Trojan.Agent + Trojan.Ransom, Adware ohne Ende

schrauber · 23.04.2014, 14:13

joah

Keckrem · 23.04.2014, 14:21

Also war der Fix so ok?

schrauber · 24.04.2014, 09:52

nit wirklich

Keckrem · 24.04.2014, 13:07

Naja, da war noch ein Rest von Avira, den wollt ich weg haben...

Und der Rest war unnötig, Ask und fehlende Default Search Hook dürfte klar sein...

Keckrem · 09.05.2014, 21:04

Ähm... Da bin ich wieder. Der Windows-Sicherheitscenterdienst hat sich bei Neustart deaktiviert, jedenfalls laut Aussage meines Vaters. Und da oftmal Rootkits Schuld daran haben, hab ich mal GMER laufen lassen. Ist zwei Mal abgestürzt, also OSAM. Das fand auch was (Fehlalarm?)...

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 21:48:35 on 09.05.2014

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 28.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore1ce831c5d28a1f0.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"fxdiafoc" (fxdiafoc) - ? - C:\Users\karsten\AppData\Local\Temp\fxdiafoc.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\System32\drivers\MBAMSwissArmy.sys
"tStLibG" (tStLibG) - "StdLib" - C:\Windows\System32\drivers\tStLibG.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{40CC864B-947A-4e5d-A2E5-DB6777B55D8F} "DivX MKV icon handler Class" - ? - C:\Program Files\DivX\DivX Player\DPXIconHandler.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\Microsoft Security Client\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice Column Handler" - ? - C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice Infotip Handler" - ? - C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice Property Handler" - ? - C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice Property Sheet Handler" - ? - C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice Thumbnail Viewer" - ? - C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - http://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Oracle Corporation" - C:\Program Files\Java\jre8\bin\jp2iexp.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} "Java Plug-in 1.7.0_51" - "Oracle Corporation" - C:\Program Files\Java\jre8\bin\jp2iexp.dll / http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 11.5.2" - "Oracle Corporation" - C:\Program Files\Java\jre8\bin\jp2iexp.dll / http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 11.5.2" - "Oracle Corporation" - C:\Program Files\Java\jre8\bin\jp2iexp.dll / http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\wuweb.dll / http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215608626301
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Oracle Corporation" - C:\Program Files\Java\jre8\bin\jp2iexp.dll
"eBay - Der weltweite Online-Marktplatz" - ? - http://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre8\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre8\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealNetworks Download and Record Plugin for Internet Explorer" - "RealDownloader" - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Program Files\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Shockwave Updater" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DivXMediaServer" - "DivX, LLC" - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"dlcdmon.exe" - "Dell" - "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
"HostManager" - "America Online, Inc." - C:\Program Files\Common Files\AOL\1202664818\ee\AOLSoftware.exe
"MemoryCardManager" - ? - "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Oracle Corporation" - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "c:\program files\real\realplayer\Update\realsched.exe" -osboot
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax" - "MainConcept GmbH" - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CUSTPDF Writer Monitor x86" - ? - C:\Windows\system32\custmon32i.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"Vodafone Connector Service" (VodafoneConnectorService) - "Vodafone Group" - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"GoToAssist" - ? - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit http://forum.online-solutions.ru

Oder gehört der Treiber vllt zu GMER?

Das arbeitet ja wie Malware bzw. hat Eigenschaften davon, um selbige zu erkennen.
Und die hier ist mir iwie suspekt...

