\drivers\TBirdHD.sys [2002-06-03 336066]
R3 TBhdgame;Philips PSC705 GamePort;c:\windows\system32\DRIVERS\TBhdgame.sys [2002-04-26 11491]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-21 91136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-05 71344]
R3 XDva405;XDva405;c:\windows\system32\XDva405.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-22 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-22 403440]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-24 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 217088]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-22 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-22 70384]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-18 90640]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-18 78352]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-18 295440]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [2012-06-20 121208]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583257125-4176554371-4191051257-1001Core.job
- c:\users\str8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 20:27]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583257125-4176554371-4191051257-1001UA.job
- c:\users\str8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 20:27]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - ExtSQL: 2013-09-29 14:20; tsvnmenu@pumacode.org; c:\users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\extensions\tsvnmenu@pumacode.org.xpi
FF - ExtSQL: 2013-10-20 11:12; fiddlerhook@fiddler2.com; c:\program files\Fiddler2\FiddlerHook
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-90810519.sys
MSConfigStartUp-ZoneAlarm Installer - c:\program files\CheckPoint\Install\Launcher.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\BDC3.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\acoustic.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-22  22:04:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-22 21:04
.
Vor Suchlauf: 13 Verzeichnis(se), 40.966.852.608 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 41.080.074.240 Bytes frei
.
- - End Of File - - 49F63A56DF25F5D9E38F4E26D86FDF9A

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

aharonov · 22.11.2013, 22:20

Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:

Klicke auf Wählen Sie eine.
Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
Code:
ATTFilter
```
c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Solltest du folgende Meldung bekommen:

Zitat:

Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...

dann klicke auf Neu analysieren.
Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.

Wiederhole das anschliessend mit folgender Datei:

Code:

ATTFilter

c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\a63657597c4301540ccd7678372c7bbe\IMVU.exe

Harald858 · 23.11.2013, 02:48

Ich habe den kompletten Ordner einfach gelöscht. War nicht ganz einfach, denn die dll
BingDesktopOverlays.dll hat sich in die explorer.exe injiziert und auch ständig zum Internet verbunden. Habe natürlich alles geblockt. Im abgesicherten Modus mit Kommandozeilenfenster konnte ich die Dll schließlich löschen.

Ich hab in der Zwischenzeit, RogueKiller ausgeführt um die Registrierung zu säubern. Nach Combofix habe ich nun wieder Zugriff auf die Windows Firewall und Windows Defender.
Trotzdem stimmt wohl noch einiges nicht. Im Kernel wird vieles gehookt. Speziell im IDT. Malwarebytes habe ich auch bereits ausgeführt mit dem Ergebnis, dass er fündig wurde und die Infektionen beseitigt hat.

Habe nun nochmals Combofix ausgeführt, nun sieht der Log ganz anders aus. Man beachte die Treiber...

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-11-22.01 - str8 23.11.2013   2:27.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1085 [GMT 1:00]
ausgeführt von:: c:\users\str8\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-23 bis 2013-11-23  ))))))))))))))))))))))))))))))
.
.
2013-11-23 01:37 . 2013-11-23 01:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-23 01:23 . 2013-11-23 01:23	204896	----a-w-	c:\windows\system32\drivers\89812972.sys
2013-11-23 01:23 . 2013-11-23 01:23	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-11-23 01:22 . 2013-11-23 01:22	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC5EC030-4F0D-4A34-8FF4-E3C70592D7C9}\offreg.dll
2013-11-23 00:43 . 2013-11-23 00:45	--------	d-----w-	c:\programdata\Comodo
2013-11-23 00:43 . 2013-11-23 00:43	--------	d-----w-	c:\program files\COMODO
2013-11-23 00:05 . 2013-11-23 00:05	105176	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-22 21:22 . 2013-11-22 21:22	--------	d-----w-	c:\users\str8\AppData\Roaming\Malwarebytes