Zitat:

C:\Windows\System32\custmon32i.dll

Frisches FRST-Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2014 01
Ran by karsten (administrator) on KARSTEN-PC on 09-05-2014 21:58:35
Running from C:\Users\karsten\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AOL LLC) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
( ) C:\Windows\System32\dlcdcoms.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Vodafone Group) C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(America Online, Inc.) C:\Program Files\Common Files\AOL\1202664818\ee\aolsoftware.exe
(Dell) C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
() C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Online Solutions) C:\Program Files\Online Solutions\OSAM\osam.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2007-11-14] (Realtek Semiconductor)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1202664818\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvSvc] => C:\Windows\system32\nvsvc.dll [86016 2007-12-14] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [8530464 2007-12-14] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [81920 2007-12-14] (NVIDIA Corporation)
HKLM\...\Run: [dlcdmon.exe] => C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe [431600 2007-01-16] (Dell)
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 944\memcard.exe [304624 2007-01-16] ()
HKLM\...\Run: [DLCDCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll [73728 2006-02-24] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-05-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295072 2013-02-01] (RealNetworks, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-364693837-1365264009-1483210665-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-364693837-1365264009-1483210665-1003\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-364693837-1365264009-1483210665-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-364693837-1365264009-1483210665-1003\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe [439736 2008-03-19] (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215608626301
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8869426F-88C5-46E1-B768-2CE4B8749B97}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: hxxp://www.web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\karsten\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default\Extensions\staged [2013-05-24]
FF Extension: Firefox 3 Aero theme for Firefox 4+ - C:\Users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default\Extensions\ffe_ff3aeroff4@game-point.net.xpi [2013-07-17]
FF Extension: Adblock Plus - C:\Users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-22]
FF Extension: FoxTab - C:\Users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2011-04-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

========================== Services (Whitelisted) =================

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 dlcd_device; C:\Windows\system32\dlcdcoms.exe [538096 2007-01-16] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
R2 VodafoneConnectorService; C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe [233472 2010-01-12] (Vodafone Group)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1302368 2008-01-08] (NXP Semiconductors Germany GmbH)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [107736 2014-05-09] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2009-09-19] (MCCI Corporation)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55232 2014-03-30] (StdLib)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-30] (America Online, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 fxdiafoc; \??\C:\Users\karsten\AppData\Local\Temp\fxdiafoc.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 21:58 - 2014-05-09 21:58 - 00016866 _____ () C:\Users\karsten\Downloads\FRST.txt
2014-05-09 21:58 - 2014-05-09 21:58 - 00000000 ____D () C:\FRST
2014-05-09 21:56 - 2014-05-09 21:56 - 01053184 _____ (Farbar) C:\Users\karsten\Downloads\FRST.exe
2014-05-09 21:43 - 2014-05-09 21:48 - 00000244 _____ () C:\Users\karsten\Desktop\DontDelete (Verdächtige Dateien).txt
2014-05-09 21:30 - 2014-05-09 21:30 - 00000977 _____ () C:\Users\Public\Desktop\Autorun Manager.lnk
2014-05-09 21:30 - 2014-05-09 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Solutions
2014-05-09 21:30 - 2014-05-09 21:30 - 00000000 ____D () C:\Program Files\Online Solutions
2014-05-09 21:30 - 2014-05-09 21:30 - 00000000 ____D () C:\Program Files\Common Files\Online Solutions Shared
2014-05-09 21:27 - 2014-05-09 21:29 - 09858048 _____ () C:\Users\karsten\Downloads\osam_autorun_manager_5_0.msi
2014-05-09 21:26 - 2014-05-09 21:26 - 00001221 _____ () C:\MBAM.txt
2014-05-09 21:15 - 2014-05-09 21:15 - 00380416 _____ () C:\Users\karsten\Desktop\gmer.exe
2014-05-07 22:42 - 2014-05-07 23:07 - 00019857 _____ () C:\Users\karsten\UStVA2014_04_April_adams,_karsten.elfo
2014-05-03 18:38 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 18:38 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 00:04 - 2014-04-28 00:06 - 05924352 _____ () C:\Users\karsten\Downloads\dict-de_de-frami_2013-12-06.oxt
2014-04-27 23:59 - 2014-04-27 23:59 - 00000000 ____D () C:\Users\karsten\AppData\Roaming\OpenOffice
2014-04-27 23:57 - 2014-04-27 23:57 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-27 23:57 - 2014-04-27 23:57 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-27 23:56 - 2014-04-27 23:56 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-04-27 23:15 - 2014-04-27 23:20 - 00000000 ___RD () C:\Users\karsten\PROSEGUR
2014-04-27 23:09 - 2014-04-27 23:40 - 163606685 _____ () C:\Users\karsten\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-23 18:57 - 2014-04-23 18:57 - 00000834 _____ () C:\Windows\PFRO.log
2014-04-23 18:55 - 2014-04-23 18:55 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-04-23 18:50 - 2014-04-23 18:50 - 00001846 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-23 18:49 - 2014-04-23 18:50 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-23 18:49 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-23 18:31 - 2014-04-23 18:37 - 00003977 _____ () C:\DelFix.txt
2014-04-23 18:28 - 2014-04-23 18:28 - 00000808 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-23 18:28 - 2014-04-23 18:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 18:25 - 2014-04-23 18:27 - 04765152 _____ (Piriform Ltd) C:\Users\karsten\Downloads\ccsetup411.exe
2014-04-23 18:07 - 2014-04-23 18:09 - 11268944 _____ (Microsoft Corporation) C:\Users\karsten\Downloads\mseinstall.exe
2014-04-23 00:53 - 2014-04-23 00:53 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 00:53 - 2014-04-23 00:53 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 00:53 - 2014-04-23 00:53 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 00:53 - 2014-04-23 00:53 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 00:38 - 2014-04-23 00:44 - 21987424 _____ (Mozilla) C:\Users\karsten\Downloads\thunderbird_setup_24.4.0.exe
2014-04-23 00:32 - 2014-04-23 00:40 - 31112616 _____ (Oracle Corporation) C:\Users\karsten\Downloads\jre-8u5-windows-i586.exe
2014-04-23 00:26 - 2014-04-23 00:26 - 00000000 _____ () C:\Windows\system32\REN2FE.tmp
2014-04-23 00:26 - 2014-04-23 00:26 - 00000000 _____ () C:\Windows\system32\REN2BF.tmp
2014-04-22 23:47 - 2014-04-22 23:47 - 00000000 ____D () C:\Users\karsten\Desktop\FRST-OlderVersion
2014-04-22 23:38 - 2014-04-22 23:38 - 00001079 _____ () C:\Users\karsten\Desktop\Revo Uninstaller.lnk
2014-04-22 23:38 - 2014-04-22 23:38 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-22 21:07 - 2014-04-22 21:07 - 00000000 ____D () C:\Users\karsten\AppData\Roaming\SUPERAntiSpyware.com
2014-04-22 17:42 - 2014-04-22 17:42 - 00000000 ____D () C:\Program Files\ESET
2014-04-22 17:37 - 2014-04-22 17:38 - 00000000 ____D () C:\Users\karsten\Desktop\Logfiles
2014-04-18 18:36 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-18 18:36 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-18 18:36 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-18 18:36 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-18 18:36 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-18 18:36 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-18 18:36 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-18 18:36 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-18 18:36 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-18 18:36 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-18 18:36 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-18 18:36 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-18 18:36 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-18 18:36 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-18 18:03 - 2014-04-18 18:03 - 00000000 ____D () C:\Users\karsten\Downloads\tdsskiller
2014-04-18 17:18 - 2014-05-09 21:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 17:17 - 2014-05-09 21:08 - 00000919 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-18 17:17 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-18 17:17 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 17:17 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 17:17 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 17:17 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 17:11 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