2013-11-22 21:22 . 2013-11-22 21:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-11-22 21:22 . 2013-04-04 13:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-11-22 21:22 . 2013-11-22 21:22	--------	d-----w-	c:\users\str8\AppData\Local\Programs
2013-11-22 21:14 . 2013-11-23 01:21	--------	d-----w-	c:\users\str8\AppData\Local\CrashDumps
2013-11-22 17:25 . 2013-11-22 17:25	--------	d-----w-	C:\FRST
2013-11-22 16:58 . 2013-11-22 16:58	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-22 16:57 . 2013-11-23 00:04	75992	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-11-22 16:50 . 2013-11-23 00:18	--------	d-----w-	C:\AdwCleaner
2013-11-22 13:07 . 2013-11-22 13:07	--------	d-----w-	c:\users\str8\AppData\Roaming\AVAST Software
2013-11-22 13:07 . 2013-11-22 13:07	403440	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-11-22 13:07 . 2013-11-22 13:07	178304	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-11-22 13:07 . 2013-11-22 13:07	774392	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-11-22 13:07 . 2013-11-22 13:07	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-11-22 13:07 . 2013-11-22 13:07	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-11-22 13:07 . 2013-11-22 13:07	35656	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-11-22 13:07 . 2013-11-22 13:07	269216	----a-w-	c:\windows\system32\aswBoot.exe
2013-11-22 13:07 . 2013-11-22 13:07	43152	----a-w-	c:\windows\avastSS.scr
2013-11-22 13:06 . 2013-11-22 13:06	--------	d-----w-	c:\program files\AVAST Software
2013-11-22 13:05 . 2013-11-22 13:05	--------	d-----w-	c:\programdata\AVAST Software
2013-11-22 10:49 . 2013-11-22 10:49	--------	d-----w-	c:\program files\Google
2013-11-22 10:35 . 2013-11-08 01:15	7772552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC5EC030-4F0D-4A34-8FF4-E3C70592D7C9}\mpengine.dll
2013-11-14 13:10 . 2013-11-14 13:10	--------	d-----w-	c:\programdata\Canneverbe Limited
2013-11-14 13:10 . 2013-11-14 13:10	--------	d-----w-	c:\users\str8\AppData\Roaming\Canneverbe Limited
2013-11-14 13:10 . 2013-11-14 13:10	--------	d-----w-	c:\program files\CDBurnerXP
2013-11-13 02:02 . 2013-11-13 02:02	999936	----a-w-	c:\program files\Internet Explorer\networkinspection.dll
2013-11-12 13:02 . 2013-11-12 13:02	--------	d-----w-	c:\users\str8\AppData\Local\e-academy Inc
2013-11-09 17:17 . 2013-11-09 17:23	--------	d-----w-	c:\users\str8\AppData\Roaming\TeamViewer
2013-11-09 15:15 . 2013-11-09 15:15	--------	d-----w-	c:\users\str8\.m2
2013-11-07 19:34 . 2013-11-07 19:54	1491328	----a-w-	c:\programdata\Microsoft\VisualStudio\12.0\1031\ResourceCache.dll
2013-11-07 19:31 . 2013-11-12 14:06	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-11-07 19:29 . 2013-11-07 19:29	--------	d-----w-	c:\program files\Application Verifier
2013-11-07 19:29 . 2013-11-07 19:29	--------	d-----w-	c:\programdata\Windows App Certification Kit
2013-11-07 19:28 . 2013-11-07 19:28	--------	d-----w-	c:\program files\Common Files\Microsoft
2013-11-07 19:27 . 2013-11-07 19:27	--------	d-----w-	c:\programdata\PreEmptive Solutions
2013-11-07 19:26 . 2013-11-07 19:26	--------	d-----w-	c:\programdata\NuGet
2013-11-07 19:26 . 2013-11-07 19:26	--------	d-----w-	c:\program files\NuGet
2013-11-07 19:26 . 2013-11-07 19:26	--------	d-----w-	c:\program files\Microsoft WCF Data Services
2013-11-07 19:23 . 2013-11-07 19:23	--------	d-----w-	c:\program files\HTML Help Workshop
2013-11-07 19:18 . 2013-11-07 19:28	--------	d-----w-	c:\program files\Common Files\Merge Modules
2013-11-07 19:17 . 2013-11-07 19:32	--------	d-----w-	c:\program files\Microsoft Visual Studio 12.0
2013-11-07 19:11 . 2013-11-07 19:11	--------	d-----w-	c:\windows\Migration
2013-11-07 19:05 . 2013-11-07 19:05	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
2013-11-07 17:12 . 2013-11-07 17:12	--------	d-----w-	c:\users\str8\AppData\Roaming\e-academy Inc
2013-11-02 16:15 . 2013-11-12 14:09	--------	d-----w-	c:\users\str8\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 04:50 . 2012-10-16 19:52	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-10-18 13:56 . 2013-10-18 13:56	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-10 21:48 . 2013-10-10 21:48	11152	----a-w-	c:\windows\system32\vpncategories.dll
2013-10-10 21:48 . 2013-10-10 21:48	34192	----a-w-	c:\windows\system32\vpnevents.dll
2013-10-10 21:31 . 2013-10-10 21:31	43376	----a-w-	c:\windows\system32\drivers\vpnva-6.sys
2013-10-10 21:29 . 2013-03-26 15:18	92528	----a-r-	c:\windows\system32\drivers\acsock.sys
2013-10-05 01:38 . 2013-10-05 01:38	97440	----a-w-	c:\windows\system32\mfcm120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	970912	----a-w-	c:\windows\system32\msvcr120.dll
2013-10-05 01:38 . 2013-10-05 01:38	96936	----a-w-	c:\windows\system32\mfcm120ud.dll