==================== One Month Modified Files and Folders =======

2014-05-09 21:58 - 2014-05-09 21:58 - 00016866 _____ () C:\Users\karsten\Downloads\FRST.txt
2014-05-09 21:58 - 2014-05-09 21:58 - 00000000 ____D () C:\FRST
2014-05-09 21:56 - 2014-05-09 21:56 - 01053184 _____ (Farbar) C:\Users\karsten\Downloads\FRST.exe
2014-05-09 21:48 - 2014-05-09 21:43 - 00000244 _____ () C:\Users\karsten\Desktop\DontDelete (Verdächtige Dateien).txt
2014-05-09 21:30 - 2014-05-09 21:30 - 00000977 _____ () C:\Users\Public\Desktop\Autorun Manager.lnk
2014-05-09 21:30 - 2014-05-09 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Solutions
2014-05-09 21:30 - 2014-05-09 21:30 - 00000000 ____D () C:\Program Files\Online Solutions
2014-05-09 21:30 - 2014-05-09 21:30 - 00000000 ____D () C:\Program Files\Common Files\Online Solutions Shared
2014-05-09 21:29 - 2014-05-09 21:27 - 09858048 _____ () C:\Users\karsten\Downloads\osam_autorun_manager_5_0.msi
2014-05-09 21:29 - 2010-08-17 22:45 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-09 21:28 - 2008-02-07 23:17 - 01320084 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 21:26 - 2014-05-09 21:26 - 00001221 _____ () C:\MBAM.txt
2014-05-09 21:15 - 2014-05-09 21:15 - 00380416 _____ () C:\Users\karsten\Desktop\gmer.exe
2014-05-09 21:10 - 2014-04-18 17:18 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 21:08 - 2014-04-18 17:17 - 00000919 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 21:08 - 2014-04-18 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-09 21:08 - 2014-04-18 17:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-09 21:08 - 2013-11-18 15:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-09 21:05 - 2006-11-02 12:33 - 01454386 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 21:03 - 2013-07-17 20:35 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce831c5d28a1f0.job
2014-05-09 21:03 - 2008-02-09 21:52 - 00000000 ____D () C:\Program Files\Dl_cats
2014-05-09 20:59 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 20:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 20:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 20:30 - 2011-08-08 21:31 - 00001039 _____ () C:\ProgramData\VodafoneConnectorService.log
2014-05-09 20:30 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 23:22 - 2012-12-09 16:25 - 00000000 ____D () C:\Users\karsten\AppData\Roaming\Skype
2014-05-07 23:07 - 2014-05-07 22:42 - 00019857 _____ () C:\Users\karsten\UStVA2014_04_April_adams,_karsten.elfo
2014-05-04 20:12 - 2012-04-03 22:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-04 20:12 - 2011-05-25 23:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-03 17:51 - 2008-02-07 23:30 - 00140680 _____ () C:\Users\karsten\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-03 17:50 - 2006-11-02 14:47 - 00472344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 12:28 - 2014-05-03 18:38 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 12:07 - 2014-05-03 18:38 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 00:06 - 2014-04-28 00:04 - 05924352 _____ () C:\Users\karsten\Downloads\dict-de_de-frami_2013-12-06.oxt
2014-04-27 23:59 - 2014-04-27 23:59 - 00000000 ____D () C:\Users\karsten\AppData\Roaming\OpenOffice
2014-04-27 23:57 - 2014-04-27 23:57 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-27 23:57 - 2014-04-27 23:57 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-27 23:56 - 2014-04-27 23:56 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-04-27 23:40 - 2014-04-27 23:09 - 163606685 _____ () C:\Users\karsten\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-27 23:20 - 2014-04-27 23:15 - 00000000 ___RD () C:\Users\karsten\PROSEGUR
2014-04-26 19:16 - 2013-08-16 22:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-26 19:13 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-23 18:57 - 2014-04-23 18:57 - 00000834 _____ () C:\Windows\PFRO.log
2014-04-23 18:56 - 2011-06-20 20:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-23 18:56 - 2007-12-12 16:03 - 00000000 ____D () C:\Program Files\Adobe
2014-04-23 18:55 - 2014-04-23 18:55 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-04-23 18:52 - 2007-12-12 16:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-23 18:50 - 2014-04-23 18:50 - 00001846 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-23 18:50 - 2014-04-23 18:49 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-23 18:41 - 2008-02-09 00:52 - 00000000 ____D () C:\Users\karsten\AppData\Local\Adobe
2014-04-23 18:37 - 2014-04-23 18:31 - 00003977 _____ () C:\DelFix.txt
2014-04-23 18:30 - 2009-02-15 17:31 - 00000000 ____D () C:\Users\karsten\Tracing
2014-04-23 18:30 - 2008-07-06 23:53 - 00000000 ____D () C:\Windows\Minidump
2014-04-23 18:30 - 2007-12-03 15:20 - 00000000 ____D () C:\Windows\Panther
2014-04-23 18:28 - 2014-04-23 18:28 - 00000808 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-23 18:28 - 2014-04-23 18:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 18:27 - 2014-04-23 18:25 - 04765152 _____ (Piriform Ltd) C:\Users\karsten\Downloads\ccsetup411.exe
2014-04-23 18:09 - 2014-04-23 18:07 - 11268944 _____ (Microsoft Corporation) C:\Users\karsten\Downloads\mseinstall.exe
2014-04-23 00:54 - 2013-11-04 23:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 00:54 - 2008-01-14 13:45 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-23 00:53 - 2014-04-23 00:53 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-23 00:53 - 2014-04-23 00:53 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-23 00:53 - 2014-04-23 00:53 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-23 00:53 - 2014-04-23 00:53 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 00:53 - 2013-11-04 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 00:53 - 2008-01-14 13:45 - 00000000 ____D () C:\Program Files\Java
2014-04-23 00:44 - 2014-04-23 00:38 - 21987424 _____ (Mozilla) C:\Users\karsten\Downloads\thunderbird_setup_24.4.0.exe
2014-04-23 00:40 - 2014-04-23 00:32 - 31112616 _____ (Oracle Corporation) C:\Users\karsten\Downloads\jre-8u5-windows-i586.exe
2014-04-23 00:26 - 2014-04-23 00:26 - 00000000 _____ () C:\Windows\system32\REN2FE.tmp
2014-04-23 00:26 - 2014-04-23 00:26 - 00000000 _____ () C:\Windows\system32\REN2BF.tmp
2014-04-23 00:17 - 2008-05-24 18:58 - 00000000 ____D () C:\Program Files\Ashampoo
2014-04-22 23:47 - 2014-04-22 23:47 - 00000000 ____D () C:\Users\karsten\Desktop\FRST-OlderVersion
2014-04-22 23:42 - 2008-05-24 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-04-22 23:38 - 2014-04-22 23:38 - 00001079 _____ () C:\Users\karsten\Desktop\Revo Uninstaller.lnk
2014-04-22 23:38 - 2014-04-22 23:38 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-22 23:34 - 2008-02-10 02:13 - 00000000 ____D () C:\Users\karsten\AppData\Local\AOL
2014-04-22 23:34 - 2008-02-10 02:09 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-04-22 23:34 - 2008-02-10 02:09 - 00000000 ____D () C:\Program Files\AOL
2014-04-22 21:07 - 2014-04-22 21:07 - 00000000 ____D () C:\Users\karsten\AppData\Roaming\SUPERAntiSpyware.com
2014-04-22 17:42 - 2014-04-22 17:42 - 00000000 ____D () C:\Program Files\ESET
2014-04-22 17:38 - 2014-04-22 17:37 - 00000000 ____D () C:\Users\karsten\Desktop\Logfiles
2014-04-22 15:43 - 2009-02-05 22:14 - 00000000 ____D () C:\Users\karsten\AppData\Roaming\ICQ
2014-04-18 18:37 - 2007-12-12 16:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-18 18:03 - 2014-04-18 18:03 - 00000000 ____D () C:\Users\karsten\Downloads\tdsskiller
2014-04-18 17:51 - 2009-02-05 22:15 - 00000000 ____D () C:\ProgramData\ICQ
2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 16:34 - 2013-12-30 01:23 - 00000000 ____D () C:\Users\karsten\AppData\Local\WEB.DE Application {sync-000021}