2013-10-05 01:38 . 2013-10-05 01:38	912552	----a-w-	c:\windows\system32\vcamp120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	83104	----a-w-	c:\windows\system32\mfcm120u.dll
2013-10-05 01:38 . 2013-10-05 01:38	83104	----a-w-	c:\windows\system32\mfcm120.dll
2013-10-05 01:38 . 2013-10-05 01:38	8282784	----a-w-	c:\windows\system32\mfc120ud.dll
2013-10-05 01:38 . 2013-10-05 01:38	8212640	----a-w-	c:\windows\system32\mfc120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	815272	----a-w-	c:\windows\system32\msvcp120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	772784	----a-w-	c:\windows\system32\vccorlib120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	74920	----a-w-	c:\windows\system32\mfc120fra.dll
2013-10-05 01:38 . 2013-10-05 01:38	74920	----a-w-	c:\windows\system32\mfc120deu.dll
2013-10-05 01:38 . 2013-10-05 01:38	73896	----a-w-	c:\windows\system32\mfc120esn.dll
2013-10-05 01:38 . 2013-10-05 01:38	72872	----a-w-	c:\windows\system32\mfc120ita.dll
2013-10-05 01:38 . 2013-10-05 01:38	70824	----a-w-	c:\windows\system32\mfc120rus.dll
2013-10-05 01:38 . 2013-10-05 01:38	697016	----a-w-	c:\windows\system32\PUGAExperiment.dll
2013-10-05 01:38 . 2013-10-05 01:38	65192	----a-w-	c:\windows\system32\mfc120enu.dll
2013-10-05 01:38 . 2013-10-05 01:38	53928	----a-w-	c:\windows\system32\mfc120jpn.dll
2013-10-05 01:38 . 2013-10-05 01:38	53416	----a-w-	c:\windows\system32\mfc120kor.dll
2013-10-05 01:38 . 2013-10-05 01:38	46248	----a-w-	c:\windows\system32\mfc120cht.dll
2013-10-05 01:38 . 2013-10-05 01:38	46248	----a-w-	c:\windows\system32\mfc120chs.dll
2013-10-05 01:38 . 2013-10-05 01:38	455328	----a-w-	c:\windows\system32\msvcp120.dll
2013-10-05 01:38 . 2013-10-05 01:38	4449952	----a-w-	c:\windows\system32\mfc120u.dll
2013-10-05 01:38 . 2013-10-05 01:38	4424344	----a-w-	c:\windows\system32\mfc120.dll
2013-10-05 01:38 . 2013-10-05 01:38	339616	----a-w-	c:\windows\system32\vcamp120.dll
2013-10-05 01:38 . 2013-10-05 01:38	306360	----a-w-	c:\windows\system32\vsjitdebugger.exe
2013-10-05 01:38 . 2013-10-05 01:38	247984	----a-w-	c:\windows\system32\vccorlib120.dll
2013-10-05 01:38 . 2013-10-05 01:38	218792	----a-w-	c:\windows\system32\VSPerf120.dll
2013-10-05 01:38 . 2013-10-05 01:38	1824424	----a-w-	c:\windows\system32\msvcr120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	1768640	----a-w-	c:\windows\system32\VsGraphicsHelper.dll
2013-10-05 01:38 . 2013-10-05 01:38	176296	----a-w-	c:\windows\system32\VSCover120.dll
2013-10-05 01:38 . 2013-10-05 01:38	149672	----a-w-	c:\windows\system32\vcomp120d.dll
2013-10-05 01:38 . 2013-10-05 01:38	119456	----a-w-	c:\windows\system32\vcomp120.dll
2013-09-14 00:48 . 2013-10-09 10:50	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-11 20:21 . 2013-09-11 20:21	863344	----a-w-	c:\windows\system32\msvcr110_clr0400.dll
2013-09-11 20:21 . 2013-09-11 20:21	501872	----a-w-	c:\windows\system32\msvcp110_clr0400.dll
2013-09-11 20:21 . 2013-09-11 20:21	28776	----a-w-	c:\windows\system32\aspnet_counters.dll
2013-09-11 20:21 . 2013-09-11 20:21	18000	----a-w-	c:\windows\system32\msvcr100_clr0400.dll
2013-09-08 02:07 . 2013-10-09 10:50	1294272	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-09 10:50	231424	----a-w-	c:\windows\system32\mswsock.dll
2013-09-04 01:15 . 2013-10-09 10:50	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14 . 2013-10-09 10:50	76288	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14 . 2013-10-09 10:50	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14 . 2013-10-09 10:50	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14 . 2013-10-09 10:50	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14 . 2013-10-09 10:50	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14 . 2013-10-09 10:50	6016	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-08-29 14:00 . 2013-08-29 14:00	522344	----a-w-	c:\windows\system32\SqlServerSpatial110.dll
2013-08-29 01:51 . 2013-10-09 10:50	3969472	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 10:50	3914176	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 10:50	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-09 10:50	619520	----a-w-	c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-09 10:50	640512	----a-w-	c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-09 10:50	2348544	----a-w-	c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-09 10:50	434688	----a-w-	c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-22 13:07	321752	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-18 10979984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"TBTray"="acoustic.exe" [2002-04-26 28672]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-22 3568312]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"{9FE57FAD-CA91-46EC-8994-1DF134BC02AC}"="start" [X]
.
c:\users\str8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
2007-12-17 05:00	188928	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-10-16 20:27	116648	----atw-	c:\users\str8\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12Agent]
2012-09-18 03:46	374560	----a-w-	c:\program files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12DMREngine]
2012-09-18 03:46	505872	----a-w-	c:\program files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-10-09 02:19	1813928	----a-w-	c:\program files\Steam\Steam.exe
.
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/10/17 12:35];c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2013-10-10 92528]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-13 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BDC3.tmp [x]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2012-10-17 627288]
R3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\DRIVERS\SkyNetBDA.sys [2010-05-10 622040]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-12 37064]
R3 tbHD;Philips PSC705 WDM Driver;c:\windows\system32\drivers\TBirdHD.sys [2002-06-03 336066]
R3 TBhdgame;Philips PSC705 GamePort;c:\windows\system32\DRIVERS\TBhdgame.sys [2002-04-26 11491]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-21 91136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-05 71344]
R3 XDva405;XDva405;c:\windows\system32\XDva405.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-22 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-22 403440]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 494416]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 36072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-24 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 217088]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-22 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-22 70384]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-18 90640]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-18 78352]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-18 295440]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [2012-06-20 121208]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 63667015
*Deregistered* - 63667015
*Deregistered* - TrueSight
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583257125-4176554371-4191051257-1001Core.job
- c:\users\str8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 20:27]
.
2013-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583257125-4176554371-4191051257-1001UA.job
- c:\users\str8\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 20:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com?fr=fp-comodo
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{7EFBA01A-E6F5-445B-A9C4-530C591943E8}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - ExtSQL: 2013-09-29 14:20; tsvnmenu@pumacode.org; c:\users\str8\AppData\Roaming\Mozilla\Firefox\Profiles\jpjdujy6.default\extensions\tsvnmenu@pumacode.org.xpi
FF - ExtSQL: 2013-10-20 11:12; fiddlerhook@fiddler2.com; c:\program files\Fiddler2\FiddlerHook
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{B82655E9-B81D-4A97-8154-0D84A4C048E4} - c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
SafeBoot-84132669.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\BDC3.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2013-11-23  02:39:24
ComboFix-quarantined-files.txt  2013-11-23 01:39
ComboFix2.txt  2013-11-22 21:04
.
Vor Suchlauf: 16 Verzeichnis(se), 42.704.236.544 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 42.640.687.104 Bytes frei
.
- - End Of File - - B781490CC6F392DA7A6E0C386580020A

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

[/CODE]

Das System startet immr noch langsam. Speziell, wenn man sich einloggen will dauert es ewig.

Eine schöne LogFile könnte man noch mit OTL generieren, da FRST bei mir crasht. Komischerweise immer bei der selben Datei mit der Endung TMP. Vielleicht sollte ich noch einen GMER Log posten für den Kernel?

EDIT: Der Rootkit scheint noch nicht weg zu sein. Es sind jetzt wieder folgende Schlüssel in der Registrierung aufgetaucht (Bild von RogueKiller):

aharonov · 23.11.2013, 03:41

Zitat:

Ich habe den kompletten Ordner einfach gelöscht.

Wieso gelöscht? Davon steht doch da überhaupt nichts..

Zitat:

Ich hab in der Zwischenzeit, RogueKiller ausgeführt um die Registrierung zu säubern.

So macht das hier nicht viel Sinn.
Du scheinst ja ganz gut selbst damit klarzukommen.

Langsames Hochfahren, Windows Firewall lässt sich nicht starten!

Plagegeister aller Art und deren Bekämpfung: Langsames Hochfahren, Windows Firewall lässt sich nicht starten!