Files to move or delete:
====================
C:\Users\karsten\setup.exe


Some content of TEMP:
====================
C:\Users\karsten\AppData\Local\Temp\install_reader10_de_mssd_aaa_aih.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 21:08

==================== End Of Log ============================

--- --- ---

schrauber · 10.05.2014, 17:46

alles gut. ich würd mal aufhören einfach so mit irgend welchen Tools, die du irgendwo aufgeschnappt hast, einfach so ueber das system zu brettern.

Keckrem · 10.05.2014, 17:51

Naja, das Sicherheitscenter deaktiviert sich ja immer noch von selbst, und mit den Tools hab ich nix gefixt. Sollte ich mal Windows Repair (AIO) probieren?

schrauber · 11.05.2014, 12:30

mach das mal.

Keckrem · 01.06.2014, 16:46

So, da bin ich nochmals.

1. Windows Repair hat nichts gebracht.

2. Also FSS gestartet, bis auf den folgenden Eintrag alles ok. Der ist wohl auch der Problemauslöser:

Zitat:

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Also den Eintrag auf 0 gesetzt. Versucht den Defender erneut zu starten, siehe da:

Zitat:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

3. ComboFix ausgeführt, Rechner neu gestartet, Wert auf 0 gesetzt. Erneut FSS, wieder das selbe. Im CF Log war mMn auch nichts auffälliges, abgesehen von den gelöschten Dateien. Die .log sollte ok sein.

Code:

ATTFilter

Farbar Service Scanner Version: 21-05-2014
Ran by karsten (administrator) on 01-06-2014 at 16:55:30
Running from "C:\Users\karsten\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-16 17:36] - [2013-07-05 05:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Code:

ATTFilter

ComboFix 14-05-29.01 - karsten 01.06.2014  17:11:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.1120 [GMT 2:00]
ausgeführt von:: c:\users\karsten\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\karsten\4.0
c:\users\karsten\AppData\Roaming\xmldm
c:\users\karsten\AppData\Roaming\xmldm\serial.dbg
c:\users\karsten\Documents\R166228.zip
c:\windows\IsUn0407.exe
c:\programdata\VodafoneConnectorService.log . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-01 bis 2014-06-01  ))))))))))))))))))))))))))))))
.
.
2014-06-01 14:44 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE85762-10E2-45C2-B835-BC312B727B24}\mpengine.dll
2014-06-01 14:37 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C375881-9588-45D2-AE54-ABBA92929EB8}\mpengine.dll
2014-05-29 18:31 . 2014-06-01 15:18	--------	d-----w-	c:\windows\system32\wbem\repository
2014-05-29 18:26 . 2014-05-29 18:33	181064	----a-w-	c:\windows\PSEXESVC.EXE
2014-05-29 18:21 . 2014-05-29 18:21	--------	d-----w-	C:\RegBackup
2014-05-29 17:41 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-29 11:50 . 2014-05-03 16:03	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BE6A8BE-C858-4D69-B814-5AF4A6E65097}\gapaengine.dll
2014-05-23 20:40 . 2014-05-23 20:40	--------	d-----w-	c:\program files\Common Files\Skype
2014-05-18 16:45 . 2014-05-05 23:14	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-09 19:58 . 2014-05-29 16:47	--------	d-----w-	C:\FRST
2014-05-09 19:30 . 2014-05-09 19:30	--------	d-----w-	c:\program files\Online Solutions
2014-05-09 19:30 . 2014-05-09 19:30	--------	d-----w-	c:\program files\Common Files\Online Solutions Shared
2014-05-03 16:10 . 2014-05-03 16:03	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 18:11 . 2012-04-03 20:02	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-22 18:11 . 2011-05-25 21:21	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 19:10 . 2014-04-18 15:18	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-22 22:53 . 2014-04-22 22:53	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-04-22 22:26 . 2014-04-22 22:26	0	----a-w-	c:\windows\system32\REN2FE.tmp
2014-04-22 22:26 . 2014-04-22 22:26	0	----a-w-	c:\windows\system32\REN2BF.tmp
2014-04-16 03:02 . 2014-04-16 03:02	354656	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2014-04-03 07:51 . 2014-04-18 15:17	51416	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-03 07:51 . 2014-04-18 15:17	73432	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 07:50 . 2014-04-18 15:17	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-31 20:46 . 2014-03-31 20:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-31 07:35 . 2009-10-04 20:21	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-03-30 18:15 . 2014-03-30 18:15	55232	----a-w-	c:\windows\system32\drivers\tStLibG.sys
2014-03-11 07:52 . 2014-03-11 07:52	104264	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 23:12 . 2014-04-18 16:36	1806848	----a-w-	c:\windows\system32\jscript9.dll
2014-03-07 23:02 . 2014-04-18 16:36	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-07 23:02 . 2014-04-18 16:36	1129472	----a-w-	c:\windows\system32\wininet.dll
2014-03-07 22:57 . 2014-04-18 16:36	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-07 22:56 . 2014-04-18 16:36	421376	----a-w-	c:\windows\system32\vbscript.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"HostManager"="c:\program files\Common Files\AOL\1202664818\ee\AOLSoftware.exe" [2006-09-26 50736]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2007-01-16 431600]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2007-01-16 304624]
"DLCDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2006-02-24 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-02-01 295072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26	1861968	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-05-08 07:49	21442176	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEB.DE Application {sync-000021}]
2014-02-26 10:55	803840	----a-w-	c:\users\karsten\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
.
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-26 18:11]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce831c5d28a1f0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 20:44]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 20:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: web.de
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8869426F-88C5-46E1-B768-2CE4B8749B97}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\karsten\AppData\Roaming\Mozilla\Firefox\Profiles\pso0xuaw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-23 23:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-01 17:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1280)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\system32\dlcdcoms.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\Vodafone\Via The Phone\VodafoneConnectorService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-01  17:28:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-01 15:28
.
Vor Suchlauf: 12 Verzeichnis(se), 392.553.402.368 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 392.391.176.192 Bytes frei
.
- - End Of File - - 9188A5FC47BD5DE134A53B085E723133
5C616939100B85E558DA92B899A0FC36

Jetzt bin ich mal gespannt...

schrauber · 02.06.2014, 12:29

was hat die Zeile in FSS bitte mit dem Sicherheitscenter zu tun?

Keckrem · 02.06.2014, 13:01

Hab mich da wohl falsch ausgedrückt, nicht das Sicherheitscenter sondern natürlich der Defender.

schrauber · 03.06.2014, 10:04

warum soll der defender bei dir laufen? du hast MSE, das deaktiviert den Defender.

Keckrem · 03.06.2014, 11:22

Dachte nur dass da was nicht stimmt, denn auch wenn es deinstalliert wird, lässt er sich nicht starten.Höre aber gerade, dass das Problem weg ist, räume also jetzt auf...

schrauber · 04.06.2014, 08:21

ok.

23.04.2014, 14:13	#16
schrauber /// the machine /// TB-Ausbilder	Trojan.Agent + Trojan.Ransom, Adware ohne Ende joah __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

24.04.2014, 09:52	#18
schrauber /// the machine /// TB-Ausbilder	Trojan.Agent + Trojan.Ransom, Adware ohne Ende nit wirklich __________________ __________________

10.05.2014, 17:46	#21
schrauber /// the machine /// TB-Ausbilder	Trojan.Agent + Trojan.Ransom, Adware ohne Ende alles gut. ich würd mal aufhören einfach so mit irgend welchen Tools, die du irgendwo aufgeschnappt hast, einfach so ueber das system zu brettern. __________________ --> Trojan.Agent + Trojan.Ransom, Adware ohne Ende

11.05.2014, 12:30	#23
schrauber /// the machine /// TB-Ausbilder	Trojan.Agent + Trojan.Ransom, Adware ohne Ende mach das mal. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

02.06.2014, 12:29	#25
schrauber /// the machine /// TB-Ausbilder	Trojan.Agent + Trojan.Ransom, Adware ohne Ende was hat die Zeile in FSS bitte mit dem Sicherheitscenter zu tun? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Trojan.Agent + Trojan.Ransom, Adware ohne Ende

Plagegeister aller Art und deren Bekämpfung: Trojan.Agent + Trojan.Ransom, Adware ohne Ende